Define and set filter conditions to specify which incoming CrowdStrike Next-Gen SIEM detections should create security incidents. You can also define additional detection field criteria that allows an incoming detection to be appended to an open security incident instead of creating an incident.