Query

Is everyone ready for #RSAC? CISOs... steel yourselves for the AI onslaught

AI SOC has made the security data problem impossible to ignore. Why? Inconsistent schemas → ambiguous reasoning Missing context → incomplete conclusions Confident outputs → even when wrong Data quality isn't just plumbing. It’s the control plane. hubs.li/Q047xHh00

Amid all the AI noise at #RSAC, the real question isn’t “Which AI is best?” it’s: What security data can your AI actually see? SecOps still assumes data must be centralized. That’s a costly assumption. We dig in in “Project Hail Query” Part 1 live: hubs.ly/Q047k2db0

Splunk was built for centralized data: • Cost vs visibility tradeoffs • High complexity • AI limitations With Query you can stay in Splunk and: • Use distributed data (no ingest) • Skip pipelines, add sources fast • AI-native investigations #Splunk #SIEM #Cybersecurity

Apparently it's that time of year again

The big opportunity for channel partners in security right now isn’t another tool. It’s security data strategy. Not sure if you're capitalizing on this opportunity? Query partners are. Ask us how. Inquire within: hubs.li/Q046xQ-y0

Moving security telemetry into a data lake sounds simple: Store logs in #S3 → Query with Athena → Save money vs #SIEM. But one does not simply dump logs into S3 and call it a security data lake. We wrote a guide so you don't have to learn the hard way: hubs.ly/Q046fjrm0

Remove the hurdles in getting at the data. Kick off investigations with more context. Run down every alert to resolution, faster. In the latest entry to his series on Federated Detections, Mike Bousquet breaks down what happens after the alert. hubs.li/Q0466hyB0

If you're a Splunk user, you're gonna love us like Punch loves his plushie 🐒 More Splunk. Less Cost. AI-Native Investigations. hubs.li/Q045LDD50 #Splunk #SIEM #cybersecurity

Microsoft’s State of the SOC says AI is expected to reduce manual effort. Fair. But AI won’t fix fragmented data. It’ll amplify it. Why data architecture maturity determines AI outcomes in the SOC 👇 hubs.li/Q045K8R40 #AISOC #cybersecurity #securityautomation #Microsoft

Ingestion cost, indexing pressure, and pipeline lag subtly bend detection logic over time. If you care about cadence, eval windows, and cross-source thresholds behaving as designed? You’ll want to read this. hubs.li/Q045ykQQ0 #ThreatDetection #SIEM #DetectionEngineering

Telemetry is exploding. SIEM costs keep climbing. Analysts are pivoting across tools/query languages for every investigation. And now we’re asking those same teams to “add AI.” In this guide, we outline why optimization starts with your security data: hubs.li/Q045gxJ30

Asking questions of your security data like... OK, bad example. But with the new Query App for Splunk 3.0 you can ask natural language questions of your security data (No SPL Required) And that data doesn't need to be ingested into #Splunk 🤯 hubs.li/Q044XpFR0 #SIEM

Are your detections constrained by what you can afford to ingest? Don't feel forced into tradeoffs between cost and visibility, take a modern approach to detection that expands data reach w/o expanding ingestion. Read more: hubs.li/Q044QmDH0 #DetectionEngineering #SIEM

Microsoft’s State of the SOC report: Only 46% of security data is in the SIEM and analysts waste a full day/week correlating. #Microsoft tells you “Unify now or pay later”. True, but unification needs to be defined correctly. Full breakdown: hubs.li/Q044wd_X0

We've noticed common patterns in the way the high-performing teams approach security data operations, so we wrote them down. If you have an upcoming SIEM renewal, or are planning a SIEM migration, detection engineering or AI-SOC project, read this first: hubs.li/Q044jLcC0

OK Grandpa, time for your nap 🥛 Are people still really doing this? The Query security data mesh enables search, analytics, detections, and AI to operate across distributed data without centralization. Not grandpa's approach to security operations: hubs.li/Q043VzfS0

What if detection logic could run wherever data exists (without forcing all telemetry into one place)? Decouple detection logic from data storage, expand visibility, and get context-rich findings that speed investigations — with federated detections. hubs.li/Q043HMHM0

Splunk Services partner? Query Splunk App 3.0 brings NLP-powered investigations + federated analytics into #Splunk, no added SPL complexity or ingestion costs. Expand offerings. Differentiate wit AI. Help customers reduce ingestion. Become a partner: hubs.li/Q043sBx40

Query Splunk App 3.0 — Extend Splunk without the ingest. Now with AI-Native, natural language investigations and cleaner/more powerful analytics for more signal and less noise. Read more: hubs.li/Q043lmNf0 #Splunk #SIEM #cybersecurity