Hierarchical threat intelligence

What is claimed is: 1 . A non-transitory machine-readable storage medium storing instructions that, if executed by at least one processor of a device for providing hierarchical threat intelligence, cause the device to: receive, a plurality of calculated threat scores for a plurality of threat management devices, wherein the threat scores are respectively associated with context information; determine a first threat score for a first entity based on a first subset of the calculated threat scores; determine a second threat score for a second entity based on a second subset of the calculated threat scores; receive update information of one of the calculated threat scores of the first subset from a listener of the threat management devices; and update the first threat score based on the update information. 2 . The non-transitory machine-readable storage medium of claim 1 , further comprising instructions that, if executed by the at least one processor, cause the device to: cause presentation of a first user interface element of the first threat score and a second user interface element of the second threat score, receive selection input selecting the first user interface element; and cause presentation of at least two of the calculated threat scores of the first subset. 3 . The non-transitory machine-readable storage medium of claim 1 , further comprising instructions that, if executed by the at least one processor, cause the device to: cause presentation of a context respectively associated with the at least two calculated threat scores of the first subset. 4 . The non-transitory machine-readable storage medium of claim 3 , further comprising instructions that, if executed by the at least one processor, cause the device to: determine trend information about the first threat score based on the non updated first threat score and the update information; and cause presentation of the trend information. 5 . A system for providing a hierarchical threat intelligence comprising: a plurality of threat management devices to calculate threat scores for one or more respective entities based on security event information and reap time monitors; a listener to: receive the calculated threat scores from the threat management devices, wherein the listener provides the calculated threat scores to a plurality of other threat management devices; and at least one of the other threat management devices to: receive one or more of the calculated threat scores; determine a threat score for an entity associated with the one threat management device, wherein the threat score is based, at least in part, on the one or more calculated threat scores. 6 . The system of claim 5 , wherein the at least one other threat management device includes a dashboard device wherein the threat score for the entity is a first top level threat score, the dashboard device to further: determine a second top level threat score for a second entity based on a second subset of the calculated threat scores; and cause presentation of a first user interface element of the first top level threat score and a second user interface element of the second top level threat score; receive update information of one of the calculated threat scores of the first subset from the listener; and update the first top level threat score based on the update information; cause presentation of an updated first user interface element based on the update; receive selection input selecting the updated first user interface element; and cause presentation of the one calculated threat score of the first subset based on the selection. 7 . The system of claim 5 , wherein the entities include a context of at least one of a user, a zone of a building, an access controlled location, and computing information. 8 . The system of claim 5 , wherein the threat management devices maintain the threat scores in real-time based on real-time monitors. 9 . The system of claim 8 , wherein the at least one of the other threat management devices is to further: receive event information; and generate an automated security action based on the threat score and the event information. 10 . A method for providing a hierarchical threat intelligence comprising: receiving, at a device, a plurality of calculated threat scores for a plurality of threat management devices; receiving an update notification of at least one of the calculated threat scores from a listener receiving an update to at least one of the calculated threat scores, wherein the listener is notified when the one of the calculated threat scores changes and sends the update notification to the device based on the change based on subscription information, and determining a threat score for an entity based at least on the one updated calculated threat score and another one of the calculated threat scores. 11 . The method of claim 10 , wherein each of the calculated threat scores are associated with a threat entity, and wherein the threat entity represents at least one of a location and an organization system. 12 . The method of claim 11 , further comprising: causing presentation of the threat score via at least one interactive user interface element; and causing presentation of at least one of the calculated threat scores based on an interaction with the interactive user interface element. 13 . The method of claim 12 , further comprising: determining trend information about the top level threat score based on the non-updated top level threat score and the update notification; and causing presentation of the trend information. 14 . The method of claim 13 , wherein the presentation of the trend information includes a direction of a trend that updates of the top level threat score. 15 . The method of claim 12 , wherein the calculated threat scores respectively represent threat entities, wherein the respective threat entities provide context information, wherein the top level threat score is based on the context information, and wherein the threat entities include at least one of a user, a zone of a building, an access controlled location, and computing information.