Abstract: A computer-implemented method for indicating the possibility of a cyber-attack on a computer network, comprising: receiving, from one or more security components installed in a network, an indication of activity within the network associated with a security threat; mapping the indication of activity to one or more cyber-attack techniques; identifying one or more previously received indications of activity within the network associated with a security threat; identifying one or more cyber-attack techniques to which the previously received indication(s) of activity have been mapped; determining whether the indication of activity is associated with one or more of the previously received indication(s) of activity, the determination based at least in part on a strength of a relationship between the one or more cyber-attack techniques to which the indication of activity is mapped and the one or more cyber-attack techniques to which the previously received indication(s) of activity have been mapped; and dependent on