A Framework for the Modern Security Operations Center

Security architectures typically involve many layers of tools and products that are not designed to work together, leaving gaps in how security teams bridge multiple domains to coordinate defense. The Splunk Adaptive Operations Framework addresses these gaps by connecting security products and technologies from our partners with Splunk security solutions including Splunk Enterprise Security (ES) and Splunk Phantom. Build a modern security operations center by using the Splunk Adaptive Operations Framework to:

  • Ingest structured or unstructured data from any source
  • Drive collaborative decisions supported by rich analytics
  • Perform orchestrated actions across a comprehensive range of technologies in the SOC

Detect, Investigate and Act on Security Events


Adaptive Response Diagram

With an open ecosystem consisting of more than 240 integrations and 1,200 APIs across all security domains, the Splunk Adaptive Operations Framework (AOF) brings together ecosystems previously known as the Splunk Adaptive Response Initiative and the Phantom Community.

Designed for heterogeneous security architectures, customers can benefit from the Splunk AOF to improve cyber defense, security operations and achieve a security nerve center.

Participating partners can benefit from the Splunk AOF through the building and expanding integrations with members of the Splunk AOF community to address customer needs.

Frequently Asked Questions

Q: How does the Splunk Adaptive Operations Framework address market needs?

A: IT security teams need help to improve how information from a layered defense is analyzed, how additional information and security context is retrieved from different security technologies, and how a range of actions are applied in any given security domain. The Splunk Adaptive Operations Framework aims to help security teams — from seasoned experts to junior analysts — better handle threats by reducing the time it takes to make decisions and take action when responding and adapting to threats.

Q: What happened to the Splunk Adaptive Response Initiative?

A: The Splunk Adaptive Operations Framework is the evolution of the Adaptive Response Initiative (ARI) to include the robust Phantom Community. The initiative's evolution does not change the overarching goal of customers achieving a "security nerve center" — with Splunk at the center — to improve cyber defense and security operations. The initiative allows vendors from different security domains to bring the benefits of collective intelligence to customers' security architectures. Both new and existing partners (those originally part of ARI or the Phantom Community) can benefit from more opportunities to collaborate and integrate with Splunk.

Q: Why is Splunk leading the initiative?

A: To overcome the challenges associated with bridging multiple security domains, the Splunk Adaptive Operations Framework uses Splunk software as the security nerve center. Customers have successfully implemented similar capabilities for many years, and Splunk technology and partnerships are foundational to accomplish the mission of the initiative.

Q: What companies are part of the initiative?

A: The Splunk Adaptive Operations Framework consists of over 240 leading security domain vendors across cloud security, endpoints, identity & access, network, orchestration, threat intelligence, WAF & app security, and web proxy firewall. To learn more, read our solution guide.

Q: Can new technology solution providers still join the initiative?

A: Yes, the initiative is designed to bring together innovative technologies to ensure the best context and response actions are available to customers. Any Splunk partner can take advantage of the opportunities within the Splunk Adaptive Operations Framework as well as out-of-box integration work if they want.

To join the Splunk Adaptive Operations Framework, read our Technology Partner FAQ and contact the Splunk team directly at adaptive-operations@splunk.com.

Q: How do I get the Splunk Adaptive Operations Framework functionality?

A: You can get functionality in a few ways:

  • - Use Splunk and Partner-built integrations to ingest data from anywhere to be used in across Splunk solutions: Splunk Enterprise, Splunk Cloud, Splunk Enterprise Security, Splunk User Behavior Analytics, and Splunk Phantom.
  • - Drive coordinated decisions with and actions with rich analytics and take orchestrated actions across a range of technologies in the SOC by using either Adaptive Response actions within Splunk Enterprise Security or Playbooks within Splunk Phantom. Learn more about Splunk Enterprise Security and Splunk Phantom.