A method and system is disclosed for cross-correlating information between
the domains of network management and network security. The present
invention discloses a model representing the security domain that can be
used to define relationship between devices and events in the security
domain in the context of a managed network. With this model, a security
topology of the network security domain can be created based on the
current implementation of the network. This model and topology allows the
present invention to correlate relevant network security information to
diagnose problems as they occur by using events detected within the
network. Using the disclosed method and system for correlating
information in the network security, the present invention provides
further enhancements over conventional methods by cross-correlating
information between the network security and network management domains
to aid in their detection and analysis of problems. Cross-correlating
information across network security and network management domains
enhances the ability of the present invention to diagnose problems that
may arise in the network to allow an operator to get a more complete view
of the system with minimal effort.