Axoflow + Google Cloud: Reduced, AI‑Ready Security Data
Overview
Security teams grapple with explosive data growth and sprawling pipeline architectures. Axoflow collects raw logs and automatically turns them into smart, structured, and immediately actionable events-right inside Google Cloud.
Integrating natively with Google Security Operations, Pub/Sub, BigQuery, Private Service Connect, and Google Kubernetes Engine (GKE), Axoflow lets you ship less noise, spend less time babysitting your pipeline and your data, and unlock more value from every security byte.
investigations
Why It’s Great
Clean, Unified Data for Google SecOps
AxoRouter automatically classifies, normalizes, enriches, and reduces your data in the pipeline, and forwards the events to SecOps in Unified Data Model (UDM) format, slashing false positives, compute costs, and noise; and speeding up investigations.
Lightning‑Fast Publishing to Pub/Sub
Native gRPC transport with Protocol Buffers means smaller payloads, reduced bandwidth, multiplexed connections, and extreme throughput at scale.
AI‑Ready Analytics in BigQuery
Declarative dynamic routing sends parsed, classified, and enriched records to exactly the right BigQuery table-no manual mapping required.
Private Service
Keep traffic inside your VPC with Google Cloud Private Service Connect for zero public‑internet exposure and simplified compliance with the only pipeline supporting it
Flexible GKE Deployment
Run AxoConsole and AxoRouters your way: as a fully managed SaaS or self‑managed in your own GKE cluster, with Google OIDC for single sign‑on.
High performance, low footprint infrastructure
Axoflow’s components are optimized for performance, and handle enterprise-grade data volumes with low infrastructure costs.
Federated search
Keep security data where it’s cheapest and most useful. Axoflow offers tiered data storage with federated search, and the ability to route or rehydrate only what you need into Google SecOps, or the tool of your choice.
Use cases
Elevate Detection & Response with Google Security Operations
- Pre-process logs through AxoRouter to remove noise, standardize fields, and enrich with context. Automatically, out-of-the-box.
- Deliver UDM‑formatted events in real time for higher‑fidelity alerts and faster, more confident investigations.
- Feed SOAR playbooks with well‑labeled events to streamline automated response.
High‑Throughput Delivery to Google Pub/Sub
- Publish via gRPC instead of HTTP, reducing overhead, bandwidth, and latency.
- Multiplex connections for massive concurrent streams without connection sprawl.
- Secure and reliable delivery with built-in acknowledgements and flow control to handle peak loads and network outages.
Feed AI‑Ready Data to BigQuery
- Route data dynamically based on content or metadata-no brittle, hard‑coded logic.
- Store parsed, normalized, classified, and enriched records that power accurate dashboards and ML models.
- Send only what’s needed to get the best signal from your AI models without the noise.
Migrating to Google SecOps or Pub/Sub
- Axoflow was built with multi-destination delivery from day one, and is migration-friendly by design.
- The pipeline has full control over the data: you can send the same events to multiple destinations, optimized for each destination individually.
- Mirror the traffic, validate your data in the new destination, then flip the switch.
True integration with Google SecOps
Unlike other tools that simply forward your data as-is to Google SecOps, Axoflow does:
- Classification and parsing: Identifies and parses logs from hundreds of COTS products in real time, enabling effective noise reduction.
- Noise reduction before ingestion: Removes redundant events and duplicate fields so you spend less on ingestion and run queries faster.
- Smart field mapping: Normalizes data into the UDM format that SecOps can interrogate effectively.
- Enriched identity tags: Cloud resource tags, Kubernetes metadata, device IDs, and dynamic labels arrive pre-mapped for filters, SLOs, and drill-down investigations.
gRPC instead of HTTP: gRPC aligns with Google’s recommended ingestion pattern, and has superior performance, efficiency, and reliability over traditional HTTP-based connectors.
Run Axoflow Anywhere on GKE
- Managed Deployment – Let us host AxoConsole for you as SaaS.
- Self‑Managed Deployment – Bring the AxoConsole and AxoRouters into your own GKE cluster for full control.
- Scale your infrastructure as needed and authenticate via Google OpenID Connect.
- Communicate over private IPs with Private Service Connect; no traffic ever leaves Google’s backbone.
Optimize storage and ingestion costs
Axoflow’s storage solutions help you keep your security data where it’s cheapest and most useful:
- Store locally, retain mid-term, and scale to petabytes - then query and rehydrate with federated search across every Axoflow store.
- A decoupled SIEM approach - separating data handling from analytics - gives control and cost leverage while keeping your SIEM valuable.
- Pushing every log to one sink is often impractical and costly: the future looks centrally defined but distributed + federated collection and analysis.
- Prevent data loss during spikes and outages, then rehydrate exactly what’s needed.
- Shift left for data quality so downstream AI/analytics stay fast and accurate.
- Extend retention & control costs by keeping long-tail data out of SIEM ingest.
Get Started in Minutes
Spin Up a Sandbox
Experience a live Axoflow instance on Google Cloud with no commitment.
Connect Your Sources
Start sending data from Windows or Linux hosts, cloud connectors, or appliances via syslog, OpenTelemetry, HTTP, and more.
Route & Transform
Create data flows in AxoConsole to send optimized data to SecOps, Pub/Sub, BigQuery-or to multiple destinations.
Measure the Difference
Watch query speeds climb, false positives drop, and storage costs fall.
FAQs
How does Axoflow integrate with Google SecOps in terms of the Unified Data Model (UDM)?
When your data hits AxoRouter, it’s automatically classified using a database continuously refined by our veteran cybersecurity team-augmented with supervised AI. Our purpose-built engine automatically recognizes:
- What data is flowing through (which appliance or application generated the message), and
- Which parts of its content carry security relevance (and what is redundant, so it can be dropped)
- How to normalize the message to UDM (and other formats), including what logtype to set for this particular message, which parts of the message should be mapped to which fields, and so on.
What’s the advantage of using gRPC with Pub/Sub compared to HTTP?
Publishing data to Google Cloud Pub/Sub using gRPC has significant performance, efficiency, and reliability benefits over traditional HTTP-based connectors, including:
- Higher throughput and lower latency: gRPC uses a persistent, multiplexed connection instead of opening a new HTTP request for every message. This dramatically reduces connection overhead and latency, allowing Axoflow to stream large volumes of security telemetry into Pub/Sub.
- Efficient data serialization with Protocol Buffers: gRPC relies on Protocol Buffers (Protobuf) for message encoding, so data payloads are much smaller than JSON or text-based HTTP formats. That means faster transmission, reduced bandwidth usage, and lower ingestion costs.
- Stronger delivery guarantees: Axoflow’s gRPC-based publisher leverages Pub/Sub’s built-in acknowledgements and flow control to ensure messages are delivered reliably. When network interruptions occur, messages are retried automatically and remain durable until successfully acknowledged, minimizing data loss.
- Secure, modern transport: gRPC runs over HTTP/2 with TLS encryption, offering secure communication between Axoflow and Google Cloud. This ensures that your sensitive log and telemetry data remain protected in transit, meeting enterprise compliance requirements.
Resources
Request a Sandbox
- Hands‑on trial environment to see Axoflow on Google Cloud in action