Source entities of security indicators

The invention claimed is: 1. A method comprising: identifying, by a processor, a security indicator that is originated from a first source entity of a plurality of source entities in a security information sharing platform, wherein the security indicator provides a warning of a potential security threat and specifies a particular address or domain name of the potential security threat; determining, by the processor, a total count of sightings of the particular address or domain name of the potential security threat as observed by the plurality of source entities in the security information sharing platform; determining a reliability level of the first source entity based on a set of user feedback information including votes about accuracy of the security indicator and the total count of sightings of the particular address or domain name of the potential security threat, wherein a higher number of votes about the accuracy of the security indicator and a higher count of sightings of the particular address or domain name of the potential security threat result in a higher reliability level of the first source entity; determining a score of the security indicator based on the reliability level of the first source entity; and comparing the score of the security indicator to at least one threshold value to determine whether the security indicator is an actual security threat. 2. The method of claim 1 , further comprising: determining an authenticity level of the first source entity based on a type of the first source entity, wherein the type of the first source entity comprises: a non-trusted source type or a trusted source type. 3. The method of claim 1 , wherein the set of user feedback information about the security indicator further includes information provided by an external resource that is external to the security information sharing platform. 4. The method of claim 1 , further comprising: providing a survey to collect the set of user feedback information about the security indicator from users of the security information sharing platform. 5. The method of claim 1 , further comprising: obtaining an article via a second source entity; determining whether the article includes information related to the security indicator; and determining a reliability level of the second source entity based on the determination of whether the article includes the information related to of the security indicator. 6. The method of claim 1 , wherein comparing the score of the security indicator to the at least one threshold value includes: comparing the score of the security indicator to a first threshold value and a second threshold value; in response to a determination that the score of the security indicator is below the first threshold value, continuing monitoring the security indicator; in response to a determination that the score of the security indicator is above the first threshold value hut below the second threshold value, generating a recommendation to perform a further investigation on the security indicator; and in response to a determination that the score of the security indicator is above the second threshold value, determining that the security indicator is the actual security threat. 7. The method of claim 2 , wherein determining the score of the security indicator is further based on the authenticity level of the first source entity. 8. The method of claim 5 , wherein the information related to the security indicator comprises at least one of: a threat actor, a campaign, a technique/tactic/procedure (TTP), an organization, an industry sector, or a community. 9. The method of claim 6 , further comprising: in response to the determination that the security indicator is the actual security threat, blocking any event that matches the security indicator. 10. A non-transitory machine-readable storage medium storing instructions executable by a processor of a computing device to cause the processor to: identify a first security indicator that is originated from a first source entity of a plurality of source entities in a security information sharing platform, wherein the first security indicator provides a warning of a first potential security threat and specifies a first address or domain name of the first potential security threat; determine a total count of sightings of the first address or domain mane of the first potential security threat as observed by the plurality of source entities in the security information sharing platform; determine a reliability level of the first source entity based on a first set of user feedback information including votes about accuracy of the first security indicator and the total count of sightings of the first address or domain name of the first potential security threat, wherein a higher number of votes about the accuracy of the first security indicator and a higher count of sightings of the first address or domain name of the first potential security threat result in a higher reliability level of the first source entity; determine a score of the first security indicator based on the reliability level of the first source entity; and compare the score of the first security indicator to at least one threshold value to determine whether the first security indicator is an actual security threat. 11. The non-transitory machine-readable storage medium of claim 10 , wherein the instructions are executable to cause the processor to: identify a second security indicator that is originated from a second source entity of the plurality of source entities in the security information sharing platform, the second security indicator comprising a second address or domain name of a second potential security threat; determine a reliability level of the second source entity based on a total count of sightings of the second address or domain name of the second potential security threat as observed by the plurality of source entities in the security information sharing platform; determine an authenticity level of the second source entity based on a type of the second source entity; and determine an indicator score of the second security indicator based on the reliability level of the second source entity and the authenticity level of the second source entity. 12. The non-transitory machine-readable storage medium of claim 10 , wherein the instructions are executable to cause the processor to: determine a number of security events that are created in the security information sharing platform, wherein the security events include the first security indicator; and determine the reliability level of the first source entity based on the number of security events, the first set of user feedback information about the first security indicator, and the total count of sightings of the first address or domain name of the first potential security threat. 13. The non-transitory machine-readable storage medium of claim 10 , wherein the instructions that cause the processor to determine the total count of sightings of the first address or domain name include instructions that cause the processor to: obtain, from a second source entity, a first sighting of the first address or domain name, the first sighting of the first address or domain name indicating that the first address or domain name has been observed by the second source entity; obtain, from a third source entity, a second sighting of the first address or domain name, the second sighting of the first address or domain name indicating that the first address or domain name has been observed by the third source entity; and determine the total count of sightings of the first