The AI-Driven Security Pipeline: Bindplane at RSAC 2026 Conference

RSAC™ 2026 Conference is right around the corner, and we're unveiling new security capabilities at Booth N-5285. Book a 15-minute slot if you want an in-person walkthrough!

New at RSAC!

Global Intelligence

Building telemetry pipelines for security is tedious. You're identifying log types, writing parsers, adding SIEM labels, chasing down why logs aren't parsing correctly. Pipeline Intelligence automates most of that work, but Global Intelligence takes it further by continuously monitoring your entire environment and surfacing issues before you notice them.

At RSAC, we'll demo how Global Intelligence detects PII leaks in a pipeline, writes custom redaction rules, and surfaces them for you to review and deploy. We'll also show Threat Intel Enrichment, which tags suspect IPs in real time before the data ever reaches your SIEM.

OCSF Meets OTel

Bindplane is built on OpenTelemetry, so wrangling telemetry from dozens of sources into a format you can actually use is already in our DNA. Now we're bringing that to security with native OCSF support.

OCSF (Open Cybersecurity Schema Framework) gives security telemetry a common language, so teams spend less time normalizing data and more time investigating threats.

We're building a new OCSF standardization processor that transforms raw logs into OCSF-compliant formats at the pipeline level. Initial support focuses on Windows and macOS endpoint security events. Come by the booth to see where we're headed.

Recent Favorites

Pipeline Intelligence

If you haven't seen it yet, Pipeline Intelligence is our AI-powered automation layer that takes most of the manual work out of building telemetry pipelines, with full transparency so you stay in control.

For security teams, that means:

• Automatic log type identification for Windows events, firewall logs, endpoint telemetry
• SIEM log type labels so logs parse correctly in Google SecOps the first time
• Parser validation to verify parsing before data ships, no back-and-forth
• PII detection to auto-detect sensitive data and recommend masking rules

Learn more about Pipeline Intelligence →

Other cool things

SSO: Single sign-on is now generally available for OIDC, SAML, and Entra ID. Map user roles directly from your identity provider, control access at the org level, and skip manual user provisioning. Learn more →

Fleets: Organize collectors into fleets and apply shared configs at scale. Useful when you're managing thousands of agents across environments. Learn more →

Blueprints: Pre-built processor bundles for common use cases like Windows Events, Palo Alto logs, and syslog. Drop them into your pipeline and go. Learn more →

Chronicle Forwarder Migration: The legacy forwarder goes EOL in January 2027. We have tooling to convert your existing configs to Bindplane automatically. Learn more →

Meet the Team

We're bringing folks who can talk security, pipelines, and product:

Ryan Goins — Chief Product Officer. Oversees the product roadmap, including Pipeline Intelligence and Global Intelligence.

Tony Ramos — Security Engineer. The brain behind Threat Intel Enrichment. Ask him the hard security questions.

And more!

Book a meeting →

See You in San Francisco

RSAC 2026 runs March 23–26 at the Moscone Center. Find us at Booth N-5285.

Whether you're migrating from Chronicle Forwarder, exploring OpenTelemetry for security, or just curious what an AI-driven security pipeline looks like — come say hi.

Book a 15-minute demo →