As modern enterprises scale, their security operations inevitably face a daunting challenge: managing the explosive volume of telemetry data. For many organizations, the journey of data from source to destination is chaotic — plagued by runaway ingest costs, unmanageable noise, and fragmented routing. Worse, security teams operate with dangerous blind spots, where critical data is silently lost to parsing errors, network failures, or backpressure at the collector level.
To solve these persistent challenges, we're thrilled to announce the launch of Praxis Intelligent Data Pipeline Management, now natively integrated with Google SecOps.
Praxis is a full-lifecycle, intelligent pipeline platform that gives security and observability teams complete, centralized control over how telemetry is collected, transformed, routed, and optimized. By integrating natively with the Google SecOps ecosystem, Praxis replaces fragmented scripts, manual configuration, and black-box ingestion with a single visual control plane built for the modern SOC.
One of the most immediate catalysts for adopting this integration is the deprecation of Google SecOps Forwarders, scheduled to be phased out by the end of 2026. Customers running these legacy forwarders are facing a hard infrastructure deadline.
Praxis answers this directly as a Google Forwarder Migration Accelerator — enabling organizations to migrate off legacy forwarders in as little as 15 minutes. With a zero-configuration approach, Praxis delivers fast onboarding, a seamless cutover, and rapid time to value.
Historically, Windows servers required arcane collectors to relay data to a Linux-based Google SecOps Forwarder before it ever reached Google SecOps. Praxis replaces both the arcane collectors and the intermediate forwarder with a single Praxis Collector that handles ingestion filtering and forwards logs directly to Google SecOps. For on-premise environments, legacy Linux Forwarders running Docker can be instantly converted into Praxis Gateways, streamlining the flow of network device, firewall, and virtualization logs straight to Google SecOps.
Basic routing tools exist in the market, but they lack the visibility that day-to-day security operations demand. Praxis is different: it treats the data pipeline itself as critical infrastructure worth monitoring.
The integration delivers a rich graphical interface for Unified Pipeline Management across source, processor, and destination layers. Platform engineering and IT teams can natively converge 30+ sources — GitHub audit logs, Cloudflare WAF, Kubernetes telemetry, Windows events, and more — into a single pipeline with centralized transformation.
Through the visual pipeline design canvas, users architect data flows seamlessly, converge multiple sources, and apply SecOps-specific standardization. Live throughput (Bps) is overlaid on every edge for real-time visibility into exactly what's moving where. With Snapshot, teams get a hands-on playground to inspect the raw data flowing through the pipeline and see how each processor transforms it — making it easy to verify parser accuracy before pushing to production. Rather than collapsing everything into a single overall metric, Praxis delivers rich telemetry purpose-built for every individual source and destination, surfacing the specific insights that matter for each. And because performance depends on more than the pipeline alone, Praxis extends that visibility to the collector itself — exposing CPU, memory, and resource health so teams can make informed decisions on sizing and scaling, all in a single pane of glass.
This is where Praxis goes far beyond a forwarder. Praxis turns raw, heterogeneous telemetry into clean, Google SecOps-ready data before it ever reaches your SIEM.
At its core is the Google SecOps Standardization processor, which formats every event for Google SecOps — assigning the correct `log_type`, namespace, and ingestion labels so data lands parser-ready and instantly searchable.
Standardized data is delivered to Google SecOps over native ingestion (gRPC or HTTPS) with durable, disk-backed delivery — automatic retry, backpressure handling, and queueing ensure that no security event is silently dropped during a transient outage. The result: pristine, normalized, cost-optimized data streams flowing directly into Google SecOps, with full standardization handled at the edge.
Shaping data at the edge is only half the story. Praxis now natively supports Google's Data Processing Pipeline capability in Google SecOps — so you can filter, transform, and redact data inside Google SecOps, before or during ingestion, all from the same visual control plane.
Just as Praxis modernizes legacy forwarders, it modernizes how you manage Google SecOps' built-in processing. Instead of hand-editing pipeline definitions in the console or wrestling with raw API calls, teams design these pipelines visually:
Best of all, Praxis works with your existing setup: import a pipeline you already run in Google SecOps, edit it on the visual canvas, and publish your changes back — no rip-and-replace. You get the same visual design, version control, and visibility you enjoy everywhere else in Praxis, now extended to processing inside Google SecOps. Optional scheduled sync keeps everything aligned automatically.
The result: whether you shape data at the edge or inside Google SecOps, you manage it all from one unified control plane.
At the heart of this integration is Praxis Otto, an AI agent built on Gemini that fundamentally simplifies pipeline design and management.
Log parsing has long been a barrier for non-experts, demanding complex regular expressions. With Otto's AI Regex Generation, an analyst simply pastes a sample log, describes what to capture, and the AI generates an accurate parser automatically.
Otto also brings conversational observability. Security leaders can ask natural-language questions like "How much PII is flowing through the pipeline, and what is it?" And to keep compliance effortless, Praxis uses AI-assisted data masking to auto-identify and redact sensitive data — PII, PHI, and credentials — across any log stream before it reaches the SIEM.
Leading organizations are already reaping the benefits of this joint integration.
"When I learned that legacy Google SecOps Forwarders were being deprecated, we needed a solution that wouldn't disrupt our complex data environment. Praxis by Netenrich allowed us to migrate our endpoints in under 15 minutes with a zero-configuration approach. Not only did we achieve a seamless cutover, but for the first time, we gained deep, real-time observability into our entire data pipeline. Praxis has transformed how we filter noise and route critical telemetry to Google SecOps. Thank you for developing such an innovative product!"
— Richard R. Reynoso,
SVP of Managed IT Services, United Data Technologies (UDT)
The era of direct, unmanaged data ingestion is over. The Praxis era brings automated data sovereignty, explainable AI filtering, and native context-awareness to the edge of your network. By upgrading your Google SecOps pipeline with Praxis, you ensure a future-proofed, cost-efficient, and seamlessly scalable security posture.
For complete configuration steps, deployment architecture, and troubleshooting guidance, visit our technical documentation: https://praxis.netenrich.com/docs/