The invention is a comprehensive conceptual and computational architecture that enables monitoring accumulated time-oriented data using knowledge related to the operation of elements of a computer network and deriving temporal abstractions from the accumulated data and the knowledge in order to identify electronic threat patterns and create alerts. The architecture of the invention supports two main modes of operation: a. an automated, continuous mode for monitoring, recognition and detection of known eThreats; and b. an interactive, human-operated intelligent tool for dynamic exploration of the contents of a security storage service to identify new temporal patterns that characterize such threats, and to add them to the monitoring database. The architecture of the invention can analyze data collected from various sources, such as end-user devices, network element, network links etc., to identify potentially infected devices, files, sub-streams or network segments.