The Computer Security Incident Response Center (CSIRC) provides the ability to correlate security events that occur within the Internal Revenue Service (IRS) network in an automated fashion. The information is obtained from various devices such as network security devices, and intrusion detection systems that support the IRS information automation. Correlated security events allow the CSIRC analyst the ability to focus on the areas of greater threat. No audit trail information is kept at this level. If a computer security incident is suspected, another system is invoked to explore the audit trail information.