Automatic incident generator

The invention claimed is: 1. A method for automatic detection of security incidents in a computer system with access to a database of previously recorded security incidents comprising incident signatures based on a sequence of at least three events related to the security incidents, the method comprising: monitoring an event stream comprising a sequence of at least three system events in the computer system; calculating an incident signature based on the sequence of at least three system events; calculating a degree of variance (DoV) of the monitored sequence of events from the incident signature, wherein the DoV is the distance between the incident signature and an incident signature based on previously recorded security incidents; comparing the calculated DoV to a predetermined variance threshold; determining that the monitored sequence of events is a security incident associated with the incident signature of the previously recorded activities when the calculated DoV is less than or equal the threshold; determining that the monitored sequence of events is not a security incident associated with the incident signature of the previously recorded activities when the calculated DoV is greater than the threshold; executing instructions on the computer system based on the calculated DoV, wherein the instructions add the determined security incident to the database of previously recorded security incidents when the calculated DoV is less than or equal to the threshold and wherein the instructions do not add the monitored sequence of events to the database of previously recorded security incidents when the calculated DoV is greater than the threshold; and when the calculated DoV is less than or equal to the threshold, apply the security incident to a security policy which prevents sending a message to a receiver. 2. The method of claim 1 , wherein the instructions further comprise raising the security incident by associating a security classification with a computer user associated with the security incident. 3. The method of claim 1 , wherein the instructions further comprise communicating predetermined information about the security incident to a user of the computer system. 4. The method of claim 1 , wherein the instructions further comprise communicating predetermined information about the security incident to a trouble tracking system. 5. The method of claim 1 , wherein the instructions further comprise communicating predetermined information about the security incident to a system administrator. 6. The method of claim 1 , wherein the instructions further comprise identifying controls in the computing system related to the security incident. 7. The system of claim 6 , wherein the instructions further comprise applying controls in the computer system related to the security incident. 8. The method of claim 1 , wherein a determined security incident is further analyzed and classified using pre-programmed heuristic rules, statistical analysis, a neural network, or support vector machines. 9. The method of claim 1 , wherein the at least one incident signature comprises information about a sequence of four or more events. 10. The method of claim 1 , wherein the security incident comprises a sequence of three or more events comprising failed attempts at transmitting digital data followed by a successful transmission of digital data to one or more receivers or one or more devices outside the computer system. 11. A system for automatic detection of security incidents in a computer system, the system comprising: a database of previously recorded security incidents comprising incident signatures based on a sequence of at least three events related to the security incidents; a microprocessor in communication with the database and coupled to a memory storing instructions, the microprocessor being configured to implement the instructions for automatic incident generation and access the database of previously recorded security incidents with the events related to these incidents, to: monitor an event stream comprising a sequence of at least three system events in the computer system; calculating an incident signature based on a sequence of the at least three system events; compare the calculated DoV to a predetermined variance threshold; calculate a degree of variance (DoV) of the monitored sequence of events from the incident signature wherein the DoV is the distance between the incident signature and an incident signature based on previously recorded security incidents; determine that the monitored sequence of events is a security incident associated with the incident signature of the previously recorded activities when the calculated DoV is less than or equal the threshold; determine that the monitored sequence of events is not a security incident associated with the incident signature of the previously recorded activities when the calculated DoV is greater than the threshold; execute instructions on the computer system based on the calculated DoV, wherein the instructions add the identified security incident to the database of previously recorded security incidents when the calculated DoV is less than or equal to the threshold and wherein the instructions do not add the monitored sequence of events to the database of previously recorded security incidents when the calculated DoV is greater than the threshold; and when the calculated DoV is less than or equal to the threshold, apply the security incident to a security policy which prevents sending a message to a receiver. 12. The system of claim 11 , wherein the AIG instructions raise the security incident by associating a security classification with a computer user associated with the security incident. 13. The system of claim 11 , wherein the instructions cause communication of predetermined information about the security incident to a user of the computer system. 14. The system of claim 11 , wherein the instructions cause communication of predetermined information about the security incident to an incident management, trouble tracking, or workflow management system. 15. The system of claim 11 , wherein the instructions cause communication of predetermined information about the security incident to a system administrator. 16. The system of claim 11 , wherein the instructions cause identification of controls related to the security incident. 17. The system of claim 16 , wherein the instructions apply controls in the computer system related to the security incident. 18. The system of claim 11 , wherein the microprocessor is further configured to analyze and classify a determined security incident by performing analysis using pre-programmed heuristic rules, statistical analysis, a neural network, or support vector machines. 19. The system of claim 11 , wherein the at least one incident signature comprises information about a sequence of four or more events. 20. The system of claim 11 , wherein the security incident comprises a sequence of three or more events comprising failed attempts to transmit digital data followed by a successful transmission of digital data to one or more receivers or one or more devices outside the computer system.