Apparatus and methods facilitate analysis of events associated with network and computer systems. Event data, such as security threats, are comparison matched with event rules of event rule sets associated with each network or computer system to determine whether the items are potentially significant. Additionally, the system-event data may be scored where the score is used for prioritizing system-event data as to their significance. Associated with the comparison matching are various analytics that further analyze event data for measuring and analyzing the system-event data according to various algorithms.