Cisco Unveils AI-Powered Splunk Security and Ops Tools

Splunk, a Cisco company, unveiled at its .conf25 conference this week, agentic AI-powered security and observability capabilities designed to automate threat response, streamline IT operations, and manage complex environments.

Cisco introduced Splunk Enterprise Security Premier and Splunk Enterprise Security Essentials, which the company says will unify security workflows across threat detection, investigation, and response (TDIR). Built on Splunk Enterprise Security 8.2, these new products feature AI agents that can orchestrate and automate complex workflows.

“We’re taking all the different experiences that Splunk has and we’re combining them into one unified product experience, our enterprise security editions,” says Kamal Hathi, senior vice president and general manager of the Splunk business unit at Cisco. “Those editions will combine all of it into a single, unified workflow, making it much, much easier for customers to work with security operations without bits and parts of tools to stitch together. We’ll take care of the stitching together, and we’ll do that by leveraging AI.”

Splunk Enterprise Security Essentials combines Splunk Enterprise Security 8.2, Splunk AI Assistant in Security, and Detection Studio into one offering with a unified experience. And Splunk Enterprise Security Premier integrates Splunk Enterprise Security 8.2, Splunk SOAR (security orchestration, automation, and response), Splunk UBEA (user and entity behavior analytics), Splunk AI Assistant, and Detection Studio into one comprehensive offering with a unified user experience.

Also Read: How Generative AI Accelerates Legacy Tech Modernization

Splunk also updated its AI agents to automate complex workflows with the following features:

• Triage Agent: Evaluates, prioritizes, and explains alerts to reduce analyst workload and surface the most meaningful alerts.
• Malware Reversal Agent: Explains malicious scripts, extracts indicators of compromise, flags evasion, and groups recurring behaviors.
• AI Playbook Authoring: Translates natural language intent into functional, tested SOAR playbooks.
• Response Importer: Adhere to standard operating procedures (SOPs) defined by the security operations center (SOC) and use multi-modal large language models (LLMs) to import SOPs into Enterprise Security response plans.
• AI-Enhanced Detection Library: Iterate on detections to go from hypothesis to production.
• Personalized Detection Search Processing Language (SPL) Generator: Personalizes detections withing the library to align with unique SOC environments.
• Webex Response Automation: Creates war rooms in Webex using SOAR playbooks when an incident fires.

Cisco also integrated its Isovalent Runtime Security eBPF (extended Berkeley Packet Filter) into Splunk to enable visibility across workloads and pinpoint potential security breaches and infrastructure anomalies. Cisco integrated Splunk Cloud’s Federated Search for Amazon S3 and Security Analytics and Logging (SAL) to enable analysts to perform security analytics on firewall logs stored in SAL from Splunk Cloud Platform.

AI-powered observability enhancements

Cisco also announced it has updated Splunk Observability to use Cisco AgenticOps, which deploys AI agents to automate telemetry collection, detect issues, identify root causes, and apply fixes. The agentic AI updates help enterprise customers automate incident detection, root-cause analysis, and routine fixes.

“We are making sure that all of our tooling, across AppDynamics, across Observability Cloud is really leveraging each other’s strengths, and that means dialing in data and insights from both traditional observability telemetry and also from the business,” Hathi says. “It provides a whole new aspect of observability that understands not just performance on a machine, on an application, on a network, on an infrastructure, but also the actual business impact. And the last piece is the notion of observing and understanding what AI is doing itself.”

Splunk integrates business and machine data to enable organizations to correlate technical issues with business impact and provide observability into the behavior and performance of AI systems and agents. Among the features are:

• AI-Directed Troubleshooting: Analyze incidents and surface root causes.
• Event IQ: Helps teams to set up automation alert correlation.
• ITSI (IT Service Intelligence) Episode Summarization: Provides overviews of grouped alerts.
• AI Agent Monitoring: Monitors the quality and cost of LLMs.
• AI Infrastructure Monitoring: Monitors the health and consumption of AI infrastructure.

Cisco is also bringing together Splunk AppDynamics and Splunk Observability Cloud and deepening integration with Cisco ThousandEyes so enterprise teams can better pinpoint the network’s impact on application performance and end-user experience.

Also Read: Is AI Driving the Fierce Cloud Wars of 2025?

“We’ve had embedded AI helping you for years and are excited to announce agentic AI-powered capabilities across the Splunk Observability portfolio to help teams investigate and resolve issues faster,” according to a Splunk blog written by Dayna Lord and Patrick Lin. “With AI-driven alert correlation, episode summarization, and AI agents for detection, troubleshooting, and remediation, agentic AI means teams can understand, troubleshoot, and resolve business-impacting incidents faster.”