Internet has grown by several orders of magnitude in recent years, prompting network security as a great concern. Hence, Intrusion Detection Systems (IDSs) are used to timely detect intrusions and defend against attack attempts. However, the current IDS technology generates a huge volume of alert events due to false alarm alerts, and requires costly alert manual reviewing due to the lack of intelligence in IDS. As a solution, Security Information Management (SIM) is a growing area of interest in network security. In this paper, we propose FAR-FAR (Frame-based Attack Representation and First-order logic Automatic Reasoning) system in SIM to relieve the administrator from the time-consuming and costly alert manual reviewing. With the backward-chaining, FAR-FAR can make real-time reasoning for network attack scenarios. In FAR-FAR, the aggregated alerts from different IDS agents are converted into uniform frame-structured streams by Case Grammar. Afterwards, First-order logic production rules are used to extract the hidden attack scenarios. Our simulation results show that FAR-FAR's attack scenario reasoning rate for the incoming alerts are generally far less than the incoming alerts' inter-arrival time. This guarantees FAR-FAR to automatically reason the attack plans in real time and predict possible attack attempts at an early stage.