Query.AI Launches Federated Search for Splunk to Drive Efficiencies in Cybersecurity Investigations

Query.AI Launches Federated Search for Splunk to Drive Efficiencies in Cybersecurity Investigations

January 25, 2022 Off By David

Siloed data is preventing organizations from gaining timely views into cybersecurity risks. To help Splunk customers unlock access to and value from cybersecurity data wherever it’s stored, regardless of vendor or technology, and without requiring centralization, Query.AI announced Query.AI Federated Search for Splunk. This new app plugs into disparate security technologies quickly and easily using APIs and enables Splunk users to search for and display decentralized data without ever leaving their Splunk consoles. The app also allows organizations to automate previously manual and time-consuming processes that typically require pivoting across multiple security tools. With Query.AI Federated Search for Splunk, security operations teams can increase their productivity, and more quickly, accurately, and cost-effectively address security threats.

“The status quo is for companies to centralize all their cybersecurity data; however, in recent years the security environment has become more complex for running investigations, and data volume and distribution have made centralization impractical,” said Dhiraj Sharan, Query.AI founder and CEO. “Companies typically now have data silos residing in cloud, third-party SaaS, and on-prem environments with limited ability to access or use a good portion of the data. Query.AI Federated Search for Splunk provides security teams with centralized access to decentralized data across their cybersecurity ecosystems, which they can view within their current Splunk consoles. As a result, security operations teams are able to more rapidly understand the scope and impact of potential cybersecurity threats and respond accordingly.”

Query.AI Federated Search for Splunk provides organizations with:

  • Federated Search – Security operations teams get access to siloed data across cloud, third-party SaaS, and on-prem environments, including Microsoft® Azure, AWS, and Google, among others, without transferring or moving the data. Users can run federated searches across 150 of the most widely used enterprise technologies in their cybersecurity ecosystem from within the familiar Splunk console, enabling them to gain insights from the data they need to quickly and accurately complete investigations.
  • Seamless Integration – Query.AI Federated Search for Splunk is simple to install and provides a plug-and-play integration that ensures unified operation with an organization’s Splunk platform. It also enables central management of security investigations across an organization’s infrastructure, without needing to rip and replace existing technology.
  • Enriched Splunk Console – The Query.AI app enriches Splunk with real-time and historical data that resides outside of an organization’s Splunk platform, giving security teams a complete picture of their decentralized environment.

To learn more about Query.AI Federated Search for Splunk, please watch this video.