“The results are the results of auto-detection and responses of the most common attacks,” Shipley wrote in a blog post about the new XDR feature. “Machine learning, machine inference, and LLMS combine to trigger multiple AI agents that act on different parts of the research lifecycle. Each survey has a clear verdict. It is used to trigger a Cisco XDR or Splunk playbook, and responds quickly with or without human intervention depending on the process of each organization.”
Representing security orchestration, automation, and response, Splunk Soar is a security operations platform that automates and manages cyber threat responses. Cisco also said that Shoar (scheduled releases of Soar (now available) and Splunk Enterprise Security 8.1 (scheduled for June) will enhance security operations through greater visibility and integrated workflows, and directly improve response actions for detection and automation within the enterprise security interface.
XDR also includes new automated forensics features that provide greater visibility into endpoint activity, increasing the accuracy of your investigation.
“The new XDR forensics feature changes the game of SECOPS by triggering digital forensics to collect over 350 artifacts on endpoints, including those that are compromised or partially encrypted,” writes Shipley. “This evidence, including registry files, memory dumps, activity logs, and hundreds of other information, is essential for forensic investigations. This collection of forensic evidence can be triggered via risk scoring, behavioral analysis, other signals, or simply a single click on the incident page.”
Additionally, the new XDR attack storyboard uses AI-driven investigation to visualize complex attacks, helping security teams understand threats in seconds and respond faster. “Cisco AI will summarise anyone by building dynamic attack graphs, mapping events to Miter ATT & CK tactics along the timeline of deployment attacks, summarizing anyone, from SOC analysts to non-security to IT professionals.
“AI plans, guides, highlights the root cause, and surfaces recommend containment and repair procedures. This makes decisions faster and faster. For auditors and executives, the audit response narrative understands technical complexity and turns it into actionable insights.
