Every few weeks, I hear this line:

"We know we’re sending junk to the SIEM. We just don’t have a clean way to stop it."

Sometimes, they'll say it like, "Our SIEM's full of crap. But at least it's all the crap."

But I know what they mean, and it's not anything they're doing wrong. it's something every security team feels.

"We’re paying for logs we don’t even use."

That's the crux of it, and that's why data pipelines are exploding in popularity.

This all points to the same thing.

More data isn’t the goal—better data is.

Security teams don’t just want cheaper tools. They want smarter control of the data that feeds those tools.

We’ve all seen it: a flood of logs pushed into a SIEM “just in case.”

DNS, VPC Flow, EDR, Kubernetes, Active Directory.

All in different formats. All treated equally.

It’s expensive. It’s unbeleivably noisy. And it’s hard to know which logs actually support detection, compliance, and investigation.

A different approach to Security in 2025?

Pipelines are a hot topic in security right now.

And it's clear why. Data pipelines can:

• Filter out routine events (without dropping signal)

• Enrich raw logs with context—GeoIP, RBAC, asset tags

• Route high-fidelity events to the right tools

• Store the rest more affordably for forensics or audit (in something like S3, or Wasabi.

They’re not asking for another dashboard. They’re asking for upstream control.

The shift: from collection to curation

Here’s how I see the transition happening:

Before:

• Collect everything

• Dump it into a SIEM

• React to alerts (or false positives)

Now:

• Define what matters

• Shape data before it hits the SIEM

• Route it based on use case: detection, compliance, retention

This shift is subtle, but it’s powerful. Because the moment you stop assuming “everything is important,” you can actually prioritize.

Shape data upstream with Datable

At Datable, we built a pipeline for exactly this problem. Our users filter, enrich, and route security telemetry before it ever touches their SIEM, SOAR, or lake.

That means:

They cut ingest volume (and cost)

They reduce alert fatigue

They gain clarity on what data goes where—and why

It’s not just about saving money. It’s about sending better data to the places that matter.

If you’re wrestling with noisy logs, vendor spend, or unclear coverage, you’re not alone. The teams I talk to want the same thing: control.

And they’re starting to get it—by reshaping the way data moves.