In the chapter, we examine the possibility to use service dataflow extracted from logs of events of various elements for the analysis of the security of cyber-physical systems. The urgency of security providing for such complexes and their separate components is stipulated by a considerable number of security incidents as the violation of their faultless continuous functioning can lead to the damage of to people’s life and health, to the disruption of the functioning of the subsistence means of the population and other technogenic catastrophes. A normalization procedure of service dataflow is offered, allowing to generate groups of objects and properties and to ensure the process is such a way that semantically similar data are allocated in the same taxonomic fields. Besides, we examined the possibility to use the correlation of events in the conditions of uncertainty of infrastructure to define the hierarchy of asset types and the most significant objects. The approach is based on the detection of connections between events of security and the estimation of the dependence of their relative force on the distribution of events in time, based on the calculation and use of correlation coefficients. Such an approach allows us to reveal the main types of objects of the infrastructure, their characteristics, and hierarchy by analyzing empirical data, as well as to compare the criticality of objects based on static and dynamic indexes. We present the results of the experiment according to which the application of the given procedure allows us to lower information loss during the transformation of models of identified objects. The implementation of the studied approach to the correlation of events has some limitations in the case with a heterogeneous infrastructure; however, it can be used to develop a short-term pattern of interaction object with a homogeneous infrastructure in cyber-physical systems. Also, it is shown that automation of the detection of elements and the hierarchy of connections between them as well as the estimation of their criticality allows us to more precisely and in more detail develop a model of risks for the security analysis.