VirtualMetric DataStream Solution: New Multi-Path Data Ingestion Platform for Sentinel

Data Source

VirtualMetric DataStream integrates telemetry from VirtualMetric infrastructure monitoring and security platforms into Microsoft Sentinel. The solution ingests data from VirtualMetric’s monitoring agents deployed across virtualised environments, providing visibility into system performance, security events, and operational metrics.

Ingestion Mechanism

DCR-based ingestion with three distinct connector variants:

1. VirtualMetric-Sentinel: Direct ingestion to standard Sentinel tables via Data Collection Rules
2. VirtualMetric-SentinelDataLake: Custom table ingestion for Sentinel data lake with configurable table prefixes
3. VirtualMetric-DirectorProxy: Function App-based proxy service for director-mediated data flows using Azure Premium hosting

All connectors utilise Data Collection Endpoints (DCE) and Data Collection Rules (DCR) for structured data transformation and routing.

Detection Surface Unlocked

ASIM Schema Support: Native ingestion into ASimAuditEventLogs, ASimAuthenticationEventLogs, ASimDhcpEventLogs, ASimDnsActivityLogs, ASimFileEventLogs, ASimNetworkSessionLogs, ASimProcessEventLogs, ASimRegistryEventLogs, ASimUserManagementActivityLogs, and ASimWebSessionLogs enables immediate compatibility with normalised detection rules.

Standard Log Integration: Parallel ingestion to CommonSecurityLog, SecurityEvent, Event, Syslog, and WindowsEvent tables provides comprehensive coverage for traditional SIEM analytics and existing detection content.

Infrastructure Visibility: VirtualMetric-specific telemetry exposes virtualisation layer security events, hypervisor anomalies, and resource consumption patterns that are typically invisible to traditional endpoint monitoring.

Affected Files

Solutions/VirtualMetric DataStream/Data Connectors/VirtualMetric-Sentinel/DeployToAzure.json Solutions/VirtualMetric DataStream/Data Connectors/VirtualMetric-SentinelDataLake/DeployToAzure.json Solutions/VirtualMetric DataStream/Data Connectors/VirtualMetric-DirectorProxy/DeployToAzure.json Solutions/VirtualMetric DataStream/Data Connectors/VirtualMetric-DirectorProxy/DirectorProxyFunction.zip Sample Data/VirtualMetricDataStream_CEF.csv Logos/VirtualMetric.svg (packaging artefacts: mainTemplate.json, createUiDefinition.json, SolutionMetadata.json, etc.)