Bring application and security teams together with end-to-end application threat detection and response—right inside Splunk.
As attackers increasingly target the application layer, organizations are under pressure to detect and respond faster—but they’re flying blind without the right context.
Recent research underscores just how urgent and complex today’s application security challenges have become. 68% of organizations leave critical vulnerabilities unresolved for more than 24 hours1. Even more concerning, 35% say this lack of context directly hinders their ability to remediate vulnerabilities effectively. Meanwhile, the threat landscape is intensifying: there has been a 742% year-over-year increase in attacks targeting open-source vulnerabilities2. The consequences are steep—the average cost to contain a breach in the U.S. has reached $9.44 million3, and it takes an average of 277 days to fully contain an incident4. Alarmingly, 60% of breaches involve data exfiltration within just one day4.
It’s no longer enough to detect vulnerabilities—you need to know what’s being exploited, how, where and in real time.
To address this gap, we’re introducing a new integration between Splunk's Secure Application part of the Splunk Observability portfolio through AppDynamics and Splunk Enterprise Security.
This integration enables real-time application attack detection for hybrid and on-prem environments using the Splunk AppDynamics agents (support for microservices based applications using Splunk Observability Cloud and Open Telemetry is coming soon). It gives security analysts and observability teams a shared source of truth for understanding runtime threats in the context of production and pre-production applications.
For security teams:
Gain the observability data you've been missing—track actual exploit attempts, understand impacted services, and correlate attacks with indicators of compromise directly in Splunk Security.
For observability teams:
Elevate your role in security—your telemetry data becomes a critical input to protecting the business, helping to flag and fix issues before they become breaches.
Secure Application monitors application runtime behavior to detect actual exploit attempts as they happen. When an attack is detected, it captures deep, actionable context—such as method invocations, vulnerable services, input payloads, and exploit metadata—and immediately sends that data to Splunk via HTTP Event Collector (HEC), a standard, secure interface for streaming event data.
Once inside Splunk, this telemetry powers:
Security teams use this information to collaborate with application teams and deploy any remediation workflows from Splunk Enterprise Security and Splunk SOAR
Secure Application and Splunk Enterprise Security end-to-end integration to detect, prioritize and investigate application threats
Secure Application doesn’t just detect the presence of a threat—it gives security and observability teams a detailed breakdown of the threat in application terms. Once ingested, alerts surface directly in Splunk Enterprise Security, correlation searches, and investigation workflows.
Security teams can instantly pivot into runtime insights, including:
This deep context enables analysts to pivot directly into application attacks with full application context—understanding not just that something happened, but how, where and why.
Splunk Enterprise Security showing a Log4j notable event generated from Secure Application data with priority score and contextual enrichment
Through Secure Application, teams can trace each attack event back to its execution path, understand its potential impact, and correlate it with other infrastructure, identity, or network signals already present in Splunk.
All of this is accessible without switching tools—giving security and observability teams a seamless way to detect and remediate real threats, faster than ever before.
Secure Application Log4j attack view showing real-time attack details including stack trace, service impact, and vulnerable method
This integration showcases the strength of the combined Cisco and Splunk security ecosystem. Vulnerabilities detected at runtime by Secure Application are automatically enriched with exploitability data from Cisco Vulnerability Management (formerly Kenna.VM), helping teams make faster, more informed decisions about what to address first.
Together, Splunk and Cisco help you move beyond alerts and static scans—toward real-time, risk-informed application security.
With this integration, Splunk brings runtime application security into the hands of both SOC analysts and observability teams—so they can work together to detect, investigate, and contain threats and drive digital resilience.
By unifying application telemetry with security analytics, organizations can now:
To see how this integration can improve your security posture:
Let’s stop runtime threats—together.
1- Swimlane 2024 Under Pressure: Is Vulnerability Management Keeping Up?
2 - Sonatype’s 8th Annual State of the Software Supply Chain Report.
3 -Ponemon Institute and IBM report, 2024.
4 - Cisco Security, 2020
The world’s leading organizations rely on Splunk, a Cisco company, to continuously strengthen digital resilience with our unified security and observability platform, powered by industry-leading AI.
Our customers trust Splunk’s award-winning security and observability solutions to secure and improve the reliability of their complex digital environments, at any scale.