A method and system for unified diagnosis of a network incident is provided. The unified diagnostics system is comprised of a monitoring tool, a network layer including a firewall, and a policy engine. The monitoring tool is invoked by a user in order to diagnose a network incident. The network layer and the policy engine generate various events that provide a history of their processing, and the monitoring tool collects these events. When the user attempts a network activity that fails, the network layer places an event notification in a notification queue. Then the monitoring tool analyzes the event notifications to identify events that are related to the same network incident. After analyzing the network incident and event information, the user can take the necessary action to correct the problem that caused the incident.