Simpler Access and Broader Vendor Support – New in DataStream

This month we’re rolling out several new capabilities designed to simplify daily work for SOC teams, MSSPs, and enterprise security operations. The focus is on easier access control, streamlined log management, and faster vendor onboarding.

Single Sign-On (SSO) is now supported with Microsoft Azure. Organizations can enable SSO across all users, eliminating the need for separate credentials. This improves both security and usability by reducing password sprawl and giving users a consistent login experience across the platform.

Role-Based Access Control (RBAC) has been expanded to give organizations more flexibility in assigning permissions. Enterprise users can create new custom roles from scratch using predefined actions or clone existing roles. This ensures that the right people have the right access and keeps permissions transparent and easier to manage.

Managed Security Service Providers (MSSPs) can now create and manage tenants under their main account. They can switch between tenants to view usage information such as ingestion limits and daily volumes. Service providers gain a clear overview of customer usage without juggling multiple accounts, making multi-tenant management simpler and more efficient.

We’ve expanded the Content Hub with new vendor templates, making it easier to normalize logs and connect with a broader range of systems. Syslog Auto Discovery has also been enhanced, allowing DataStream to automatically identify the source behind syslog messages.

Out-of-the-box support now includes vendors like Barracuda, Check Point, Cisco ASA/FTD, Cisco Meraki, Citrix, F5, Forcepoint, Fortinet, Infoblox, Palo Alto, SonicWall, WatchGuard, and more. Logs from these sources can be normalized automatically, reducing manual setup and giving SOC teams clean, consistent data from the start.

Building on syslog improvements, DataStream now natively normalizes logs to CommonSecurityLog across many supported vendors. Whether a device sends CEF, LEEF, or native logs, DataStream ensures they are converted into a consistent format. From there, logs can be mapped directly into ASIM for advanced analytics in Microsoft Sentinel.

Each of these updates removes manual effort from your daily operations, giving security teams faster onboarding, better control of access and data, and cleaner pipelines into Microsoft Sentinel.

We’re also preparing several new capabilities, including expanded configuration options, improved data transformation insights, and additional support for more log sources. More updates are on the way, and we look forward to sharing them with you soon!

If you’d like to see how DataStream can simplify log management and strengthen your SOC operations, get in touch with our team or try it for free.