A New Era with Splunk's Agentic SOC
In this blog
A new era with Splunk's Agentic SOC
You have spoken, and they have listened!
The voice of the customer plays a vital role for vendors across the security industry and has the power to shape entire product roadmaps. Innovation is fueled by market demand, and the giants in every industry understand this. Splunk has been a market leader and an indomitable force for nearly 20 years, delivering value every step of the way.
In August 2025, as I sat back and listened to the opening keynote address at Splunk .conf25, I was left with one thought to rule them all: Splunk has listened! Their new Agentic SOC addresses the concerns of not just their customers, but the entire security landscape. It would take me 2 days and hundreds of breakout sessions to discuss everything that came out of that week, so instead, let's focus on how Splunk has tackled the most common pain points we face today.
Top product updates
Cisco Data Fabric: As a new architecture that's recently been launched, CDF aims to facilitate AI use cases through its Machine Data Lake, eliminate the complications of data silos, and reduce the cost and complexity that comes with substantial amounts of data. Across the security landscape, we have been seeing a lot of acquisitions and consolidations of major security vendors, with Splunk and Cisco being among the biggest. That said, it's not realistic to expect a seamless integration right off the bat. However, we are starting to see one of those big pushes come to fruition in the form of free ingestion of Cisco Firewall logs into Splunk!
We could write an entire series on Cisco Data Fabric and its revolutionary approach to schematizing, correlating and storing logs, but for now, we are just going to hit the wave tops. If you'd like to know more, reach out and inquire about the "Readiness Assessment" and "Data Strategy" workshops as first steps!
Gen 2 Federation: Another bullet point that falls under CDF is federation. Currently, Splunk includes federated searching and replay from AWS S3 and will soon include integrations with Azure environments and Snowflake. For anyone who deals with ingestion or data lakes, these integrations provide a great new capability and step towards data pipelining when used with Edge Processor. These are two powerful components that are geared towards data ownership and cost reduction.
Pricing models and architecture: While Splunk has unmatched capabilities, using them often comes with a sense of separation. Throughout the IR process, it was easy to feel the shift in tooling from one job to the next. Whether through purchasing, implementation, or day-to-day use, parts of the platform truly felt like they were independent pieces that worked alongside each other. However, Splunk has heard its customers' pain points and fused core components together into one solid product while offering a new pricing model.
Let me introduce Essentials and Premier! Splunk Premier will soon be available to all and will make available the power of a fully operational SOC fused with UEBA, SIEM, AI Assistant and SOAR. In addition, SOAR functions will be able to be used by the entire team instead of being limited due to "headcount" based pricing. Splunk Essentials will be a slight step down but a perfect fit for those security teams that are starting their journey or simply don't require the full stack of Premier offerings.
AI Assistant for SPL: Interacting with data can be difficult, especially when using a powerful schema such as Splunk's Search Processing Language. Most analysts have a learning period to master the full capabilities provided by Splunk, but the new AI Assistant eliminates that, allowing security teams to harness their full potential. On day 1, end users are well equipped to discover their data, perform investigations, gain administrative insights and master the powerful SPL command syntax.
AI Playbook authoring: One of the bigger downsides to SOAR over the last few years has been a steep learning curve in workflow creation. For the average user, creating actions and playbooks has been complicated and daunting, requiring a skill set that most analysts lack. Not to mention, SOAR has been heavily charged as a "per head" subscription, which bars most team members from developing that skill set further. However, that barrier has been dropped by Splunk on all sides thanks to AI Playbook Authoring, coupled with the new Premier edition pricing model. All analysts can now build complex workflows from natural language and test them along the way.
Detection Studio: Detection Engineering can be a task that makes or breaks a SOC. Most of the time, alert fatigue is due to poorly written rules and a lack of tuning. On the other end of the spectrum, rules can frequently get written that never accomplish their intended purpose. Splunk's Detection Studio is a feature that aims to solve these issues. By providing the ability to test rules against historic data, deploy in "safe mode" prior to production, automating quality checks, and replay attack data to validate logic, security teams are gaining confidence in quality detection engineering they've never had before.
Triage Agent: While risk-based alerting is nothing new to Splunk, the way analysts respond to threats is taking a new shape with the Triage Agent. Relying on Agentic AI, this new agent can help evaluate and explain alerts and reduce analyst workload, leaving SOC teams with more time to focus on high-priority alerts.
Splunk .conf25 Recap: The Agentic SOC
The result of Splunk listening to their customers has resulted in the creation of their Agentic SOC! As Cisco and Splunk have teamed together, it was just a matter of time until their security solutions began to make leaps and bounds in their AI journey. From the time the data gets created until the final incident is remediated, the platform has been fused together into one solid solution with AI baked into every step. With so much having been released, it will take a little time to digest this massive step for Splunk, but the future is bright because Splunk has proven one thing: they are committed to its customers.