Information security has gathered great attention leading to a variety of network sensors and Intrusion Detection Systems (IDS), generating numerous threat events. Large number of threat events are difficult to be managed by passive countermeasures of security manpower, lacking in prompt situation recognition and preemptive responses. Therefore, automated cyber threat analysis techniques based on big data or machine learning are required for effective security control and threat analysis. Also, correlation analysis with Cyber Threat Intelligence (CTI) that occurred in the past enables high level analysis of intrusion intent as well as preemptive response. Therefore, approach to autonomous alert correlation methods using machine learning algorithm such as Bayesian network, Hidden Markov Model (HMM), Support Vector Machine (SVM) and neural network are studied for threat analysis recently. In this paper, we propose analysis method for alerts generated by Security Information and Event Management system (SIEM) in two parts. In the first part, we apply Bayesian network to generate attack scenario and infer intent of the intrusion. We define the causality of alerts generated by SIEMs through alert correlation algorithm based on Bayesian network. This facilitates identification of the invasion pathway as well as prediction of the next attack. In the second part, we employed Diamond model to the generated attack scenarios for threat analysis using CTI. Rather than merely plotting an attack graph, it applies the Diamond model to the attack graph based on the cyber kill chain, allowing the analyst to identify more information at a glance. In order to apply Diamond model, we expanded features of each attack such as asset information of the system or vulnerabilities. Accordingly, each attack scenario could be reconstructed as CTI format and compared with threats occurred in the past. Therefore, we demonstrated the feasibility of successful identification and rapid response of the overall attack situation.