An aggregation agent may combine and correlate information generated by multiple on-host agents and/or information generated in response to multiple security events. The aggregation agent may transmit the combined information to a security console. The security console may check the identity of the aggregation agent to determine whether to accept the information. The security console may map information to one or more consoles.