Operations | Monitoring | ITSM | DevOps | Cloud

You Can't Detect What You Never Collect: Telemetry Coverage in the Agentic SOC

Every detection rule, every threat hunt, every AI agent you deploy rests on one silent assumption: that the data describing an attack actually reached your tools. When it doesn’t, nothing above it can save you, and no one gets an alert that the data was missing. Security teams invest heavily in the sharp end of the stack: detection content, threat intelligence, response playbooks, and increasingly, AI agents to triage and investigate at machine speed.

Sanctioned Isn't Secured: The AI Audit Logs Your SIEM Never Sees

Your organization has approved AI platforms for development, data science, and productivity. Procurement signed off. Legal reviewed the terms. Employees are using them. The tools are sanctioned. What isn’t sanctioned is invisibility. The administrative layer of every AI platform in your environment — OpenAI, Amazon Bedrock, Google Gemini, Cursor, Databricks, Glean and others — generates security-relevant events that your SIEM has never seen.

DataStream 2.0: Faster, Smarter, Built for Scale

June 19, 2026 This is not a regular monthly update. DataStream Version 2.0 is a milestone — the result of relentless building, learning from customers, and pushing the platform toward what enterprise-scale security operations actually demand. The core has been rebuilt, new capabilities have been added across the board, and the platform is now faster, more resilient, and more extensible than ever. Here’s what’s new.

The AI Zero-Day Wave Is Here. Is Your Logging Infrastructure Ready?

Last week, the cybersecurity industry received a signal it cannot afford to ignore. Anthropic announced Claude Mythos Preview: a general-purpose frontier AI model that, without any explicit training for the task, autonomously discovered and fully exploited zero-day vulnerabilities across every major operating system and web browser. Not theoretical capabilities.

Real-Time Visibility, Orchestrated Deployments, and More

The latest VirtualMetric DataStream release brings a significant step forward in platform observability and deployment flexibility. Version 1.9.0 gives security and infrastructure teams direct visibility into what’s happening across their pipelines in real time while expanding support for cloud-native environments and broadening connectivity options. Here’s what’s new.

VirtualMetric DataStream + Splunk: Pre-Ingest CIM Normalization Without the TA Tax

Splunk is built around a deceptively simple premise: get your data in, search it, and act on it. In practice, the gap between “get your data in” and “data that actually works in Splunk ES” is where most of the engineering effort goes. CIM normalization is non-trivial. Technology Add-on development is slow. Volume-based licensing penalizes growth. And the combination means that as environments expand, Splunk becomes harder to operate efficiently.

Update Management, Content Hub Expansion, and KQL Support

The latest VirtualMetric DataStream release introduces several important capabilities across platform security, data management, and operational workflows. This update strengthens access protection, simplifies infrastructure management, and expands the ways security teams can work with live telemetry. It also extends platform connectivity and improves the user experience across many areas of the interface. Let’s take a closer look.

VirtualMetric DataStream + Google SecOps Integration: Pre-Ingest UDM Normalization at Scale

Google SecOps (formerly Chronicle) is widely used for large-scale security analytics, long-term telemetry retention, and detection across diverse environments. Its Unified Data Model (UDM) enables correlation across sources and supports analytics that operate over long time horizons. To take full advantage of these capabilities, security data must arrive in a consistent and well-structured UDM format. In practice, this is rarely the case.