Innovations in Splunk Security Expands Unified TDIR Experience to On-Premises and FedRamp Moderate Environments

At RSAC™ 2025 Conference we announced new innovations to Splunk Security. Today, we are pleased to announce the general availability of Splunk Enterprise Security 8.1. Splunk becomes the only vendor to bring truly unified threat detection, investigation, and response (TDIR) workflows fueled by automation to both customer managed deployments and FedRAMP Moderate environments. Splunk empowers security operations centers (SOCs) to strengthen their digital resilience with increased visibility, more accurate detections, and tightly integrated,automated workflows delivered through a unified SecOps platform that increases efficiency by 50%.¹

SecOps, Your Way: The Only Unified SecOps Platform That Meets Your SOC’s Deployment Requirements

In our revolutionary release of Splunk Enterprise Security 8.0, we introduced for cloud-users the direct integration of Splunk SOAR playbooks and actions with the case management and investigation features of Splunk Enterprise Security and Mission Control. Now, Splunk SOAR on-premises customers can seamlessly integrate with Splunk Enterprise Security. This enables enhanced deployment options so that both on-premises and cloud customers have a completely integrated workflow experience for case management, alert triage, incident investigation, and incident response use cases. No matter your deployment requirements, Splunk is there to provide a truly modern work surface to detect, investigate, and respond to threats.

That’s not all. Splunk Enterprise Security administrators are now able to pair Splunk Enterprise Security and Splunk SOAR in secure FedRAMP environments. The pairing process enables a unified Splunk Enterprise Security and Splunk SOAR integration and runs playbooks and actions from Findings and Investigations.

To better support TDIR workflows, in Splunk SOAR 6.4 we introduced:

• Tightly integrated playbook execution from within Splunk Enterprise Security, removing swivel-chair fatigue and accelerating SOC incident investigations.
• Streamlined asset management and enhanced API integrations to simplify deployment — at scale so that customers can onboard and operationalize faster without lengthy configuration steps.
• Improved case management and event timeline views, giving analysts faster, richer context at every step of their investigations.

Walk through a unified TDIR workflow

Informed, Timely, and Actionable Intelligence Across the SOC Ecosystem

Embedding threat intelligence into the operational framework of the SOC’s detection, investigation and response workflows reduces mean time to detect (MTTD) and mean time to respond (MTTR), allowing analysts to manage events from a single console. Splunk is advancing TIM CMP support through a private preview program with a select group of approved customers. This preview will help refine the experience and ensure seamless integration with Splunk Enterprise Security. Broader availability and guidance for all customers will be shared once the preview is complete and timelines are finalized.

See Threat Intelligence Management in action

Prioritize Threats, Investigate Security Incidents, and Make Decisions, Faster

To reduce alert fatigue and time spent on investigations, with Finding-based Detections², related security events are automatically grouped so that analysts have a complete view into priority incidents, with the context they need to take action. Teams can now leverage standardized annotations with pre-populated industry frameworks, including NIST, CIS, and Kill-Chain, ensuring consistent documentation across the organization. Analysts can effortlessly test Finding-based detection configurations before deployment with improved validation tools, eliminating guesswork and reducing configuration errors. The enhanced Similar Findings logic in Splunk Enterprise Security 8.1 unifies related detections into a single Finding Group, allowing analysts to investigate related security events as a single, comprehensive alert.

Interested in seeing Splunk Enterprise Security 8.1 in action? Join us for Splunk Enterprise Security 8.1 Demo Day. Register here!

To see how organizations are leveraging the market-leading SIEM, download the PeerPaper™ Report: Security Visibility, Contextual Detection, and SecOps Efficiency.

We’re always listening! Have ideas and requests? Share them with us through Splunk Ideas.

To learn more about Splunk Security, visit our website. Happy Splunking!

¹ IDC Business Value Snapshot, sponsored by Splunk, The Business Value of Splunk Security: A Unified TDIR Platform, #US53392325, May 2025

² Feature in preview with Splunk Enterprise Security 8.1