Abstract: The presentation is about network threat analysis accord to alert information of IDS and other network security devices in event correlation method. First some basic methods of event correlation was introduced, then a structure of event correlation analysis engine was discussed. Test result of demo system proved applying event correlation method on the threat analysis decreased the false positive and redundant alarm from network security devices.