4 Sources
4 Sources
[1]
Cisco endows Splunk with agentic AI for security and observability - SiliconANGLE
Cisco endows Splunk with agentic AI for security and observability Cisco Systems Inc. today announced new editions of its Splunk data platform that use agentic artificial intelligence to improve both security operations and observability across digital infrastructure. The updates include two new Splunk Enterprise Security editions -- Essentials and Premier -- built on Splunk Enterprise Security 8.2 and a suite of features within the Splunk Observability portfolio aimed at managing AI performance and detecting issues in real time. Cisco said the two new security offerings support organizations at different stages of their security operations center maturity. Essentials includes Splunk Enterprise Security 8.2, the Splunk AI Assistant and Detection Studio with a unified interface. Premier combines Security 8.2 with Splunk Security Orchestration, Automation and Response, Splunk User and Entity Behavior Analytics, the AI Assistant and Detection Studio. Both editions leverage AI agents that automate and orchestrate tasks across threat detection, investigation and response, or TDIR. Cisco also said it has integrated its Isovalent Runtime Security extended Berkeley Packet Filter technology with Splunk for deeper visibility into workloads and added firewall log analytics via Splunk Cloud's Federated Search in Amazon Web Services Inc.'s S3. Upgrades to Splunk Observability add AI-powered features aimed at proactive issue detection, AI system monitoring and a unified view of digital experiences. The updates reflect Cisco's AgenticOps strategy and include AI-directed troubleshooting in Splunk Observability Cloud and Splunk AppDynamics, which analyzes incidents and highlights root causes. Event iQ in Splunk IT Service Intelligence automates alert correlation. Splunk IT Service Intelligence Episode Summarization consolidates alert groups with trend and impact analysis. New tools for monitoring AI infrastructure include AI Agent Monitoring for assessing the quality and cost of large language models and agents and AI Infrastructure Monitoring to identify service bottlenecks and resource spikes. Cisco is also merging the capabilities of Splunk AppDynamics and Splunk Observability Cloud to for unified observability. Teams can now correlate application performance with business processes, gain deeper visibility into user behavior, better manage cloud-native application performance, replay browser and mobile sessions, and use OpenTelemetry for data collection across platforms.
[2]
Cisco Announces Agentic Observability Features, Time Series AI Model
AI agents will automate telemetry collection, identify root causes, and recommend fixes. Cisco, the global leader in networking, security, and infrastructure, announced a suite of AI-powered observability tools at the conf. 2025 event in Boston, United States. This includes a unified data fabric, a machine data lake, and a time series foundational model for anomaly and root cause analysis. Together, the companies aim to help enterprises turn machine-generated data into actionable AI-powered intelligence. Powered by Splunk, the data platform the company acquired last year, Cisco announced a new AI-powered Splunk observability agent. It deploys AI agents across the entire incident response lifecycle while monitoring both its performance and quality. For instance, the AI troubleshooting agent is offered as part of Splunk's Observability Cloud
[3]
Cisco Unveils Agentic AI in Splunk Enterprise Security to Transform the SOC
Cisco providing customers two agentic AI-powered SecOps options that unify security workflows across threat detection, investigation, and response (TDIR). Delivered within Splunk Enterprise Security 8.2 - a market-leading SIEM solution - these advancements streamline offerings and empower customers with faster threat response and simplified security solutions. Cisco also unveiled a series of AI features that it intends to release to power the agentic Security Operations Centre (SOC) of the future, enabling analysts to focus on strategic decision-making while AI handles routine tasks
[4]
Cisco Elevates the SOC with Agentic AI for Faster Threat Response and Reduced Complexity
Cisco introduced Splunk Enterprise Security Essentials Edition and Splunk Enterprise Security Premier Edition, providing customers two agentic AI-powered SecOps options that unify security workflows across threat detection, investigation, and response (TDIR). Delivered within Splunk Enterprise Security 8.2 ? a market-leading SIEM solution ? these advancements streamline offerings and empower customers with faster threat response and simplified security solutions. Cisco also unveiled a series of AI features that it intends to release to power the agentic Security Operations Center (SOC) of the future, enabling analysts to focus on strategic decision-making while AI handles routine tasks. With many Cisco security products already integrated with Splunk Enterprise Security, the latest features will place agentic AI at the core of the SOC and extend security intelligence seamlessly across the network. With Splunk, AI agents do more than actively orchestrate and automate complex workflows; they transform manual tasks into proactive, autonomous security operations. This transformation streamlines comprehensive threat management, empowering security teams to act faster and more efficiently. Powering the Agentic SOC Many organizations drown in data but struggle to know what matters and when to act. This leads to operational blind spots and inefficiencies across SecOps, ITOps, and engineering teams. It delays timely detection and response exposing the business to avoidable threats. To help prevent these issues and build an agentic SOC with greater visibility and context, customers can select between two flexible solutions: Splunk Enterprise Security Premier Edition: Brings together Splunk Enterprise Security 8.2, Splunk SOAR, Splunk UEBA, and Splunk AI Assistant into a comprehensive offering with unified user experience. Splunk Enterprise Security Essentials Edition: Combines Splunk Enterprise Security 8.2 and Splunk AI Assistant in Security into a single offering with unified user experience. Agentic AI for Security As security challenges become more complex, organizations need integrated solutions that enhance visibility, accelerate detection, and streamline response. Additional AI-powered advancements are being released to strengthen security operations through the following: · Triage Agent: AI-powered triage evaluates, prioritizes, and explains alerts?even in long-tail, low-volume cases?reducing analyst workload and surfacing what matters most. Malware Reversal Agent: AI-driven reversing explains malicious scripts line-by-line, extracts indicators of compromise, flags evasion, and groups recurring behaviors. AI Playbook Authoring: Translates natural language intent into functional, tested SOAR playbooks, with AI helping every step of the way. Response Importer: AI agents adhere to standard operating procedures (SOPs) defined by the SOC and use multi-modal LLMs to import SOPs into Enterprise Security response plans. AI-Enhanced Detection Library: Helps detections to go from hypothesis to production in minutes. Personalized Detection SPL Generator: Personalizes detections within the library to align with unique SOC environments to make them usable out of the box. Cisco Integrations Accelerate the SOC with Agentic AI By integrating with Cisco's security solutions, Splunk helps security teams detect, investigate, and respond to threats with greater speed and precision. Expanded offerings will include: Isovalent Runtime Security (eBPF) into Splunk: Delivers immediate, granular visibility across your workloads, quickly pinpointing potential security breaches and infrastructure anomalies. Federating Cisco Firewall Data: Integration between Splunk Cloud Platform's Federated Search for Amazon S3 and Security Analytics and Logging (SAL) will enable analysts to perform security analytics on firewall logs stored in SAL directly from Splunk Cloud Platform without the need for ingestion. Availability: Splunk Enterprise Security Essentials Edition is available to all global regions, and Splunk Enterprise Security Premier Edition is available in early access. Splunk AI Assistant in Security is available to all global regions. Cisco integrations and additional capabilities including Triage Agent, AI Playbook Authoring, Response Importer, AI-Enhanced Detection Library and Personalized Detection SPL Generator will be available in 2026.
Share
Share
Copy Link
Cisco unveils new AI-powered editions of Splunk Enterprise Security, introducing agentic AI to transform security operations centers. The update includes advanced observability features and integrations to enhance threat detection and response.
Cisco Systems Inc. has announced a significant upgrade to its Splunk data platform, introducing agentic artificial intelligence (AI) to enhance both security operations and observability across digital infrastructure
1
.Source: SiliconANGLE
This move marks a major step forward in the evolution of Security Operations Centers (SOCs) and reflects Cisco's commitment to leveraging AI for improved threat detection, investigation, and response (TDIR).
At the heart of this announcement are two new editions of Splunk Enterprise Security:
1
4
.1
4
.Both editions leverage AI agents to automate and orchestrate tasks across the TDIR lifecycle, enabling security teams to focus on strategic decision-making while AI handles routine tasks
3
4
.Cisco has also introduced AI-powered features to the Splunk Observability portfolio, aimed at proactive issue detection and AI system monitoring
1
2
. These updates include:1
The introduction of agentic AI in Splunk Enterprise Security represents a paradigm shift in how SOCs operate. AI agents now do more than just orchestrate and automate workflows; they transform manual tasks into proactive, autonomous security operations
4
.Source: DIGITAL TERMINAL
This transformation streamlines comprehensive threat management, empowering security teams to act faster and more efficiently.
Related Stories
Cisco has unveiled plans for additional AI-powered features to be released in the future, including:
4
To further enhance the SOC capabilities, Cisco is integrating its security solutions with Splunk:
1
4
Source: Analytics India Magazine
The Splunk Enterprise Security Essentials Edition is now available globally, while the Premier Edition is in early access. Additional AI-powered capabilities are expected to be available in 2026
4
.This comprehensive update to Splunk's security and observability offerings demonstrates Cisco's commitment to leveraging AI to address the growing complexity of cybersecurity challenges and empower organizations to build more efficient and effective security operations centers.
Summarized by
Navi
[2]
[3]
29 Apr 2025•Technology
10 Jun 2025•Technology
15 Jan 2025•Technology