Network security management is generally concerned with collecting data from network devices that reflects network activity and operation of the devices, and analyzing the data to enhance security. For example, the data that is collected may originate in messages or in entries in log files generated by sources, such as the network devices and applications, which may include firewalls, intrusion detection systems, servers, routers, switches, etc. The data can be analyzed to identify an attack on the network. If the attack is ongoing, a countermeasure can be performed to thwart the attack or mitigate the damage caused by the attack.
Network security management systems however, typically are not extendable to other systems. For example, it is not uncommon for an entity to have many enterprise systems. However, in most instances, these systems are unable to leverage the functionality of the network security management system. For example, if a system administrator is alerted to a network security threat by a network security management system, the system administrator may manually attempt to isolate and stop the threat. However, other enterprise systems may not be able to interact with the network security management system to respond to threats or perform other functions leveraging any processing performed by the network security management system.