A two-stage real time solution based on DBTCAN (density-based time clustering of application with noise) algorithm is presented for alert aggregation and correlation in distributed contexts.