Security incident creation

  • Release version: Zurich
  • Updated July 31, 2025
  • 1 minute to read

    • Security incidents can be created manually from the form, or automatically via security events received from integrated third-party alert monitoring tools, such as Splunk.

    Important:
    The latest features in Security Incident Response are exclusively available in the Security Incident Response Workspace. Install or upgrade to the latest Security Incident Response or Security Incident Response Workspace version to access and leverage features such as Shift-Handover, Risk Score Calculator, and so on.

    If you have a security role, you can use any of the following methods to manually create security incidents.

    Table 1. Methods for manually creating security incidents
    Method Description
    Manually created from the Security Incident list On the Security Incident list, select New to create a new security incident.
    Manually created from the Security Incident Catalog You can create security incidents by selecting from categories of security threats defined in the security incident catalog.
    Incident Management On the Incident form in incident management, select Create Security Incident to create a new security incident.
    Note:
    You can avoid duplicate security incidents creation by enabling the sn_si.disable_duplicate_security_incident system property.
    Manually converted from a security request On the Security Request form, select Convert to Security Incident to create a new security incident.
    Manually created from an Event Management alert On the Event Management Alerts form, select Create Security incident to create a new security incident from an alert.
    Manually created from an alert On the Event Management Alert form, select Create Security Incident to create a new security incident.
    Manually converted from a vulnerability record (if the Vulnerability Response plugin is activated) On the Vulnerability Items form, select Create Security Incident to create a new security incident.

    Automatic creation of security incidents

    Generally, security administrators are responsible for setting up alert rules to automatically generate security incidents.

    Table 2. Security admin method for creating security incidents
    Method Description
    Automatically created using alert rules Security incidents can be created based on alert rules defined in the Event management in your data center application.