A system and method for managing a security event and its associated forensic context are disclosed. Network forensics monitors and analyzes data flows in the network to help security analysts review, analyze and eliminate security threats. Security threats in a network environment are generally detected by one or more devices on the network. If a security threat is determined to be serious or sufficiently significant, security events corresponding to security threats are frequently generated and stored in the system. To assist in further review and analysis of security threats, timely and relevant contextual information about network security events can be acquired and generated with each security event. The forensic context can access the security manager to view security events and provide detailed information about the environment around the security events.
展开▼