How Axoflow Works with Google Security Operations, Cloud, Pub/Sub, and BigQuery

Axoflow supports deployment across major cloud environments, including Amazon Web Services, Microsoft Azure, and of course, Google Cloud. While the core Axoflow platform functions consistently across providers, each cloud offers unique features—and we’ve built our integrations for you to take full advantage of them.

In this post, we’ll focus on how Axoflow integrates with key Google Cloud services like Google SecOps, Pub/Sub, BigQuery, and Private Service Connect, and how you can run Axoflow on Google Kubernetes Engine (GKE).

Elevate Detection and Response with Google SecOps

Google Security Operations (SecOps, formerly Chronicle) is Google Cloud’s unified platform for threat detection, investigation, and response, covering SIEM, SOAR automation, and threat intelligence capabilities, all built on Google’s infrastructure.

Axoflow's integration with Google SecOps amplifies these values by delivering high-quality, structured security and telemetry data to the platform in real time. Here’s how you benefit:

Cleaner, Enriched Data for Threat Detection
Google SecOps works best when it receives well-structured, normalized, and enriched data, formatted according to its Unified Data Model (UDM). That’s exactly what Axoflow does. By preprocessing logs through AxoRouter, you eliminate the noise, standardize field names, classify log types, enrich with context, and format them as UDM events—even before the data reaches SecOps.
Accelerated Investigations
Structured data means faster queries and fewer false positives. Investigators can delve through entities, logs, and threat intel with greater confidence, knowing the underlying data is reliable and consistent.
Streamlined Response Workflows
With Axoflow ensuring high-fidelity, contextualized input into Google Security Operations SOAR, automation rules become more effective. Playbooks can trigger confidently on well-labeled events instead of raw, ambiguous logs.
Unified Security Architecture
By using Axoflow as a front end to your Google SecOps deployment, you create a modular pipeline that can flexibly route data to multiple destinations—SIEM, SOAR, storage, analytics, or all at once.
Wide agent and protocol support
Axoflow provides a number of agents (including Windows and Linux), cloud connectors, and support for ingesting and transforming data using several protocols, including syslog, OpenTelemetry, HTTP, and more.

In short: Axoflow ensures that the infrastructure powering your SecOps workflows is not just fast and scalable—but also provides smart, clean, and AI-ready data.

Google SecOps integration is currently in private beta. If you’re interested in testing it and shaping its development, let us know.

High-Performance Delivery to Google Pub/Sub

Axoflow enables high-throughput delivery of security data to Google Cloud Pub/Sub, Google’s real-time messaging service. Unlike many tools that use HTTP-based connectors, Axoflow uses gRPC for Pub/Sub publishing. Here’s why that matters:

Speed & Efficiency: gRPC uses Protocol Buffers (Protobuf), which is a compact binary format—smaller and faster than JSON.
Scalability: gRPC supports multiplexing over a single connection using HTTP/2, which significantly improves performance in large-scale environments.
Reliability: Streamlined connection management and flow control mean fewer dropped messages and more resilient pipelines.

These technical advantages make Axoflow a high-performance bridge between your security infrastructure and the Google Cloud ecosystem.

Content-based Dynamic Routing to BigQuery Analytics and AI

Google BigQuery is more than a data warehouse—it's an AI-enabled analytics platform. This makes it a prime destination for storing and analyzing security data. By implementing content-based dynamic routing, you can leverage rich schema descriptions for security data without adding unnecessary complexity to your ingestion pipeline. Instead of hard-coding logic for every data source, the system determines the appropriate destination table based on the content or metadata of the incoming event. This makes the pipeline scalable, easier to maintain, and more adaptive to change.

Axoflow’s BigQuery integration ensures that the data you feed into your warehouse is:

Parsed
Normalized
Classified
Enriched

Clean, structured data is essential for accurate analytics and effective AI/ML applications. Whether you're training anomaly detection models or querying for incident investigation, good data hygiene starts upstream—and Axoflow handles that for you automatically.

We initially developed the BigQuery destination for a customer’s AI security analytics stack, and it will be generally available soon.

Secure Connectivity with Private Service Connect

When running Axoflow in Google Cloud, security doesn’t stop at encryption. Google Cloud Private Service Connect (PSC) allows you to keep all communication between your private cloud services and Axoflow Console inside Google’s network.

With PSC:

Your hosts talk to Axoflow Console over private IPs, not the public internet.
Data stays within your VPC, reducing exposure.
You meet stricter compliance and governance requirements.

This is especially valuable for regulated environments where traffic inspection and control are critical.

Running Axoflow Console and AxoRouter in GKE

Deploying Axoflow in Google Cloud is straightforward. Both the Axoflow Console—the control plane for your data curation pipeline—and the AxoRouter nodes—responsible for ingesting, parsing, classifying, and routing your security data—can be run in Google Kubernetes Engine (GKE).

We offer two options:

Managed Deployment: We deploy and manage the Axoflow Console for you as a SaaS.
Self-Managed Deployment: Prefer full control? You can deploy the Console and AxoRouters into your own GKE cluster.

This flexibility allows you to align deployment with your security, compliance, and DevOps strategies. And of course, in both cases you can use Google OpenID Connect to authenticate on Axoflow Console.

Summary

Whether you're streaming high-volume of logs and security data to Google SecOps, powering analytics with BigQuery, or deploying across GKE clusters, Axoflow integrates natively with Google Cloud to deliver: