Applications

VirtualMetric DataStream is a telemetry pipeline solution that simplifies data collection, processing, and routing for multiple platforms including Microsoft Sentinel, AWS Security Lake, Elasticsearch, Splunk, and other security analytics platforms. At its core, DataStream uses pipelines to process, enrich, and direct data flows to their optimal destinations. It is composed of the following components:

VirtualMetric Director™

VirtualMetric Director is a comprehensive platform designed for listening on various data sources, extracting and transforming them, and routing the data to multiple destinations across different security platforms. This powerful component acts as the central nervous system of your pipeline, orchestrating the flow across your entire infrastructure with multi-schema support.

Director provides a unified interface for managing multiple sources and destinations, enabling seamless data collection, transformation, and distribution across ASIM, OCSF, ECS, CIM, and UDM formats. Its architecture is built to handle enterprise-scale data volumes at high levels of performance and reliability.

Key capabilities include:

• Source Management - support for multiple protocols (TCP, UDP, HTTP), file system monitoring, database change tracking, API integration, custom source implementations
• Multi-Schema Data Transformation - real-time processing with ASIM, OCSF, ECS, and CIM schema support, format conversion, field extraction, data enrichment, custom transformation rules
• Intelligent Routing - dynamic destination selection across Microsoft Sentinel, AWS Security Lake, Elasticsearch, and Splunk, load balancing, failover handling, priority-based routing, conditional routing
• Monitoring and Control - real-time pipeline visibility, performance metrics, health monitoring, alert management, configuration validation

Director's flexible architecture allows it to adapt to changing requirements. Whether you're collecting logs from applications, monitoring system metrics, or gathering security events, Director provides the necessary tools to ensure efficient data handling and delivery across multiple security platforms.

VirtualMetric Agent™

VirtualMetric Agent is a lightweight, high-performance data collection component designed to gather telemetry data from various sources while maintaining minimal system impact. This versatile agent serves as the first point of contact in the telemetry pipeline, ensuring reliable data collection and initial processing.

Agent is engineered with efficiency and reliability in mind, offering robust data collection without compromising system performance or stability.

Key features include:

• Efficient Collection - low resource utilization, minimal CPU and memory footprint, optimized disk I/O, configurable collection intervals, adaptive rate limiting
• Reliable Processing - local buffering, crash recovery, data persistence, automatic reconnection, error handling
• Flexible Integration - multiple source types support, custom collector plugins, format adaptation, protocol conversion, destination selection
• Advanced Monitoring - self-diagnostics, performance metrics and health status reporting, resource usage tracking, alert generation

Agent's architecture ensures seamless data collection and transmission while providing robust monitoring and management capabilities. Its modular design allows for easy extension and customization to meet specific organizational needs. It can operate both independently and as part of a larger telemetry infrastructure, making it suitable for various deployment scenarios, from single-server installations to large-scale distributed environments.

VirtualMetric Director Proxy™

VirtualMetric Director Proxy is a secure, lightweight forwarding component designed to operate within customer environments, whether on-premises or in their own cloud infrastructure. This strategic component enables secure data delivery to customer-owned destinations while maintaining complete isolation of customer credentials and infrastructure access.

Director Proxy serves as the secure bridge between VirtualMetric Director and customer destinations, providing a perfect solution for Managed Security Service Providers (MSSPs) managing multiple customer environments without requiring access to customer credentials or infrastructure.

Key capabilities include:

• Secure Data Reception - receives highly compressed data streams from VirtualMetric Director, token-based authentication (JWT-compatible), encrypted communication channels, automatic decompression and processing
• Azure Managed Identity Integration - native Azure Managed Identity support for secure destination access, eliminates credential management overhead, seamless integration with Azure services, automatic token refresh and management
• Multi-Destination Support - intelligent routing to Microsoft Sentinel, Microsoft Sentinel data lake, Azure Data Explorer and Azure Blob Storage based on Director instructions
• MSSP-Optimized Architecture - tenant isolation and security, token-based tenant authentication, centralized management for MSSPs, no credential sharing required

MSSP Deployment Model

Director Proxy enables a streamlined MSSP workflow where each customer tenant installs the proxy within their environment and shares only the proxy endpoint address and authentication token with the MSSP. The MSSP operates VirtualMetric Director centrally, processing and routing data for multiple customers without ever accessing customer credentials or infrastructure.

Director sends destination routing instructions and processed data to Director Proxy via secure HTTP requests. Director Proxy handles all final delivery using customer-owned Azure Managed Identity credentials, ensuring complete security isolation and compliance with customer data sovereignty requirements.

This architecture provides enterprise-grade security, simplified credential management, scalable multi-tenant support, and complete customer control over data destinations while enabling efficient MSSP operations.