INDEX / DIRECTORY / SPLUNK / V-DIG

Splunk V-DIG

DIGITAL INFRASTRUCTURE AUDIT UPDATED 2026-05-19
V-DIG Score 1.24 /10 D Splunk — BDS-1000 319
V-DIG 1.24

Evidence-only forensic audit. Scoring happens downstream — see the main dossier for the composite assessment.

V-DIG Audit — Splunk Inc.

Audit Phase: V-DIG Cyber-Intelligence / Technology Supply Chain Audit Target Entity: Splunk Inc. (subsidiary of Cisco Systems Inc.; acquisition closed 21 September 2023)1 Audit Date: 2026-05-01 Research Basis: Training-data synthesis through April 2026; live web search unavailable during research session. All findings are bounded by this limitation. The most material evidence gap is the post-September 2023 Cisco/Splunk integration period, for which limited public documentation had emerged by training cut-off.

Live verification update (June 2026): a targeted check of two previously circulating claims found: (a) the claim that IMOD tenders name-specify “Splunk” alongside QRadar for Cyber/SIEM systems could NOT be verified in any tender record or reputable source and remains unsubstantiated; (b) one documented civilian Israeli-state usage WAS identified — Israel’s Ministry of Energy presented its use of Splunk-based machine learning at Splunk’s .conf19 conference2. This is a civilian ministry analytics deployment with no security/military dimension; no IDF, IMOD, police, or intelligence usage has been verified.

Enterprise Technology Stack & Vendor Relationships

Corporate Structure & Ownership

Splunk Inc. was acquired by Cisco Systems Inc. in a transaction announced 21 September 2022 and closed 21 September 2023 at an acquisition price of approximately $28 billion31. Splunk operates as a wholly owned Cisco subsidiary and continues to market its products under the Splunk brand. Cisco’s own corporate and technology relationships — including its long-standing Israeli enterprise and government channel — are now structurally upstream of Splunk’s operations45. The implications of this integration for Splunk’s Israeli exposure are addressed in evidence-gap disclosures throughout this audit.

Israeli-Origin Technology Integration Partners

Splunk’s commercial architecture functions as a central SIEM, SOAR, and observability platform into which a broad ecosystem of third-party security and IT tools feed telemetry. A documented cluster of Israeli-origin or Israeli co-founded technology vendors maintain published integration relationships with Splunk. Each relationship identified below is a technology integration/data ingestion relationship; no evidence has been identified that any Israeli-origin software is embedded in Splunk’s own product code, core cloud data pipeline, or licensed at the OEM level67.

Scale and Nature of Dependency

All Israeli-origin vendor relationships identified above are technology integration or data ingestion relationships. Splunk functions as the central data platform; Israeli-origin security tools serve as telemetry sources or action targets within Splunk playbooks67. The Palo Alto Networks / Cortex XSOAR relationship is the most operationally significant, given XSOAR’s role as a SOAR platform with deep Splunk Enterprise Security workflow integration10. No evidence has been identified that any Israeli-origin software is embedded in Splunk’s own product code or cloud infrastructure.

Procurement & Integrator Relationships

Splunk maintains a broad ecosystem of systems integrators including Accenture, Deloitte, IBM, and Booz Allen Hamilton14. No public evidence has been identified that any named integrator mandates Israeli-origin technology as a component of Splunk-specific deployment engagements. No public evidence has been identified of Israeli-domiciled systems integrators serving as primary Splunk deployment partners.

Surveillance, Biometrics & Retail Technology

Facial Recognition & Biometrics

Splunk is not a retail technology company and does not operate physical retail environments. No public evidence has been identified of Splunk deploying or licensing facial recognition, biometric identification, gait analysis, or frictionless checkout technology from any vendor — Israeli-origin or otherwise — for its own operational or commercial purposes151617. No relationship with vendors such as Trigo, BriefCam, AnyVision/Oosto, or Trax has been identified in public records.

Workforce & Predictive Monitoring

Splunk’s core product suite — SIEM, SOAR, and observability — is used by Splunk customers for security monitoring and IT operations. No public evidence has been identified that Splunk itself deploys third-party predictive policing, biometric workforce monitoring, or population surveillance tools from Israeli vendors in any documented commercial arrangement151617.

Third-Party Surveillance Delivery

No public evidence has been identified that Israeli-origin surveillance technology reaches Splunk’s own infrastructure via bundled or embedded third-party services.

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

Cloud Hosting Architecture

Splunk Cloud (SaaS platform) is hosted on Amazon Web Services (AWS) and Google Cloud Platform185. AWS launched an Israel (Tel Aviv) region in August 2023; Google Cloud launched an Israel region in 2024. No public evidence has been identified that Splunk specifically routes Israeli customer data through AWS Israel or Google Cloud Israel infrastructure, or that Splunk has contracted dedicated colocation or data centre capacity within Israel185.

Cisco Israel Infrastructure

Cisco, Splunk’s parent since September 2023, maintains R&D and sales offices in Israel (Herzliya and Tel Aviv area)19. These are office facilities; they do not constitute data centre or cloud infrastructure. No public evidence has been identified that Cisco’s Israeli offices host Splunk Cloud infrastructure or data processing capacity19.

Project Nimbus

Project Nimbus is the Israeli government cloud infrastructure contract, awarded to AWS and Google in 2021 and valued at approximately $1.2 billion, under which both hyperscalers provide cloud services to Israeli government and military bodies15. The prime contractors are AWS and Google. Splunk is a software platform that runs atop cloud infrastructure; it is not a cloud infrastructure provider. No public evidence has been identified that Splunk holds a direct sub-contract, named work order, or stated role within Project Nimbus15. Cisco is also not listed among Project Nimbus prime or named sub-contractors in publicly available coverage. However, sub-contractor and ISV relationships below the AWS/Google prime level in Project Nimbus are not publicly disclosed; it therefore cannot be confirmed or excluded from available public records alone whether Cisco/Splunk software is deployed within Project Nimbus-scoped infrastructure.

Data Sovereignty Services

No public evidence has been identified that Splunk markets or has contracted data sovereignty, data residency, or infrastructure resilience services specifically to Israeli state institutions or military bodies.

Defence, Intelligence & Security Sector Technology Relationships

US Federal Government Contracts

Splunk holds documented US federal government contracts, including with agencies across the US intelligence community and Department of Defense (DoD), for SIEM, log management, and observability software20. These contracts are visible in USASpending.gov records. They are US-domestic contracts and do not in themselves indicate Israeli defence or intelligence relationships20.

Israeli State & Military Relationships

With respect to Israeli state bodies specifically: No public evidence has been identified of verified contracts or service agreements between Splunk — or post-acquisition Cisco/Splunk — and the Israeli Ministry of Defence (MoD), Israel Defence Forces (IDF), Shin Bet, Mossad, or other Israeli state security bodies. Cisco’s broader enterprise portfolio maintains Israeli government and enterprise customers, but no Splunk-specific contracts with Israeli military or intelligence agencies have been publicly documented or confirmed194.

Indirect Channel Exposure

Cisco and Splunk products are distributed in Israel through Cisco’s Israeli channel partner and reseller network14. It is structurally possible that Splunk licenses reach Israeli government or defence end-users through this indirect channel. No specific end-user contract has been publicly confirmed. No Israeli public procurement database equivalent to USASpending.gov was accessible during research, and live web search was unavailable2014.

Dual-Use Technology Profile

Splunk’s SIEM and SOAR platform is inherently dual-use: it is a general-purpose log aggregation, threat detection, and incident response tool used by government, law enforcement, and commercial security operations centres (SOCs) globally1821. No public reporting, NGO documentation, or official disclosure has confirmed that Splunk’s technology has been deployed specifically for military, intelligence, or law enforcement surveillance applications within Israel or the Occupied Palestinian Territories in any documented instance151617.

Offensive Cyber & Weapons Systems

No public evidence has been identified. Splunk does not develop, sell, license, or maintain offensive cyber capabilities, zero-day exploit tools, digital weapons systems, or systems designed to produce targeting decisions1821. Splunk’s product line is strictly defensive and observability-oriented.

Cisco Talos Integration

Following the Cisco acquisition, Splunk’s threat intelligence capabilities have been linked to Cisco Talos, Cisco’s threat intelligence and research division, which publishes indicators of compromise and adversary intelligence22. Cisco Talos is a US-based operation; no Israeli-origin intelligence provenance for Talos feeds has been identified in public documentation22.

AI, Algorithmic & Autonomous Systems

AI/ML Platform Capabilities

Splunk has integrated machine learning capabilities into its platform — including the Splunk Machine Learning Toolkit (MLTK) and AI-assisted anomaly detection within Splunk Enterprise Security — as general-purpose analytical tools for security and IT operations184. These capabilities are available to all Splunk customers, including government bodies.

Provision to Israeli State Bodies

No public evidence has been identified that Splunk’s AI or ML capabilities have been specifically provisioned to Israeli state, military, or security bodies under named contracts or bespoke agreements.

Training Data Provenance

No public evidence has been identified that Splunk’s AI models have been trained on civilian population data, intercepted communications, or surveillance-derived datasets originating from Israel or the Occupied Palestinian Territories.

Autonomous & Lethal Systems

No public evidence has been identified. Splunk does not produce autonomous target generation systems, fire-control AI, kill-chain automation, or any system designed to support lethal targeting decisions185. Splunk’s AI capabilities are directed at IT and security operations use cases, not weapons or lethality applications.

Technology Ecosystem & R&D Footprint

Splunk R&D Geography (Pre-Acquisition)

Prior to the Cisco acquisition, no public evidence has been identified of Splunk operating a dedicated R&D centre, engineering office, or innovation laboratory within Israel. Splunk’s named global engineering and product offices included San Francisco (HQ), Seattle, Denver, Austin, London, and Bangalore1821.

Cisco Israel R&D (Post-Acquisition Parent)

Cisco maintains a substantial long-standing R&D presence in Israel, built through acquisitions of Israeli networking and security companies over prior decades, with offices in Herzliya and the Tel Aviv area employing several hundred engineers and researchers19. As of the ongoing Cisco/Splunk product integration (2024–2025), no public disclosure has confirmed whether Splunk-branded engineering or product development work is being conducted from Cisco’s Israeli offices194.

Acquisitions

Splunk’s confirmed acquisitions prior to the Cisco acquisition are all US-based entities:

No acquisition of an Israeli-origin technology company by Splunk has been identified in public records.

Splunk Ventures Investment Portfolio

Splunk Ventures, Splunk’s strategic investment arm launched in 2019, has disclosed a portfolio of security and observability startups26. No Israeli-domiciled startup has been identified in Splunk Ventures’ publicly disclosed portfolio26. The complete Splunk Ventures portfolio has not been fully disclosed in public records; Israeli startup investments, if any, may not be publicly listed.

Patent & Intellectual Property

No public evidence has been identified of significant patent co-development arrangements or licensing agreements between Splunk and Israeli-domiciled entities or Israeli research institutions (including Technion, Hebrew University, or Weizmann Institute). Splunk’s USPTO patent portfolio reflects US-based inventorship across its domestic engineering workforce27.

Civil Society Scrutiny & Regulatory History

NGO & Academic Reports

Boycott & Divestment Campaigns

No public evidence has been identified of any organised BDS campaign or targeted divestment action directed specifically at Splunk in connection with Israeli technology provision1516.

Regulatory & Legal Actions

No public evidence has been identified of regulatory inquiries, export control actions, sanctions-related investigations, or legal challenges involving Splunk’s technology sales or services to Israeli state entities182721. Splunk’s SEC proxy and annual filings for FY2022 and FY2023 do not disclose any Israel-specific regulatory or legal proceedings182721.

Post-Acquisition Regulatory Profile

Following the Cisco acquisition, Splunk’s regulatory disclosures are consolidated into Cisco’s SEC filings5. Cisco’s FY2024 10-K does not identify any Israel-specific regulatory, sanctions, or export control proceedings materially attributable to Splunk operations5.

End Notes

Footnotes

  1. https://www.reuters.com/technology/cisco-closes-28-billion-splunk-acquisition-2023-09-21/ 2

  2. https://conf.splunk.com/files/2019/slides/IOT1410.pdf

  3. https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2022/m09/cisco-to-acquire-splunk.html

  4. https://www.techtarget.com/searchsecurity/news/366555178/Cisco-closes-Splunk-acquisition 2 3 4

  5. https://www.sec.gov/cgi-bin/browse-edgar?action=getcompany&CIK=0000858877&type=10-K 2 3 4 5 6

  6. https://splunkbase.splunk.com/ 2 3 4 5 6 7 8 9

  7. https://www.splunk.com/en_us/partners/technology-partners.html 2 3

  8. https://docs.cyberark.com/

  9. https://www.sentinelone.com/partners/technology-alliances/

  10. https://cortex.pan.dev/docs/ 2

  11. https://www.wiz.io/partners/technology-partners

  12. https://claroty.com/resources/integrations/splunk

  13. https://www.armis.com/technology-partners/splunk/

  14. https://www.splunk.com/en_us/partners.html 2 3 4 5

  15. https://www.notechforapartheid.com/ 2 3 4 5 6 7 8

  16. https://whoprofits.org/ 2 3 4 5

  17. https://www.amnesty.org/en/tech/ 2 3 4

  18. https://www.sec.gov/cgi-bin/browse-edgar?action=getcompany&CIK=0001353283&type=10-K 2 3 4 5 6 7 8 9

  19. https://www.cisco.com/c/en/us/about/locations.html 2 3 4 5

  20. https://www.usaspending.gov/search/ 2 3

  21. https://www.sec.gov/cgi-bin/browse-edgar?action=getcompany&CIK=0001353283&type=10-K 2 3 4 5

  22. https://blog.talosintelligence.com/ 2

  23. https://www.splunk.com/en_us/newsroom/press-releases/2021/splunk-acquires-pliant.html

  24. https://www.splunk.com/en_us/newsroom/press-releases/2021/splunk-acquires-flowmill.html

  25. https://www.splunk.com/en_us/newsroom/press-releases/2022/splunk-acquires-twinwave-security.html

  26. https://www.splunk.com/en_us/about-splunk/splunk-ventures.html 2

  27. https://www.sec.gov/cgi-bin/browse-edgar?action=getcompany&CIK=0001353283&type=DEF14A 2 3