This month, we’re excited to share powerful new resources that will transform how you manage security operations across hybrid environments. From implementing money-saving Federated Search capabilities for Amazon S3 to monitoring Google Cloud SQL or integrating with the Australian Signals Directorate's CTIS platform, we're bringing you guidance straight from expert Splunkers that addresses the most pressing challenges facing security teams today. On top of that, we've got lots more use cases, industry-specific guidance and best-practice tips to help you close out 2025 strong. Read on to find out more. 

For Digital Forensics and Incident Response (DFIR) practitioners, Splunk is a core part of daily workflow. Its Schema on the Fly and powerful Search Processing Language (SPL) allow for iterative and flexible investigation—ideal for the nature of forensic analysis.

Discover how Splunk ES Premier’s built-in User and Entity Behavior Analytics (UEBA) helps SOC teams detect hidden insider threats, reduce alert fatigue, and accelerate investigations.

Stay ahead of the curve and in the know with our comprehensive list of upcoming Tech Talks, Community Office Hours, and webinars. From insightful discussions to hands-on workshops, there’s something for everyone eager to dive deeper and learn. Don’t miss out — mark your calendars now!

Are you looking to bridge the gap between your operational technology (OT) and IT security monitoring? The Cisco Cyber Vision Add-on for Splunk makes it easier than ever.

Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are misattributed, investigations stall, and compliance reporting becomes unreliable. Yet practitioners face recurring challenges: inconsistent data across sources, missing attributes, schema drift, and conflicts between authoritative systems

Stay ahead of the curve and in the know with our comprehensive list of upcoming Tech Talks, Community Office Hours, and webinars. From insightful discussions to hands-on workshops, there’s something for everyone eager to dive deeper and learn. Don’t miss out — mark your calendars now!

This month, we’re excited to share a set of new articles that have been created from popular .conf 2025 sessions – from optimizing LLM RAG patterns to optimizing Enterprise Security 8, we’ve created articles that capture all the insights and lessons that our Splunk experts shared.  We’re also taking a look at a comprehensive new article series on scaling Splunk Edge Processor infrastructure, perfect for anyone who wants to take their data management practices to the next level. On top of that we’ve got lots of new articles to share with you, as well as all the details on our new website redesign! Read on to find out more. 

Interested in getting early access to our AI Playbook Authoring feature? Read this post to learn how to apply for our Alpha private preview program. 

Tool sprawl, context switching, and alert overload are slowing down SOCs—and giving attackers the upper hand. But good news -- Splunk Enterprise Security (ES) brings together your entire threat detection, investigation, and response (TDIR) process into one AI-powered platform, helping analysts work smarter and respond faster.

The Universal Configuration Console (UCC) Framework was built by passionate Technology Add-on (TA) developers to make TA development faster, easier and more consistent. Whether you’re a seasoned Splunk expert managing hundreds of data sources or just starting your journey, UCC provides a streamlined way to create add-ons with rich UI, full control over output quality, and a repeatable development process.

Explore why Splunk AI Search Assistant is better suited than ChatGPT for writing and explaining SPL. While general-purpose LLMs like ChatGPT are impressive, they often lack the context needed for accurate and reliable queries in your Splunk environment. This post breaks down how a domain-specific AI delivers better results through personalization, precision, and privacy.

Financial services organizations face an impossible security equation: maintain 99.9% uptime while defending against sophisticated attacks. With 78% of security tools disconnected and over 50% of financial firms experiencing major breaches, the solution isn't more point tools—it's integrated platforms. Discover how AppDynamics, Cisco Secure Application, Splunk Enterprise Security, and SOAR work together to transform reactive security into proactive defense for financial institutions.

Splunk Enterprise Security (ES) continues to be a leader in the Gartner Magic Quadrant, reflecting its pivotal role in modern security operations. Since the release of version 8, ES has delivered a revitalized user interface through Mission Control and in

Learn how financial institutions are building unified security from development to SOC operations using AppDynamics, Cisco Secure Application, and Splunk Enterprise Security. This integrated approach eliminates security silos by embedding vulnerability intelligence directly into developer workflows while providing security teams with rich context for faster threat response. See how one platform integration addresses regulatory compliance, business continuity, and advanced threat protection challenges specific to financial services.

Ready to build, code, and connect? The Splunk App Platform Developer experience at .conf25 is bigger and better than ever. Head to the Builder Bar in the Pavillion showfloor to learn about the latest tooling, get hands-on support, and connect with peers. Join the Splunk Developer Program and don’t miss these other key developer sessions at .conf25. Whether you're scaling solutions or squashing bugs, there's something here for every kind of builder. Get the inside scoop on what not to miss. 

Are you ready to take your threat hunting skills to the next level? As Splunk community members, you know the power of digging deeper—finding threats that fly under the radar of automated tools. But getting started with threat hunting can feel overwhelming with so many techniques and paths to choose from.

This month, we're diving into some brilliant community-driven fixes that simplify life for security practitioners, straight from the trenches of Splunk Answers.

Would you like to feature more solutions like this? Reach out @Anam Siddique on Slack in our Splunk Community Slack workspace to highlight your question, answer, or tip in an upcoming Community Content post! 💡 Our contributors who are highlighted for providing a solution will be given a $25 Cisco Store gift card for their contributions.  

Stay ahead of the curve and in the know with our comprehensive list of upcoming Tech Talks, Community Office Hours, and webinars. From insightful discussions to hands-on workshops, there’s something for everyone eager to dive deeper and learn. Don’t miss out — mark your calendars now!

.conf25 is almost here, and if you're on the Security Learning Path, this is your moment to level up. Whether you’re just getting started or deep in the weeds of detection engineering, this year’s conference is packed with content designed to help you sharpen your skills, modernize your SOC, and stay ahead of evolving threats.

You have gotten all the necessary approvals, the contract is signed, the instance is live, and you are staring at the Visual Playbook Editor wondering where to begin.  This is where we were a couple of months ago, allow me to guide you through what worked for us, some roadblocks and how we came through.

Stay ahead of the curve and in the know with our comprehensive list of upcoming Tech Talks, Community Office Hours, and webinars. From insightful discussions to hands-on workshops, there’s something for everyone eager to dive deeper and learn. Don’t miss out — mark your calendars now!

Join us for a live webinar on June 25 and demo showcasing how the latest release helps modern SOCs operate smarter and faster!

Stay ahead of the curve and in the know with our comprehensive list of upcoming Tech Talks, Community Office Hours, and webinars. From insightful discussions to hands-on workshops, there’s something for everyone eager to dive deeper and learn. Don’t miss out — mark your calendars now!

When a fraudster spreads activity across multiple channels, they can fly under the radar of traditional detection systems. In this final part of our fraud detection series, I break down a real case where a bank caught a coordinated fraud scheme by connecting web traffic and account creation data that seemed innocuous when viewed separately. Find out how they used Splunk to spot the shared password that exposed the entire operation—and stopped a $250k loss before it happened.

Brute force attacks are evolving beyond single-account targeting to coordinated, distributed campaigns that fly under traditional security radar. In this second installment of our fraud detection series, we examine how one financial institution used Splunk to uncover and halt a sophisticated attack targeting dozens of high-value accounts. Learn how connecting authentication data across accounts revealed attack patterns that would have remained invisible to conventional security tools, potentially preventing over a million dollars in losses.

The Splunk Developer Program is now live in public preview! Access centralized tools, resources and community support to build innovative apps on Splunk. Learn more at preview.dev.splunk.com

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware threats. You can say goodbye to manually analyzing phishing and malware threats with Splunk Attack Analyzer. Join us on May 13 for the Splunk Attack Analyzer Hands-on Workshop to see it in action. Our expert, Laura Blystone, will guide you through applying automated threat analysis to real-world attack scenarios.

Discover how advanced analytics uncovered a fraudster using a simple Gmail trick to open 17 seemingly unrelated bank accounts. This case study reveals how Splunk's fraud detection capabilities connected the dots across multiple accounts, preventing $425,000 in immediate losses an potentially saving the bank over $2,000,000. See how email normalization and visual analytics transformed fraud investigation from looking at individual accounts to spotting sophisticated patterns.

Stay ahead of the curve and in the know with our comprehensive list of upcoming April Tech Talks, Community Office Hours, and webinars. From insightful discussions to hands-on workshops, there’s something for everyone eager to dive deeper and learn. Don’t miss out — mark your calendars now!