Security incident automatic creation When the Security Incident Response Event Management support plugin is activated, the Event Management application is also activated. This allows the Security Incident Response system to receive security events from integrated third-party alert monitoring tools, such as Splunk, and to use the imported data to create security incidents. Third-party alert monitoring tool integrationThird-party monitoring tools, such as Splunk, can be integrated with Security Incident Response so that security events imported from those tools automatically generate security incidents. You can also import data from third-party tools into security alerts.Security incidents created from events and alertsAs events are imported from alert monitoring tools, they are first processed by Event Management and grouped into alerts. These can be used to create security incidents based on customizable alert rules, or manually reviewed to select those alerts that should be investigated as a security incident.