Splunk reveals new AI tools to improve your security workflow

Splunk has introduced several enhancements to its products, including increased AI capabilities to improve threat detection, investigation and response times.

Like almost every company in the post-ChatGPT world, Splunk has been developing its AI integration even further, with new AI-powered tools that span its portfolio of security and observability solutions.

These include the new Splunk AI Assistant, which makes use of generative AI to allow users to deal with threats by querying the tool with prompts in natural language, a la ChatGPT.

Saving time

Available now in preview, the AI Assistant can write in the Search Processing Language (SPL), the company's proprietary programming language that can be used with its software to find, filter and modify data.

During its product keynote at Splunk .conf23 announcing the new tools, the company was keen to point out that the AI tools are there to assist human decision making, and not replace it, as it concedes that the latest technological trend can be error prone when left completely to its own devices.

read more

> Splunk integrates with another cloud giant in the name of digital resilience

> Cisco security head: AI could be bigger than the internet

> Google reveals its AI-powered security rival to Microsoft Security Copilot

However, it maintains that its new AI offerings will greatly speed up the process of taking care of threats, making them easier for IT teams to deal with and get on with more important and less tedious manual tasks.

Another important factor for Splunk is to allow its customers to have control on how they deploy the new AI tools, by offering domain-specific insights. Dr. Min Wang, Splunk's new CTO, took to the stage to explain that Splunk's AI models are fine-tuned to be conducive to this kind of specificity.

Other new products that are getting the AI treatment include Splunk App for Anomaly Detection, which allows SecOps teams to simplify and automate anomaly detection within their environments.

And ML-Assisted Thresholding, as the name suggests, makes use of machine learning to find patterns in historical data to create thresholds with a single click, in the pursuit of making alerts more accurate and reducing false positive rates. This is now available in preview.

The Splunk App for Data Science and Deep Learning (DSDL) 5.1 is also now available on Splunkbase, and allows customers to leverage LLMs to build and train models.

"We leverage Splunk's Machine Learning Toolkit to detect anomalies in extensive datasets that may have otherwise remained undetected with traditional signature-based methods,” said Matt Snyder, Program Lead - Advanced Security Analytics at VMWare.

“By incorporating robust machine learning models within Splunk, we eliminate the need for a separate infrastructure for advanced analytics, saving us time and resources."

• Here is the best endpoint protection to secure your firm