Vega Security Analytics Mesh (SAM) Platform is a federated security analytics platform that connects to and queries security data across multiple repositories without requiring data migration or centralized ingestion. Core function: - Provides a unified layer over existing data stores including SIEMs, data lakes, cold storage, and cloud object storage - Uses federated search to query all connected repositories simultaneously without moving data - Supports natural language and KQL (Kusto Query Language) queries across data sources Detection and triage capabilities: - Extends detection coverage across multiple SIEMs, data lakes, point products, and cold storage - Automatically investigates and correlates alerts across data sources - Uses AI to filter noisy alerts and surface relevant detections - Continuously identifies blind spots in existing detection coverage Assessment: - AI-driven analysis across all connected data sources to tune alert quality - Identifies gaps in visibility across the security data estate Connectivity: - Pre-built connectors for data lakes, analytics platforms, cloud storage, and SIEMs - Designed to operate without modifying the existing security stack The platform is positioned as a cost-reduction tool for organizations with high SIEM storage costs, enabling them to query data that would otherwise be archived or inaccessible due to ingestion cost constraints.