Abstract: A system for security intelligence automation using flows is disclosed. In various embodiments, a system includes a processor configured to provide a graphical user interface for at least one visual flow for threat ranking. The processor is further configured to render, in the graphical user interface, a visual flow interface for at least one of generating and configuring the at least one visual flow. The processor is further configured to provide, via the visual flow interface, a drag and drop ranking automation flow.

Abstract: A system for security intelligence automation using flows is disclosed. In various embodiments, a system includes a communications interface configured to receive events. The system includes a processor configured to select event data associated with the events, where the event data is associated with a computer network environment. The processor may be further configured to segment the event data along a plurality of dimensions, score the event data along the plurality of dimensions, and generate a ranking of each of the events based at least in part on the scoring of the event data.