Benefits
Supercharge your SOC team
For whom
Built to empower every role
Use cases
Collection
Get clean telemetry without agents
DataStream collects telemetry directly from many sources with out-of-the-box vendor packs, using secure connections like WinRM and SSH with read-only access. No agents, complex setups, configuring, or system restarts required. Data is categorized at the source, giving you a consistent structure and built-in compliance.
Normalization
Normalize logs into one schema
DataStream automatically parses raw logs, normalizes them into a consistent schema, and converts formats like CEF, LEEF, JSON, OCSF into a unified structure. Without manual parsing, custom scripts, or field mapping. You get clean, structured data that your SIEM can understand making rules sharper, correlations stronger, and threat detection more reliable.
Filtering & reduction
Eliminate noise, keep the insight
After normalization, DataStream’s engine runs a multi-stage process: first removing unnecessary fields and noise, then filtering events by criteria such as Event ID, IP address, or user activity, and applying sampling where needed. This way, your SOC gets lower volumes, preserved insight, and a clean stream of signals for detection and compliance.
Enrichment
Add the missing context
Logs alone show events, but not the context. DataStream enriches telemetry automatically, adding details that align with your security policies: user identities, geo-location, device and application data, or custom tags. Instead of flat events, your SOC receives complete insights that make alerts more precise, reduce false positives, and speed up investigations.
Routing
Deliver data where it matters
Not all telemetry belongs in your SIEM. Some need to go to storage for compliance, some to analytics platforms, and some straight into SIEM for real-time detection. DataStream makes this seamless with intelligent routing. Context-aware filters ensure that only meaningful events hit SIEM, while less critical logs can be directed to other platforms – all in parallel.
Features
10x faster data processing
The vectorized pipeline engine utilizes all CPU cores for parallel batch processing, delivering industry-leading performance. VMF 3.0 format achieves 99% compression and delivers extra features like Bloom Filters or LogChain.
Zero security data loss
Advanced Write-Ahead Log technology ensures full data integrity with minimal duplication, even during interruptions. Built-in crash recovery removes the need for external systems like Kafka while maintaining reliable processing.
Extensive processor support
DataStream adopts the Elastic Ingest Pipeline syntax, but provides 150+ processors, offering the industry’s most comprehensive low/no-code pipeline management. Complex pipelines can be built and optimized in minutes.
Correlation ID for unified visibility
DataStream assigns a unique Correlation ID to each log, linking related events across SIEM and other platforms. This makes it easy to trace activity, connect signals, and see the full picture in seconds.
Datastream is available on Azure Marketplace
DataStream is certified and listed on Azure Marketplace ensuring compliance, security, and faster time-to-value.
Frequently asked questions
What deployment options are available?
DataStream supports flexible deployment architectures, including full HA mode with role separations. You can separate Source, Main, and Target pipelines, enabling optimal performance and security posture while maintaining complete control over data flow.
How fast can we deploy DataStream?
DataStream is fully agentless and can be deployed in under 30 minutes. With Single Sign-On for Microsoft Azure, out-of-the-box vendor packs, and a drag-and-drop interface, creating pipelines is quick and intuitive.
Does DataStream integrate with our existing tools?
Yes. DataStream supports 50+ operating systems and platforms out of the box, with vendor packs for common sources. It routes clean, normalized data to SIEMs, analytics platforms, storage systems or all at once.
How does DataStream support compliance requirements?
DataStream delivers normalized logs, automatically categorized into datasets for easier compliance and reporting. Audit-ready retention ensures timestamp integrity and zero-loss architecture. And with SOC 2 and ISO 27001 certification, you can trust your data is managed to the highest security standards.
How does the Microsoft Sentinel integration work?
DataStream automatically maps data to appropriate ASIM tables and applies contextual filtering for optimized ingestion. Our native support for Microsoft Data Collection Rules (DCR) and advanced routing capabilities enable efficient data handling without manual configuration.
Talk to our experts
Schedule a technical session with our engineering team to explore DataStream’s architecture, deployment options, and integration capabilities.
Try DataStream
Test DataStream’s vectorized pipeline with your SIEM environment. Process terabytes of data with 99% compression while maintaining complete security visibility.
Try now