Cisco Systems Inc. today announced new editions of its Splunk data platform that use agentic artificial intelligence to improve both security operations and observability across digital infrastructure.

The updates include two new Splunk Enterprise Security editions — Essentials and Premier — built on Splunk Enterprise Security 8.2 and a suite of features within the Splunk Observability portfolio aimed at managing AI performance and detecting issues in real time.

Cisco said the two new security offerings support organizations at different stages of their security operations center maturity. Essentials includes Splunk Enterprise Security 8.2, the Splunk AI Assistant and Detection Studio with a unified interface.

Premier combines Security 8.2 with Splunk Security Orchestration, Automation and Response, Splunk User and Entity Behavior Analytics, the AI Assistant and Detection Studio.

Both editions leverage AI agents that automate and orchestrate tasks across threat detection, investigation and response, or TDIR.

• The Triage Agent evaluates and prioritizes alerts.
• Malware Reversal Agent provides detailed analyses of malicious scripts.
• AI Playbook Authoring translates natural language into executable SOAR playbooks.
• Response Importer converts standard security operations center operating procedures into automated plans.
• AI-Enhanced Detection Library and Personalized Detection SPL Generator speed up and customize detection capabilities.
• Webex Response Automation integrates with Cisco’s conferencing application to create incident war rooms automatically.

Cisco also said it has integrated its Isovalent Runtime Security extended Berkeley Packet Filter technology with Splunk for deeper visibility into workloads and added firewall log analytics via Splunk Cloud’s Federated Search in Amazon Web Services Inc.’s S3.

Upgrades to Splunk Observability add AI-powered features aimed at proactive issue detection, AI system monitoring and a unified view of digital experiences. The updates reflect Cisco’s AgenticOps strategy and include AI Troubleshooting Agents in Splunk Observability Cloud and Splunk AppDynamics, which analyzes incidents and highlights root causes.

Event iQ in Splunk IT Service Intelligence automates alert correlation. Splunk IT Service Intelligence Episode Summarization consolidates alert groups with trend and impact analysis.

New tools for monitoring AI infrastructure include AI Agent Monitoring for assessing the quality and cost of large language models and agents and AI Infrastructure Monitoring to identify service bottlenecks and resource spikes.

Cisco is also merging the capabilities of Splunk AppDynamics and Splunk Observability Cloud to for unified observability.

Teams can now correlate application performance with business processes, gain deeper visibility into user behavior, better manage cloud-native application performance, replay browser and mobile sessions, and use OpenTelemetry for data collection across platforms.

Photo: Splunk