This year’s .conf came with a series of exciting announcements across the Splunk ecosystem, that we will cover in a series of articles similar to this one. The focus of this article will be on the announcements made regarding Splunk Enterprise Security, including the new Premier Tier, ES 8.2, its integration with AI and Natural Language Models, and more.
Key Announcements (TL;DR)
Splunk Enterprise Security 8.2 (ES8.2) – One of the centre stage announcements was the release of ES8.2, which is available now for both Cloud and On-Prem customers, this is available to anyone using Splunk version 9.3.0 and above, as long as Python version is set to 3.9 or later, and the usual upgrade process can be followed (Splunk.com, 2025).
AI Integration with Enterprise Security – A major announcement is the integration of AI into the security workflow, this includes agentic AI that can be used to automate basic triage tasks, in addition to generative AI that can be used to create detections and playbooks using NLMs.
Unified Splunk Security Ecosystem – The Analyst experience has now been streamlined with the unification of Splunk SOAR, UEBA and Enterprise Security, enabling your analysts to complete their
investigation using a single pane of glass, and never needing to leave the Enterprise Security Platform.
Splunk Enterprise Security Premier – Finally, Splunk announced a new tier of Enterprise Security, Premier. The current Enterprise Security we know, and love will become ES Essentials and will remain largely the same, with the addition of features such as AI and the unified UI for any SOAR customers. Premier will include both UEBA and SOAR with unlimited seats as a package, however the way this will be priced is still
yet to be announced. (Splunk, 2025b)
AI Integration with Enterprise Security – A major announcement is the integration of AI into the security workflow, this includes agentic AI that can be used to automate basic triage tasks, in addition to generative AI that can be used to create detections and playbooks using NLMs.
Unified Splunk Security Ecosystem – The Analyst experience has now been streamlined with the unification of Splunk SOAR, UEBA and Enterprise Security, enabling your analysts to complete their
investigation using a single pane of glass, and never needing to leave the Enterprise Security Platform.
Splunk Enterprise Security Premier – Finally, Splunk announced a new tier of Enterprise Security, Premier. The current Enterprise Security we know, and love will become ES Essentials and will remain largely the same, with the addition of features such as AI and the unified UI for any SOAR customers. Premier will include both UEBA and SOAR with unlimited seats as a package, however the way this will be priced is still
yet to be announced. (Splunk, 2025b)
In the sections below we will delve into more detail on the key points outlined above, as well as discussing the demo’s provided for tools announced such as the Detection Studio and SOAR Playbook Editor.
Enterprise Security 8.2
Splunk Enterprise Security 8.2 releases with a selection of new features, however there was a strong mantra with this release Unification, Acceleration, Expansion. Each of these areas offers an improved and streamlined analyst experience that aims to empower ES users to both maximise their benefit from the platform and maximise the utilisation of skills within any Blue Team Unit, by reducing time spent on repetitive T1 tasks.
Unification
One of the main announcements for 8.2 was the move towards a single pane of glass for Splunk Enterprise Security, this means the combination of Splunk ES, SOAR and UEBA into a single web interface, enabling
analysts to complete their investigations in full without needing to navigate away from the ES 8.2 web interface. A demonstration of this new interface with UEBA can be found on the .conf presentation cited
below at 08:30 into the talk, with a further demo exploring how AI and SOAR fits into the new interface found at 36:00.
One of the main announcements for 8.2 was the move towards a single pane of glass for Splunk Enterprise Security, this means the combination of Splunk ES, SOAR and UEBA into a single web interface, enabling
analysts to complete their investigations in full without needing to navigate away from the ES 8.2 web interface. A demonstration of this new interface with UEBA can be found on the .conf presentation cited
below at 08:30 into the talk, with a further demo exploring how AI and SOAR fits into the new interface found at 36:00.
Acceleration
Acceleration was another underlying theme of the announcements for .conf this year, with the focus being placed heavily on the AI of AI in order to streamline and accelerate the day-to-day workload of a security
team. There were two main approaches to achieving this acceleration, the first is through the use of Agentic AI in order to complete tier 1 triage and aid in determining the disposition of alerts, this will allow analysts to
focus on responding to threats and reduce MTR (Mean Time to Response). The second approach is through the use of LLMs to convert conversational descriptions of how playbooks and detections should work into effective SPL, this will help all Splunk users to be able to create the detections and playbooks they feel are necessary without needing to have an in-depth knowledge of SPL.
Acceleration was another underlying theme of the announcements for .conf this year, with the focus being placed heavily on the AI of AI in order to streamline and accelerate the day-to-day workload of a security
team. There were two main approaches to achieving this acceleration, the first is through the use of Agentic AI in order to complete tier 1 triage and aid in determining the disposition of alerts, this will allow analysts to
focus on responding to threats and reduce MTR (Mean Time to Response). The second approach is through the use of LLMs to convert conversational descriptions of how playbooks and detections should work into effective SPL, this will help all Splunk users to be able to create the detections and playbooks they feel are necessary without needing to have an in-depth knowledge of SPL.
Expansion
Finally, we have expansion, this section of the .conf highlighted the new abilities in Enterprise Security to bring Threat Intelligence into the platform in an easier manner than ever, allowing security teams to improve their visibility over the platform, and increase the data that can be used to power their detections.
Finally, we have expansion, this section of the .conf highlighted the new abilities in Enterprise Security to bring Threat Intelligence into the platform in an easier manner than ever, allowing security teams to improve their visibility over the platform, and increase the data that can be used to power their detections.
AI Integrations Within Enterprise Security
As we have mentioned above, integrating AI with Enterprise Security has been a key theme throughout the .conf presentation this year. We have outlined above the two approaches Splunk have taken with AI through
the use of Agentic AI to assist with triage and LLMs to assist less experienced users with creating detections and SOAR playbooks. During the conference it was mentioned that Splunk are still working with design partners to improve and train these AI models, however the initial reviews from the showroom floor seem promising and this is certainly something we will be looking into and testing when we can get hands on.
Enterprise Security Tiers
This .conf also announced the introduction of a new tier system for Enterprise security, Enterprise Security Premier. Whilst the full details and most importantly pricing for this new tier are yet to be announced, it
was clear from the conference that the existing ES we know will remain the same and will become ES Essentials, with ES Premier offering both SOAR, with unlimited seats, and UEBA included for one package. We predict that ES Premier will be a more cost-effective option for current ES users that have need for a large number of SOAR seats. It was however announced that the AI assistant will be introduced to ES Essentials and that this will not be a feature exclusive to the Premier tier of ES, it was however not mad entirely clear if the Single Pane Of Glass approach for ES and SOAR integration will still be available to ES Essentials users with a SOAR Licence, however it is likely that it will. Only time will tell how this two-tier system will affect the development, support and feature roll out for future ES versions, however core features of the two tiers are closely intertwined so we hope to see Splunk supporting and adding new features to both versions in unison.
was clear from the conference that the existing ES we know will remain the same and will become ES Essentials, with ES Premier offering both SOAR, with unlimited seats, and UEBA included for one package. We predict that ES Premier will be a more cost-effective option for current ES users that have need for a large number of SOAR seats. It was however announced that the AI assistant will be introduced to ES Essentials and that this will not be a feature exclusive to the Premier tier of ES, it was however not mad entirely clear if the Single Pane Of Glass approach for ES and SOAR integration will still be available to ES Essentials users with a SOAR Licence, however it is likely that it will. Only time will tell how this two-tier system will affect the development, support and feature roll out for future ES versions, however core features of the two tiers are closely intertwined so we hope to see Splunk supporting and adding new features to both versions in unison.
Development Environments
The final features we will discuss are the new development tools introduced in ES 8.2, these being the detection studio and the playbook editor. These tools both aim to provide a streamlined user experience, with the playbook editor integration an AI assistant with both a Python and code block style programming interface. The dashboard studio also offers AI features which can help detection engineering teams reduce noisy alerts, as well as offering suggestions on how they can improve the efficiency of alerts, whilst allowing them to preview the results of their detections as they make changes.
Conclusion
This years .conf introduced a plethora of new features to the Splunk ES platform and we are excited to get hands on with these tools and provide you with article and demos on what the platform is now capable of, so
make sure to stay tuned for these updates.
make sure to stay tuned for these updates.
Sources:Splunk.com. (2025). Splunk Docs. [online] Available at: https://help.splunk.com/en/splunk-enterprise/release-notes-and-updates/compatibility-matrix/splunk-products-version-compatibility/splunk-products-version-compatibility-matrix [Accessed 26 Sep. 2025].
Splunk (2025). Power the SOC of the Future with Splunk Security. [online] YouTube. Available at: https://www.youtube.com/watch?v=OgLp_sd6YP4 [Accessed 26 Sep. 2025].
Splunk (2025b). Splunk Enterprise Security SIEM. [online] Splunk. Available at: https://www.splunk.com/en_us/products/enterprise-security.html.
-
29 January 2026
Observability Is Growing Up (And It’s Pulling Security With It)
-
23 January 2026
2025 Observations + 2026 Predictions
-
27 November 2025
5 ways to get the MOST out of Cribl Copilot
See how we can build your digital capability,
call us on +44(0)845 226 3351 or send us an email…