At Query, we’ve always believed better security outcomes start with better access to data. That same principle drives our next major innovation: Federated Detections. The feature is already generally available through our Splunk App, and currently in development and available soon in the Query console.
Built on the Query Security Data Mesh, Federated Detections enable detection and alerting directly across all your distributed data sources, without duplicating or moving data. This is a fundamentally different approach from traditional SIEM- or XDR-based models that rely on centralized ingestion and storage. Instead of waiting for data to land in one place, detections run where the data already lives, providing more comprehensive detections across your environment.
The result?
- No data movement. Rich context across cloud, endpoint, identity sources and more, instantly.
- No stale signals. Real-time detections at the source of truth.
- No mystery logic. Each detection is clear, testable, and replayable for validation.
- No wasted cycles. Less maintenance, lower cost, and more trust in every alert.
AI-ready foundation. The same framework that powers federated detections sets the stage for AI-assisted detection engineering, tuning, and orchestration.
Federated Detections mark the next step in the evolution of our mission to help security teams make better decisions, faster.
If you’re a detection engineer or SOC practitioner interested in shaping how federated detections work, reach out to get a first look. We’d value your input!
