Single-record Splunk alerts

Within any alert, you can specify security events or security incidents to be created when the alert is fired.

Open or create your alert, and when editing actions, select the type of record you want, and fill in the alert dialog box:

Figure 1. Create ServiceNow security event
Create a security event
Figure 2. Create ServiceNow security incident
Create a security incident