Unify telemetry, own your pipeline: New integrations for Windows, Network Telemetry, and Cloud Storage

Join the live stream at 11 am ET, here.

Bindplane's mission has always been clear. It’s rooted in two premises:

1. Provide an OpenTelemetry-native telemetry pipeline.
2. Enable managing thousands of collectors that receive telemetry from any source, process it efficiently, and deliver it to any destination.

Windows Event Tracing (ETW)

The new Windows Event Trace Logs (ETW) source opens a real-time ETW session and streams kernel and user-mode events straight into your pipeline—no intermediate log files, no brittle WMI queries. The receiver ships in BDOT v1.77.1 or later. Use it to capture hard-to-reach telemetry such as DNS-Client traces, TCP retransmits, or .NET Runtime events, and route them to any destination for low-latency troubleshooting or threat hunting.

NetFlow

For network and security teams, we’ve released a NetFlow source that listens for v5, v9, and IPFIX flows on any UDP port. Whether you’re watching east-west traffic inside Kubernetes or edge routers at remote sites, Bindplane can now enrich, filter, and forward flow records alongside the rest of your telemetry—perfect for capacity planning or correlating lateral-movement indicators in your SIEM.

Crowdstrike FDR

Endpoint telemetry joins the party with the Crowdstrike Falcon Data Replicator (FDR) source. Bindplane consumes S3 event notifications (via SQS), downloads every new object Crowdstrike drops into the bucket, and emits them as log records. We created a new, purpose-built, S3 extension to download the files, then the File source processes the data—so you keep all the familiar retry logic, batching controls, and processor ecosystem that already power your other object-store feeds.

AWS S3: Destination, Event, and Rehydration

Many of you asked for tighter S3 workflows, so we now cover the full lifecycle:

• AWS S3 destination—write any OTLP payload to S3 with server-side encryption and fine-grained IAM controls.
• AWS S3 Event source—ingest new objects as soon as they land in a bucket, ideal for log fan-in architectures.
• AWS S3 Rehydration source—backfill historical data from S3; the original receiver is now deprecated in favor of v2 with better batching and error-handling.

With all three pieces, you can archive cheap, pull back on demand, or mirror compliance copies to an immutable bucket.

Google Cloud Storage (GCS) Destination & Rehydration

You can now also follow the same pattern on Google Cloud. Our GCS destination stores telemetry as OTLP-JSON objects and will create buckets automatically if needed. Pair it with the GCS Rehydration source to replay archives into real-time analytics workflows.

What This Means for You

Every new integration follows the same design philosophy: minimal clicks, maximum control. Detect a surge of DNS errors in ETW and pivot to NetFlow to confirm packet loss; store raw Crowdstrike logs in S3 for seven years while streaming pared-down alerts to Sentinel; or replay six months of GCS archives into Google SecOps the day before an audit. Your pipeline, your telemetry, your rules.

All of these receivers and exporters are available today in Bindplane Server v1.79.2 and BDOT collector v1.77.1. Update your collectors, explore the new integrations in the Bindplane UI, and let us know what you connect next—we’re already working on the next batch of sources and destinations.

Ready to try it? Spin up a free instance of Bindplane Cloud and hit the ground running right away.