Smarter Insights and Pipeline Control – New in DataStream

We’re constantly improving DataStream to make security data management simpler, smarter, and more efficient for modern SOCs. This latest update introduces new capabilities that bring even more visibility and flexibility to your telemetry pipelines. 

Let’s take a closer look at what’s new. 

For many SOC teams, Windows log collection is either too noisy or too limited. Broad collection leads to bloated SIEM bills, while overly narrow configurations risk missing critical events. Balancing visibility and cost has been a persistent challenge – until now.

You can now configure Windows data collection in a much more granular way – whether you’re using agent or agentless mode. Security teams can define exactly which logs they want to collect, with built-in options like All, Common, Minimal, or fully Custom via XML filters. This makes it easier to match collection scope to your detection and compliance needs.

Under the hood, DataStream uses secure, read-only access via native protocols like WinRM for Windows and SSH for Unix-based systems. It integrates directly with Credential Stores and Active Directory, so you can avoid hardcoding credentials or opening security gaps. 

Security pipelines are only as effective as your ability to see what’s going on inside them. That’s why we’ve introduced a new Stats Overview section in the DataStream UI – a comprehensive view that helps teams understand where their data comes from, where it’s going, and how efficiently it flows. 

You’ll see which devices are sending the most logs, how much of that telemetry is raw versus processed, and how it’s being distributed across your targets – Sentinel, ADX, Blob, or elsewhere. 

Digging deeper, the new Directors & Devices view gives you clear visibility into your infrastructure. Track live system status, resource consumption (CPU, memory), and connectivity issues per Director. This helps operations teams spot misconfigurations and troubleshoot issues before they cause impact. 

And to ensure end-to-end reliability, we’ve added real-time pipeline health metrics. Visualize latency, error rates, and dropped messages over time – so you can tune performance, catch issues early, and prove your pipeline is doing what it should. 

These updates are part of our ongoing mission to simplify telemetry operations for security teams, so you can spend less time managing pipelines and more time focusing on what really matters: visibility, detection, and response. 

Coming soon: even more ways to customize, automate, and optimize how data flows across your environment. We’re working on expanded source support, more ASIM integrations, and new target options.

Want to see it in action? Book a live walkthrough or talk to our team to learn more.