With the incoming of information era, internet has been developed rapidly and offered more and more services. However, intrusions, viruses and worms follow with the grown of internet, spread widely all over the world within high speed network. Although many kinds of intrusion de- tection systems (IDSs) are developed, they have some dis- advantages in that they focus on low-level attacks or ano- malies, and raise alerts independently. In this paper, we give a formal description about attack patterns, attack transition states and attack scenarios. We proposed the system architecture to generate an attack scenario database correctly and completely. We first clas- sify and extract attack patterns, then, correlate attack pat- terns with pre/post conditions matching and. Moreover, the approach, Attack Scenario Generation with Casual Rela- tionship (ASGCR), is proposed to build an attack scenario database Finally, we present the combination of our attack scenario database with security operation center (SOC) to implement the related components concerning alert inte- grations and correlations. It is shown that our method is better than CAML [4] since we can generate more attack scenarios effectively and correctly to help system managers to maintain network security. Keywords Attack scenario database, security operation center, alert correlation, attack pattern.