Merge pull request #260 from VirtualMetric:DT-425-1-5-0-release-notes

DT-425-1-5-0-release-notes

Author: KorayErkan

blog/2025-09-01-release-notes-1.4.0.mdx

@@ -1,5 +1,4 @@
 ---
-slug: /release-notes
 authors: [release-team]
 tags: [release]
 title: Version 1.4.0 Released

blog/2025-10-16-release-notes-1.5.0.mdx

@@ -0,0 +1,11 @@
+---
+authors: [release-team]
+tags: [release]
+title: Version 1.5.0 Released
+---
+
+This release introduces flexible Director configuration management with **Self Managed Director** mode and comprehensive **Linux Agent** monitoring capabilities. The new **Splunk HEC** target integration expands data forwarding options, while important bug fixes improve agent visibility, device management, and user authentication workflows.
+
+{/* truncate  */}
+
+<Include id="release-1.5.0"/>

docs/configuration/directors/deployment.mdx

@@ -132,8 +132,8 @@ The standard installation process follows a guided setup through the DataStream
 2. **Configure Director Properties**
    - Assign unique Director name for identification
    - Select "Standalone" installation type
-   - Choose appropriate platform (Self-managed recommended)
-   
+   - Choose appropriate platform
+
       A self-managed director is indicated under the **Mode** column as _Self-managed_, with a warning icon to its right. Hovering over the icon displays a tooltip, informing the user that the xonfiguration has changed and that the current one has to be deployed.
 
       :::info

docs/release-notes/v1.5.0.mdx

@@ -0,0 +1,6 @@
+---
+sidebar_label: v1.5.0
+title: Version 1.5.0
+---
+
+<Include id="release-1.5.0" />

includes.json

@@ -22,6 +22,7 @@
 
   "release-1.3.0": "release-1.3.0.mdx",
   "release-1.4.0": "release-1.4.0.mdx",
+  "release-1.5.0": "release-1.5.0.mdx",
 
   "templates-cannot-be-reinstalled": "templates-cannot-be-reinstalled.mdx",
   "timezone-settings": "timezone-settings.mdx",

package-lock.json

@@ -1,6 +1,6 @@
 {
 	"name": "virtualmetric-docs",
-	"version": "1.4.0",
+	"version": "1.5.0",
 	"private": true,
 	"scripts": {
 		"docusaurus": "docusaurus",

package.json

@@ -401,6 +401,7 @@ const sidebars: SidebarsConfig = {
       label: 'Release Notes',
       collapsible: false,
       items: [
+        "release-notes/v1.5.0",
         "release-notes/v1.4.0",
         "release-notes/v1.3.0",
       ],

sidebars.ts

@@ -0,0 +1,31 @@
+## :rocket: New Features
+
+- **Self Managed Director** - Two configuration management modes provide flexibility for different operational requirements. Managed Mode maintains automatic connection between platform and Director, pushing configuration changes in real-time for simplified operations. Self-Managed Mode enables administrators to download configurations from the platform and upload manually to Directors, providing enhanced control over configuration deployment. System displays warnings when new configurations are available but not yet applied, ensuring visibility into configuration status. Directors continue sending health status and statistics automatically in both modes, maintaining operational visibility while supporting diverse security policies and environment requirements.
+
+- **Linux Agent** - Comprehensive monitoring capabilities for Linux systems enable collection of system logs, application logs, and audit data from Linux infrastructure. Two deployment modes support different operational approaches: Agent Mode provides direct installation and configuration control on individual systems, while Agentless Mode enables remote deployment across multiple Linux machines without manual installation requirements. This dual-mode architecture ensures flexible Linux environment monitoring tailored to operational requirements and infrastructure configurations.
+
+## :wrench: Improvements
+
+### New Targets
+
+- **Splunk** - Splunk HEC (HTTP Event Collector) target enables direct data transmission to Splunk infrastructure. Integration intelligently preserves structured fields when recognized, or ingests as raw data when unrecognized, ensuring comprehensive data forwarding. Seamless integration with existing Splunk deployments expands data routing options for analytics and monitoring workflows.
+
+### Device and Target Enhancements
+
+- **TCP and Syslog Framing Field Update** - Framing field configuration for TCP and Syslog devices updated to use `rfc6587` option, replacing the previous `octet` designation. This change aligns with standard protocol specifications, ensuring improved compatibility and clarity in device configuration.
+
+- **Extended Target Name Length** - Target name character limit increased from 30 to 64 characters, providing greater flexibility for descriptive and meaningful target identifiers. Extended naming capability supports more detailed target identification and organizational naming conventions.
+
+### User Interface
+
+- **Statistics Decimal Precision** - Numerical data display in Stats menu standardized with maximum two decimal places for improved readability. Simplified decimal formatting makes statistics easier to read and interpret at a glance.
+
+## :bug: Bug Fixes
+
+- Fixed IP address display issue for agents where addresses were not showing correctly in the interface. Agent IP addresses now properly display, improving system visibility and identification.
+
+- Resolved Quick Routes issue where newly added device types were not appearing in the device list. All device types now correctly display in Quick Routes interface, ensuring complete device visibility.
+
+- Fixed User Management issue where password reset button was missing when SSO was disabled. Password reset functionality now properly accessible in non-SSO mode.
+
+---

src/includes/release-1.5.0.mdx

@@ -0,0 +1,58 @@
+---
+sidebar_label: Applications
+---
+
+# Applications
+
+**VirtualMetric DataStream** is a telemetry pipeline solution that simplifies data collection, processing, and routing for multiple platforms including _Microsoft Sentinel_, _AWS Security Lake_, _Elasticsearch_, _Splunk_, and other security analytics platforms. At its core, **DataStream** uses pipelines to process, enrich, and direct data flows to their optimal destinations. It is composed of the following components:
+
+## VirtualMetric Director™
+
+**VirtualMetric Director** is a comprehensive platform designed for listening on various data sources, extracting and transforming them, and routing the data to multiple destinations across different security platforms. This powerful component acts as the central nervous system of your pipeline, orchestrating the flow across your entire infrastructure with multi-schema support.
+
+**Director** provides a unified interface for managing multiple sources and destinations, enabling seamless data collection, transformation, and distribution across ASIM, OCSF, ECS, CIM, and UDM formats. Its architecture is built to handle enterprise-scale data volumes at high levels of performance and reliability.
+
+Key capabilities include:
+
+* **Source Management** - support for multiple protocols (TCP, UDP, HTTP), file system monitoring, database change tracking, API integration, custom source implementations
+* **Multi-Schema Data Transformation** - real-time processing with ASIM, OCSF, ECS, and CIM schema support, format conversion, field extraction, data enrichment, custom transformation rules
+* **Intelligent Routing** - dynamic destination selection across Microsoft Sentinel, AWS Security Lake, Elasticsearch, and Splunk, load balancing, failover handling, priority-based routing, conditional routing
+* **Monitoring and Control** - real-time pipeline visibility, performance metrics, health monitoring, alert management, configuration validation
+
+**Director**'s flexible architecture allows it to adapt to changing requirements. Whether you're collecting logs from applications, monitoring system metrics, or gathering security events, **Director** provides the necessary tools to ensure efficient data handling and delivery across multiple security platforms.
+
+## VirtualMetric Agent™
+
+**VirtualMetric Agent** is a lightweight, high-performance data collection component designed to gather telemetry data from various sources while maintaining minimal system impact. This versatile agent serves as the first point of contact in the telemetry pipeline, ensuring reliable data collection and initial processing.
+
+**Agent** is engineered with efficiency and reliability in mind, offering robust data collection without compromising system performance or stability.
+
+Key features include:
+
+* **Efficient Collection** - low resource utilization, minimal CPU and memory footprint, optimized disk I/O, configurable collection intervals, adaptive rate limiting
+* **Reliable Processing** - local buffering, crash recovery, data persistence, automatic reconnection, error handling
+* **Flexible Integration** - multiple source types support, custom collector plugins, format adaptation, protocol conversion, destination selection
+* **Advanced Monitoring** - self-diagnostics, performance metrics and health status reporting, resource usage tracking, alert generation
+
+**Agent**'s architecture ensures seamless data collection and transmission while providing robust monitoring and management capabilities. Its modular design allows for easy extension and customization to meet specific organizational needs. It can operate both independently and as part of a larger telemetry infrastructure, making it suitable for various deployment scenarios, from single-server installations to large-scale distributed environments.
+
+## VirtualMetric Director Proxy™
+
+**VirtualMetric Director Proxy** is a secure, lightweight forwarding component designed to operate within customer environments, whether on-premises or in their own cloud infrastructure. This strategic component enables secure data delivery to customer-owned destinations while maintaining complete isolation of customer credentials and infrastructure access.
+
+**Director Proxy** serves as the secure bridge between **VirtualMetric Director** and customer destinations, providing a perfect solution for Managed Security Service Providers (MSSPs) managing multiple customer environments without requiring access to customer credentials or infrastructure.
+
+Key capabilities include:
+
+* **Secure Data Reception** - receives highly compressed data streams from **VirtualMetric Director**, token-based authentication (JWT-compatible), encrypted communication channels, automatic decompression and processing
+* **Azure Managed Identity Integration** - native Azure Managed Identity support for secure destination access, eliminates credential management overhead, seamless integration with Azure services, automatic token refresh and management
+* **Multi-Destination Support** - intelligent routing to Microsoft Sentinel, Microsoft Sentinel data lake, Azure Data Explorer and Azure Blob Storage based on Director instructions
+* **MSSP-Optimized Architecture** - tenant isolation and security, token-based tenant authentication, centralized management for MSSPs, no credential sharing required
+
+### MSSP Deployment Model
+
+**Director Proxy** enables a streamlined MSSP workflow where each customer tenant installs the proxy within their environment and shares only the proxy endpoint address and authentication token with the MSSP. The MSSP operates **VirtualMetric Director** centrally, processing and routing data for multiple customers without ever accessing customer credentials or infrastructure.
+
+**Director** sends destination routing instructions and processed data to **Director Proxy** via secure HTTP requests. **Director Proxy** handles all final delivery using customer-owned Azure Managed Identity credentials, ensuring complete security isolation and compliance with customer data sovereignty requirements.
+
+This architecture provides enterprise-grade security, simplified credential management, scalable multi-tenant support, and complete customer control over data destinations while enabling efficient MSSP operations.