Abstract: A server for identifying and prioritizing IT security events associated with a network is caused to receive a dataset representing IT security events specific to one or more resources associated with the network, generate, by defined algorithms, individual scores for the IT security events, correlate each of the individual scores for the IT security events with the one or more resources, aggregate, for a resource of the one or more resources, each of the individual scores correlated with the resource into a security score specific to the resource, determine whether the security score exceeds a defined threshold, and in response to the security score exceeding the defined threshold, generate and transmit a security incident alert specific to the resource to a security operation center. Example servers, systems, apparatuses, methods, and non-transitory computer readable medium for identifying and prioritizing IT security events associated with a network are also disclosed.