“The result is automated detection and response for the most common attacks,” Shipley wrote in a blog post about the new XDR capabilities. “Machine learning, machine reasoning, and LLMs combine to trigger multiple AI agents acting on different parts of the investigation lifecycle. Each investigation has a clear verdict. This is then used to trigger pre-built playbooks in Cisco XDR or Splunk SOAR to respond instantly with or without human intervention depending on each organization’s processes.”
Splunk SOAR, which stands for Security Orchestration, Automation, and Response, is a security operations platform that automates and manages cyber threat responses. Cisco also noted that new releases of SOAR (available now) andSplunk Enterprise Security 8.1 (slated for a June) will bolster security operations through greater visibility and integrated workflows as well as improve detection and automated response actions directly within the enterprise security interface, according to Shipley.
XDR also now includesa new automated forensics capability that offers deeper visibility into endpoint activity, increasing the accuracy of investigations.
“The new XDR Forensics capability changes the game for SecOps by triggering digital forensics to collect over 350 artifacts on endpoints, including compromised or partially encrypted ones,” Shipley wrote. “This evidence, including registry files, memory dumps, activity logs, and hundreds of other pieces of information is mandatory for forensic investigations. This forensic evidence gathering can be triggered based on risk scoring, behavioral analytics, and other signals, or simply through a single click on the incident page.”
Additionally, a new XDR Attack Storyboard uses AI-driven investigations to visualize complex attacks and help security teams understand threats in seconds and respond faster, Shipley stated. “Cisco’s AI constructs a dynamic Attack Graph, mapping events to MITRE ATT&CK tactics along an unfolding attack timeline and summarizing each step so anyone—from SOC analysts to non-security, IT professionals —can instantly grasp what happened, what it means, and what to do next,” Shipley wrote.
“AI plans and guides the investigation, highlights root causes, and surfaces recommended containment and remediation steps—so decisions are made faster, with more confidence. For auditors and executives, the storyboard delivers audit-ready narratives in plain language, turning technical complexity into understandable, actionable insight. Delivering a confidence inspiring clear verdict with decisive action.”
