Hey everyone, Been working with Splunk for a while now and lately I've been thinking about something that keeps coming up in our environment. As we integrate more with other security platforms, EDR, SASE, PAM, I'm noticing that a lot of these tools are now shipping AI features that go beyond just alerting. They're actually taking automated actions. Isolating endpoints, adjusting policies, closing tickets without human input. From a Splunk perspective I can correlate logs and build dashboards but I'm finding it increasingly difficult to get a clean unified picture of what all these AI-driven actions actually did, why, and whether they should have fired. Curious how others are approaching this, are you pulling these events into Splunk and building your own visibility layer? Any specific data sources or correlation approaches that worked well for you? Or is this something your team hasn't tackled yet and you're mostly relying on each vendor's native console?
... View more
