DataStream 2.0: Faster, Smarter, Built for Scale

June 19, 2026

This is not a regular monthly update. DataStream Version 2.0 is a milestone — the result of relentless building, learning from customers, and pushing the platform toward what enterprise-scale security operations actually demand. The core has been rebuilt, new capabilities have been added across the board, and the platform is now faster, more resilient, and more extensible than ever.

Here’s what’s new.

The Director is the heart of every DataStream deployment. It is a lightweight service that runs in your environment: collecting, processing, and routing security telemetry data locally, while being managed centrally through the DataStream platform. In version 2.0, it has been rebuilt from the ground up. 

Log collection and processing are noticeably faster. The platform sustains higher throughput under heavy loads and operates with greater resilience in demanding production environments. For teams running DataStream at scale – across hundreds of customers, high-volume log sources, or mission-critical pipelines – this is the foundation that makes everything else possible. 

DataStream now supports rule-based alerting across Directors, devices, and targets. Teams can define rules around log volume and performance metrics, and let matched rules raise alerts automatically. 

The result is continuous, end-to-end visibility into what’s happening across the platform and the ability to act on emerging issues before they affect operations. 

The Library is a central home for lookup tables, schemas, and Grok patterns used across pipelines and targets. Define each resource once and reference it wherever it’s needed without duplicating configuration or risking inconsistency: across multiple pipelines, devices, or targets. 

For teams managing complex, high-volume environments, this removes a significant source of repetitive work. 

DataStream now exposes a REST API across the full platform, with inline API examples available on every create screen. Teams can automate provisioning and configuration, integrate DataStream into existing tooling and workflows, and reduce time spent on manual setup. 

Two additions that matter for security-conscious and network-restricted deployments: 

Director Proxy – Proxy settings now live within Director configurations, giving teams a single, consistent place to manage connectivity in environments where traffic is routed through proxies. 

Director TLS – Director-to-Agent communication can now be encrypted in transit, ensuring sensitive data stays protected end to end and making compliance requirements straightforward to satisfy. 

Tenant owners can now remove their tenant and all associated data entirely on their own terms. Full control over data ownership and compliance obligations without dependency on support processes.

Ten new device integrations extend what DataStream can collect from:

Six new targets expand where DataStream can route data: 

The Content Hub now ships with 328 ready-to-use packs, up from 92 — a major expansion of out-of-the-box coverage across vendors and platforms. Each pack provides prebuilt parsing, normalization, and routing for a specific source, so onboarding a new vendor is a matter of selecting a pack rather than building a pipeline from scratch.

This release also includes TLS format validation at configuration time, input validation improvements across the platform, and an updated Log Stream column focused on the most recent 15-minute window. 

For the full list of changes, see the release notes.

As always, feedback from real-world deployments helps guide future development. If you would like a walkthrough of any of these features or want to share suggestions, we would be glad to hear from you.