There’s a couple components in question here (keep in mind this assumes you or your customer have a Secops license available to use)

Bind plane agent - install on endpoints - send direct to Secops or to Gateway. 
Bind Plane Gateway - Aggregation point for agents.  Collect data - have gateway send data to Secops. 
Bindplane OP server - host that stores and manages configs, pushes them to endpoints and shows connectivity.  

I personally haven’t used the Gateway piece but would see it like a WEF/WE. type setup.  Gateway config would need to be setup to send to Secops via SA json.  I’ll set one up and see what I can figure out.  Unless anyone else can hop in on that component.  

https://cloud.google.com/chronicle/docs/ingestion/use-bindplane-agent

https://observiq.com/docs/advanced-setup/kubernetes-installation/agent/architecture

Hi @dnehoda,

Thank you for your reply and thanks for the link. Personally, I did not use the Gateway you mentioned. I am using the agent to receive the logs and export them to a google secops forwarder. These are the steps I followed:

https://support.netenrich.com/hc/en-us/articles/22173999437341-Windows-Event-Logs-via-Bindplane

You can do that too - there’s quite a few ways to use BindPlane. 

But you can skip the Forwader and send direct from the Bindplane  agents.

BindPlane OP is the manager and you can get different license for the purpose
https://observiq.com/solutions

With Google license, you get unlimited agent support. 

And yes, you can move from Forwarder to Collector now, so to use only 1 platform with Google SecOps

Yes. It is possible (as mentioned above) to create 2 different Configurations . Please note the "Protocol" is different for each 1. gRPC for Destination SecOps 2. https for Destination Forwarder

Hi @Jay_Tee we just embedded our Bindplane and Data Pipeline Management webinar. Check it out here. Hopefully it helps with some of your other uses cases as you leverage these features.