(EN)
One variation of a method for detecting a cyber attack includes: recording representations of network events occurring on a network over a period of time to a network accounting log; writing metadata values of network events in the accounting log to a compressed log file; in response to receipt of a new threat intelligence representing a newly-identified security threat identified after the period of time, querying the compressed log file for a set of metadata values of a threat element defined in the new threat intelligence; in response to detecting the set of metadata values of the threat element in the compressed log file, querying the network accounting log for a set of threat elements defined in the new threat intelligence; and in response to detecting the set of threat elements in the network accounting log, issuing an alert to respond to the newly-identified security threat on the network.