Blogs
April 21, 2026 / April 21, 2026 by Dhiraj Sharan | Leave a Comment
A reckoning for the cyber industry On April 7, 2026, Anthropic released a technical assessment (see here) that would send chills down every cybersecurity professional – their newest model, Claude Mythos Preview, can perform cybersecurity tasks autonomously, at scale, and with a level of sophistication that eclipses anything that was possible earlier. In one example, […]
Read more »
April 9, 2026 / April 8, 2026 by Dhiraj Sharan | Leave a Comment
A common topic in every CISO and their architects’ mind is effective ways to migrate from their legacy SIEM. SIEM migration isn’t simply a move from one vendor stack to another. Its goal is closely tied to the organization’s infrastructure upgrade and transformation of their security data architecture. Legacy ingestion-centric SIEMs were designed for a […]
February 16, 2026 / February 16, 2026 by Dhiraj Sharan | Leave a Comment
More AI. More Analytics. Powered by the Security Data Mesh. Security teams are under pressure to move faster without waiting to move more and more data. Today, we’re excited to announce Query Splunk App 3.0, a major step forward in how security teams investigate, analyze, and operationalize data across a federated security data mesh. This […]
January 26, 2026 / January 26, 2026 by Dhiraj Sharan | Leave a Comment
AI, SecDataOps, and federation are some of the primary forces that will continue to reshape security operations in the years to come. What specifically should we expect in 2026? We are still in January so I wanted to squeeze in my predictions for 2026 in the areas of my expertise! As we look toward 2026, […]
January 12, 2026 / January 12, 2026 by Dhiraj Sharan | Leave a Comment
2026 has dawned. The holiday break gave me the chance to reflect on the journey we are on at Query and the steps forward we’ll take in 2026. (In retrospect, the steps we took in 2025 are captured in this blog from my colleague Mike Bousquet.) In the past few years, the industry, Query included, […]
December 17, 2025 / December 17, 2025 by Dhiraj Sharan | Leave a Comment
Introduction Security teams running large Microsoft-centric environments depend heavily on telemetry from Defender for Endpoint (MDE), Defender for Office 365, and other Defender products (for Cloud Apps, Identity, IOT, Servers, Vulnerability Management). These customers often collect logs in Azure Log Analytics (ALA) directly or via Microsoft Sentinel, and use Azure Data Explorer (ADX) for low-cost […]
December 15, 2025 / December 17, 2025 by Dhiraj Sharan | Leave a Comment
Introduction As organizations continue to rely on endpoint detection and response (EDR) tools like CrowdStrike Falcon for deep visibility into endpoint activity, they quickly face the challenge of storing and analyzing the massive volumes of telemetry these tools generate. Many security teams depend on Splunk for investigation and detection, but the high cost of indexing […]
December 4, 2025 / December 4, 2025 by Dhiraj Sharan | Leave a Comment
Introduction In an era where cloud environments expand ever faster and security telemetry grows exponentially, enterprise security teams face a paradox: more data means more potential insight, but also more SIEM costs! In this customer success story, we talk about a forward-looking global organization using Splunk as their SIEM, facing this challenge, and how they […]
November 4, 2025 / November 4, 2025 by Dhiraj Sharan | Leave a Comment
Over the last few years, the Snowflake AI Data Cloud has become an increasingly common data lake platform for cybersecurity data. Security analysts are typically most comfortable operating in their traditional SIEM (which is frequently Splunk). As Snowflake has gained adoption as a destination for security data, analysts find themselves pivoting from Splunk to Snowflake […]
October 22, 2025 / October 22, 2025 by Dhiraj Sharan | Leave a Comment
I had the fortune of discussing the security investigation process with Neal Bridges, our CISO, who is also a very hands-on security analyst. Since he is also an Air Force veteran, he loves to apply the OODA loop learnt from his military days to his investigation process. Applying the OODA loop to decision making in […]
