May 4, 2026
The latest VirtualMetric DataStream release (version 1.10.1) focuses on three things security and infrastructure teams consistently need: better credential management, faster agent deployment at scale, and broader connectivity.
Here’s what’s new.
New features
Centralized secret management with Vault
Sensitive credentials tend to accumulate across platform configurations over time. Vault addresses this directly.
DataStream now includes a native secret management layer with support for CyberArk, HashiCorp Vault, and Azure Vault, as well as a built-in VirtualMetric Vault for local secret storage. Passwords, keys, certificates, and other sensitive fields used across the platform can now be managed from a single location. When a credential changes, it changes in one place.
For organizations with existing vault infrastructure, the integration works with what’s already in place. For those without, the native Vault provides the same centralized control without an external dependency.
Enrollment Templates for agent provisioning at scale
Enrollment Templates let you define an onboarding configuration once and enroll any number of agents against it using a single command. Templates support two onboarding workflows: auto-accept, for environments where agents can be approved automatically, and manual review, for deployments where controlled approval is required. Either way, the configuration work happens once.
File-based data collection on Linux and Windows
Agents can now read and ingest data directly from files on monitored hosts through new Linux and Windows File Dataset types. This extends log collection to file-based sources that sit outside standard event and system log channels, filling a gap for environments where file-based logging is common.
Improvements
New device integrations and targets
Six new device integrations expand what DataStream can collect from:
- Splunk HEC — ingest Splunk-forwarded data via the HTTP Event Collector
- Elastic — collect logs and events from Elasticsearch
- Google Cloud Pub/Sub — connect to Google Cloud’s managed messaging service
- Google Cloud Storage — ingest stored log data from GCS buckets
- RabbitMQ — collect events from RabbitMQ message queues
- Redis — ingest log and event data from Redis
Two new targets expand where DataStream can forward data: UDP and TCP, covering a broader range of downstream routing scenarios.
Content Hub: new Microsoft Sentinel packs
Three new pipeline packs are now available in the Content Hub, extending Microsoft Sentinel coverage:
- ESET Protect Pack for Microsoft Sentinel
- Squid Proxy Pack for Microsoft Sentinel
- Ubiquiti UniFi Network Pack for Microsoft Sentinel
These join an expanding library of ready-to-use packs for normalizing and routing data into Sentinel.
More in this release
This release also includes a range of platform improvements covering UI consistency across Audit Log filters, empty state presentation across tables, and more.
For the full list of changes, see the release notes.
As always, feedback from real-world deployments helps guide future development. If you would like a walkthrough of any of these features or want to share suggestions, we would be glad to hear from you.
See VirtualMetric DataStream in action
Start your free trial to experience safer, smarter data routing with full visibility and control.
Related content
Product
Real-Time Visibility, Orchestrated Deployments, and More
Product
Update Management, Content Hub Expansion, and KQL Support
Product
VirtualMetric DataStream + Google SecOps Integration: Pre-Ingest UDM Normalization at Scale
Product
