Security

June 11, 2025

3 Minute Read

Innovations in Splunk Security Expands Unified TDIR Experience to On-Premises and FedRamp Moderate Environments

By Nick Hunter, Olivia Henderson

At RSAC™ 2025 Conference we announced new innovations to Splunk Security. Today, we are pleased to announce the general availability of Splunk Enterprise Security 8.1. Splunk becomes the only vendor to bring truly unified threat detection, investigation, and response (TDIR) workflows fueled by automation to both customer managed deployments and FedRAMP Moderate environments. Splunk empowers security operations centers (SOCs) to strengthen their digital resilience with increased visibility, more accurate detections, and tightly integrated,automated workflows delivered through a unified SecOps platform that increases efficiency by 50%.¹

SecOps, Your Way: The Only Unified SecOps Platform That Meets Your SOC’s Deployment Requirements

In our revolutionary release of Splunk Enterprise Security 8.0, we introduced for cloud-users the direct integration of Splunk SOAR playbooks and actions with the case management and investigation features of Splunk Enterprise Security and Mission Control. Now, Splunk SOAR on-premises customers can seamlessly integrate with Splunk Enterprise Security. This enables enhanced deployment options so that both on-premises and cloud customers have a completely integrated workflow experience for case management, alert triage, incident investigation, and incident response use cases. No matter your deployment requirements, Splunk is there to provide a truly modern work surface to detect, investigate, and respond to threats.

That’s not all. Splunk Enterprise Security administrators are now able to pair Splunk Enterprise Security and Splunk SOAR in secure FedRAMP environments. The pairing process enables a unified Splunk Enterprise Security and Splunk SOAR integration and runs playbooks and actions from Findings and Investigations.

To better support TDIR workflows, in Splunk SOAR 6.4 we introduced:

Tightly integrated playbook execution from within Splunk Enterprise Security, removing swivel-chair fatigue and accelerating SOC incident investigations.
Streamlined asset management and enhanced API integrations to simplify deployment — at scale so that customers can onboard and operationalize faster without lengthy configuration steps.
Improved case management and event timeline views, giving analysts faster, richer context at every step of their investigations.

Walk through a unified TDIR workflow

Informed, Timely, and Actionable Intelligence Across the SOC Ecosystem

Embedding threat intelligence into the operational framework of the SOC’s detection, investigation and response workflows reduces mean time to detect (MTTD) and mean time to respond (MTTR), allowing analysts to manage events from a single console. Splunk is advancing TIM CMP support through a private preview program with a select group of approved customers. This preview will help refine the experience and ensure seamless integration with Splunk Enterprise Security. Broader availability and guidance for all customers will be shared once the preview is complete and timelines are finalized.

See Threat Intelligence Management in action

Prioritize Threats, Investigate Security Incidents, and Make Decisions, Faster

To reduce alert fatigue and time spent on investigations, with Finding-based Detections², related security events are automatically grouped so that analysts have a complete view into priority incidents, with the context they need to take action. Teams can now leverage standardized annotations with pre-populated industry frameworks, including NIST, CIS, and Kill-Chain, ensuring consistent documentation across the organization. Analysts can effortlessly test Finding-based detection configurations before deployment with improved validation tools, eliminating guesswork and reducing configuration errors. The enhanced Similar Findings logic in Splunk Enterprise Security 8.1 unifies related detections into a single Finding Group, allowing analysts to investigate related security events as a single, comprehensive alert.

Interested in seeing Splunk Enterprise Security 8.1 in action? Join us for Splunk Enterprise Security 8.1 Demo Day. Register here!

To see how organizations are leveraging the market-leading SIEM, download the PeerPaper™ Report: Security Visibility, Contextual Detection, and SecOps Efficiency.

We’re always listening! Have ideas and requests? Share them with us through Splunk Ideas.

To learn more about Splunk Security, visit our website. Happy Splunking!

¹IDC Business Value Snapshot, sponsored by Splunk, The Business Value of Splunk Security: A Unified TDIR Platform, #US53392325, May 2025

² Feature in preview with Splunk Enterprise Security 8.1

Nick Hunter

Nick Hunter is a Principal Technical Product Marketing Manager at Cisco/Splunk. With over 15 years of experience in a wide range of cyber security roles, including eight years of SOC experience, in addition to product marketing, Nick has been responsible for enablement, implementation, design, and training across products and services designed to mitigate the risks of the ever-evolving range of cyber threats.

Olivia Henderson

Olivia leads product marketing for Splunk® Enterprise Security. She brings to Splunk over 5 years of product marketing experience within the cyber intelligence industry, leading go-to-market strategies for products, services, and data integrations. Previously she worked as an intelligence analyst for a cyber threat intelligence managed service, focusing on Latin America, conducting research and analysis of emerging threats within the region. She holds a Bachelor of Science in Foreign Service (BSFS) in International Politics with a concentration in International Security from Edmund A. Walsh School of Foreign Service, Georgetown University and a Master of Professional Studies (MPS) in Integrated Marketing and Communications from the School of Continuing Studies, Georgetown University.

Security 16 Min Read

When Installers Turn Evil: The Pascal Script Behind Inno Setup Malware Campaign

Uncover the Inno Setup malware campaign leveraging Pascal scripting to deliver RedLine Stealer.

Security 3 Min Read

Splunk Security Ops: Building the Blueprint for Success

Learn how Splunk Global Security runs ops at scale and enables the business by focusing on what matters—solving problems through data, automation, and collaboration.

Security 6 Min Read

Federated Analytics: Analyze Data Wherever It Resides for Rapid and Holistic Security Visibility

Federated Analytics is now generally available as a premium add-on feature for Splunk Cloud Platform and Splunk Enterprise Security.

About Splunk

The world’s leading organizations rely on Splunk, a Cisco company, to continuously strengthen digital resilience with our unified security and observability platform, powered by industry-leading AI.

Our customers trust Splunk’s award-winning security and observability solutions to secure and improve the reliability of their complex digital environments, at any scale.

Learn more about Splunk

Subscribe to our blog

Get the latest articles from Splunk straight to your inbox.

Connect with Splunk on X

Follow @Splunk

Connect with Splunk on Instagram