The AI-Native Telemetry Pipeline: Bindplane at Google Cloud Next 2026

Google Cloud Next is right around the corner, and we're bringing our biggest demos yet to Booth 4820. Book a 15-minute slot if you want an in-person walkthrough!

New at Next!

Global Pipeline Intelligence

Building telemetry pipelines shouldn't require a manual review of every log type, parser, and label. Global Pipeline Intelligence takes most of that work off your plate — automatically identifying log types, recommending configurations, and surfacing issues before they become problems.

At Google Cloud Next, we'll demo how Pipeline Intelligence detects PII leaks, writes custom redaction rules, and gets your data Google SecOps-ready without the back-and-forth.

OCSF Meets OTel

Bindplane is built on OpenTelemetry. Wrangling telemetry from dozens of sources into a format you can actually use is already in our DNA. Now we're bringing that to security with native OCSF support.

OCSF (Open Cybersecurity Schema Framework) gives security telemetry a common language, so teams spend less time normalizing data and more time investigating threats.

We've built a new OCSF standardization processor that transforms raw logs into OCSF-compliant formats at the pipeline level. Initial support focuses on Windows and macOS endpoint security events. Come by the booth to see where we're headed.

Bindplane + Dynatrace

This month, Bindplane joined Dynatrace. We know some of you have questions about what that means — we're happy to talk through it at the booth.

The short version: Bindplane operates as a standalone product with its own roadmap. Destination neutrality is the core of what makes it useful, and that doesn't change. If anything, we now have more engineering resources to invest in integrations — including Google Cloud.

Google SecOps Pipelines

If you haven't seen it yet, Bindplane is the official way to get data into Google SecOps with Google SecOps Pipelines. Out of the box, you get:

• Automatic log type identification for Windows events, firewall logs, endpoint telemetry
• SIEM log type labels so logs parse correctly in Google SecOps the first time
• Parser validation to verify parsing before data ships, no back-and-forth
• PII detection to auto-detect sensitive data and recommend masking rules

Other cool things

SSO: Single sign-on is now generally available for OIDC, SAML, and Entra ID. Map user roles directly from your identity provider, control access at the org level, and skip manual user provisioning. Learn more →

Fleets: Organize collectors into fleets and apply shared configs at scale. Useful when you're managing thousands of agents across environments. Learn more →

Blueprints: Pre-built processor bundles for common use cases like Windows Events, Palo Alto logs, and syslog. Drop them into your pipeline and go. Learn more →

Chronicle Forwarder Migration: The legacy forwarder goes EOL in January 2027. We have tooling to convert your existing configs to Bindplane automatically. Learn more →

Catch Our Talks

Two of my Bindplane team members are speaking at Next this year. Both are worth adding to your agenda.

Operating Google SecOps at Extreme Scale: 90,000+ Windows Endpoints Thursday, April 23 | 4:40 – 5:00 PM PT

Craig Lee, Chief Architect at Bindplane, walks through how a global auto manufacturer is using Google SecOps to manage telemetry across 90,000+ Windows endpoints — and the exact roadmap they're using to scale toward 200,000 endpoints without blowing up their team or their budget. Covers OTel-based fleet management, cost reduction through smarter filtering, and how AI-native features cut pipeline build time by up to 80%.

Smarter, AI-Native Telemetry Pipelines for Google SecOps with Bindplane Friday, April 24 | 9:10 – 9:30 AM PT

Product powerhouses, Laura Luttmer from Bindplane and Aubrey Licata from Google Cloud, walk through a practical demo of collecting and processing Windows endpoint data using OpenTelemetry. The focus is on stopping the noise before it hits ingestion and using AI to automate most of the pipeline assembly. Less manual work, lower costs, better signal.

Meet the Team

We're bringing folks who can talk pipelines, AI, and security:

Ryan Goins — Head of Product. Oversees the product roadmap, including Pipeline Intelligence and our Dynatrace integration story.

Tony Ramos — Security Engineer. The brain behind OCSF standardization and Threat Intel Enrichment. Ask him the hard security questions.

Craig Lee — Chief Architect and speaker at Next. Catch his talk Thursday or find him at the booth.

Laura Luttmer — Principle Product Manager and speaker at Next on AI-native telemetry pipelines for Google SecOps. Catch her talk Friday or find her at the booth.

And more!

Book a meeting →

See You in Las Vegas

Google Cloud Next runs April 22 – 24 at the Mandalay Bay Convention Center. Find us at Booth 4820.

Whether you're migrating from Chronicle Forwarder, exploring OpenTelemetry for your Google Cloud stack, or just curious what an AI-driven observability pipeline looks like — come say hi.

Book a 15-minute demo →