Features
VirtualMetric Director offers many ground-breaking features to streamline your telemetry operation, making it easier to manage, more robust, and more efficient.
Advanced Data Routing
VirtualMetric Director simplifies data routing with its advanced reroute processor, eliminating the need for manual filtering required in other solutions.
This processor allows users to route data effortlessly to destinations at the pipeline or content pack level.
With VirtualMetric Director, advanced filters can be applied for precise data routing, and the Dataset concept further streamlines routing by enabling multiple data sources to coalesce around a single SIEM endpoint. This flexibility empowers IT and Security Engineers to design efficient and scalable routing strategies with ease.
Agentless Data Collection
VirtualMetric Director's agentless design enables effortless data collection from Windows, Linux, Unix, macOS, Solaris, AIX, and many others without requiring third-party tools or complicated configurations.
Our system leverages read-only user rights for secure remote access, ensuring data integrity and compliance.
By integrating with Credential Stores and Active Directory Service Accounts, VirtualMetric Director eliminates the need for user credentials, simplifying creation of secure connections.
Datasets
VirtualMetric Director is revolutionizing the traditional concept of source in telemetry pipelines with its introduction of Datasets.
Unlike classic solutions that focus solely on data collection via protocols or third-party agents, Datasets categorize telemetry data—Windows Event Logs, Windows User Activity, Linux Audit Logs—at the source, simplifying pipeline design and enabling advanced RBAC.
With Datasets, users can define role-based access at the data level to ensure that the teams working on the same source are fully isolated and unable to view each other's data. This innovative approach delivers greater flexibility and tighter security.
Extensive Processor Support
VirtualMetric Director's pipeline engine adopts the widely recognized Elastic Ingest Pipeline format, allowing IT and Security Engineers to create and manage pipelines effortlessly.
With over 50+ processors, VirtualMetric Director provides the most comprehensive processor support in the industry, enabling low-code/no-code management for tasks like parsing, filtering, enrichment, routing, and more. Engineers with Elastic experience can leverage this robust and flexible pipeline engine, reducing onboarding time and enhancing operational efficiency.
Lossless Pipeline Engine
VirtualMetric Director's Write-Ahead Log (WAL) architecture provides a robust foundation for data integrity by securely storing all routing and pipeline states on disk. This ensures zero data loss, even in the event of a crash. Unlike solutions that require additional components like Kafka, VirtualMetric Director caps log duplication at just one message.
The WAL approach also minimizes the risk of system downtime, ensuring that your telemetry pipeline is always up and running, and consistent, even under heavy loads.
Microsoft Sentinel Integration
VirtualMetric Director's pipeline engine was specifically crafted to integrate seamlessly with Microsoft Sentinel.
By inferring context from log messages, our solution automatically ingests data into the appropriate ASIM tables, drastically reducing the manual effort and accelerating integration.
With contextual filters, users can easily optimize data ingestion to ensure only relevant information is sent to Sentinel, saving time and reducing costs by increasing efficiency.
Vectorized Processing
VirtualMetric Director's vectorized pipeline engine is designed for maximum efficiency.
By utilizing all available cores, it processes large log volumes in record time and provides parallel data ingestion with target SIEMs.
With over 10 times the ingestion speed of traditional solutions and up to 99% disk and network compression, VirtualMetric Director reduces bandwidth and disk usage for queuing down to the bare minimum, delivering great cost savings.
VMF 3.0: The Next-Gen File Format for Pipelines
VirtualMetric File Format (VMF) 3.0 is a state-of-the-art file format engineered specifically for high-performance pipeline engines.
With its roots in Apache Avro, VMF combines the efficiency of a row-based format with the ability to handle massive volumes of small data chunks. Its advanced design enables disk-level merging without consuming system resources, overcoming the limitations of Avro OCF which requires the presence of resources for merging compressed files.
VMF achieves up to 99% compression, making it ideal for both storage and network transport. It also supports features like Bloom Filters, Zero Trust Storage, Log Chaining, and TSA out of the box, making it the ultimate file format for forensic integrity, fast searches, and secure data handling.