Security operations teams face increasing threats, staffing shortages, and gaps in automation and orchestration. These challenges lead to alert fatigue, slower investigations, and increased risk. Enter Splunk SOAR 6.4, designed to streamline and enhance your security operations.
Attackers are evolving faster than security teams, leveraging large-scale, fully automated campaigns that exploit known and undiscovered vulnerabilities and using cutting-edge techniques that traditional security operations struggle to keep up with. A common problem is that SOC teams cannot work together efficiently and effectively without clearly defined workflows to investigate and resolve incidents rapidly. In other cases, it's the challenge of having too many disparate security solutions that require too many pivots and insufficient correlation. Today, SOC teams juggle a grab bag of security products, tools, and open-source solutions that often lack seamless interoperability, resulting in inefficient investigations, excessive handling times, and providing adversaries the cover they need with bloated dwell times. These tools all possess static, independent controls with no orchestration between them.
The future of the SOC requires a modern, unified, and risk-based approach that seamlessly integrates threat detection, investigation, and response (TDIR) into a single, automated workflow.
That's why we're thrilled to announce the release of Splunk SOAR 6.4, packed with powerful new features and enhancements designed to supercharge your security operations. Whether you're a seasoned Splunker or starting your journey, this update has something for everyone. So, grab a drink, sit back, and dive into what's new.
First up, one of the most exciting updates is the Splunk SOAR integration with Cisco Talos. Talos is renowned for its threat intelligence capabilities, and now you can leverage this power directly within your Splunk SOAR playbooks. With actions like IP reputation lookup, domain reputation lookup, and URL reputation lookup, you can automate threat validation, enrich security alerts, and enhance incident triage with real-time threat intelligence. Integrating Cisco Talos provides immediate value that accelerates orchestration, leading to greater Splunk SOAR adoption and engagement across your security operations teams.
Learn more: Take a guided tour of the Talos integration
Splunk SOAR (Cloud) is now available on Microsoft Azure. Extend your SOAR deployment to Azure's scalability, ease of maintenance, and seamless integration with Splunk Enterprise Security. SOC teams that leverage Microsoft Azure will benefit significantly from the scalability, ease of maintenance, and seamless integration with Splunk Enterprise Security and SOAR (Cloud).
Unlock seamless data integration with Splunk Cloud Platform on Microsoft Azure! Enhance security, observability, and AI-driven agility across all data sources and devices, boosting cloud value and innovation in your hybrid IT landscape.
We've significantly improved the Guided Automation feature to include additional playbook blocks, including Prompt, Format, Code, and Utility. This enhancement enables SOC teams to quickly develop, test, and deploy tailored-made playbooks that extend Splunk SOAR orchestration and automation capabilities while improving workflow precision.
Guided automation in Splunk SOAR 6.3 unlocks a whole new visual experience overlaying real incident data atop the logical sequencing in a playbook. Analysts can drastically reduce the time to build automation and improve accuracy.
Performance is key in security operations, and we've made several changes to boost it. With increased action concurrency limits, reduced websocket load, new database indexes for playbook run and action run history, and additional dashboards for observability, your operations will run seamlessly faster.
For those using Splunk SOAR on-premises, we've expanded our operating system support to include Red Hat Enterprise Linux 9, Amazon Linux 2023, and Oracle Linux 9. Expanding deployment capabilities gives you more options and flexibility in your development. As other vendors abandon on-premise and push customers into the cloud-only model, Splunk SOAR is doubling down on our commitment to on-premise customers and cloud solutions. To that end, we've expanded and upgraded our on-premise operating systems choices to include Red Hat Enterprise Linux 9, Amazon Linux 2023, and Oracle Linux 9.
The next logical step in improving automation building is to simplify testing and debugging of playbooks while you create them. The data preview panel now includes a "Logs" sub-tab for each block within the playbook. This new feature displays a subset of the Debugger output for the highlighted block, making it more straightforward to identify and fix issues.
Splunk SOAR 6.4 empowers your security operations to be more powerful, efficient, and flexible. With these new features and enhancements, you'll be better equipped to tackle the ever-evolving threat landscape. So, go ahead and explore the new capabilities, and let us know how they improve your security operations.
The world’s leading organizations rely on Splunk, a Cisco company, to continuously strengthen digital resilience with our unified security and observability platform, powered by industry-leading AI.
Our customers trust Splunk’s award-winning security and observability solutions to secure and improve the reliability of their complex digital environments, at any scale.
Get the latest articles from Splunk straight to your inbox.
© 2005 - 2025 Splunk LLC All rights reserved.
