The invention aims to overcome the defects in the background technology, provides a security analysis method based on an original message, can simultaneously solve the self-security problem of the equipment terminal in the network, and is quick and effective in response. Meanwhile, the whole process can be recorded in time, so that later analysis and solution popularization are facilitated. In order to achieve the technical effect, the invention adopts the following technical scheme: the security analysis method based on the original message is matched with a probe arranged at an application end to use IDS and WAF double engines, and supports traditional threat detection and advanced threat detection in combination with threat intelligence, malicious file analysis, WEBshell detection and abnormal behavior detection, so that the security of the original message is improved, and the threat perception capability of the user is comprehensively improved.