A validity verification method may include receiving an event to be analyzed from a security information & event management (SIEM) server, the event to be analyzed selected by the SIEM server from a plurality of events detected by different security devices based on a desired correlation rule; registering the event to be analyzed; collecting raw data associated with the registered event from a security device corresponding to the registered event among the different security devices; acquiring location information of an intended network location associated with an attack based on the collected raw data; determining a validity status of the registered event based on the acquired location information; generating an exceptional processing message of the registered event; and transmitting the generated exceptional processing message to the SIEM server based on results of the determining the validity status of the registered event.