Stay organized with collections
Save and categorize content based on your preferences.
Service limits
Ingestion limits
| Type |
Default amount |
Maximum amount |
| Alerts per day |
According to license |
According to license |
| Alerts per case |
20 alerts |
90 alerts |
| Alert size |
8 million characters (approximately 8MB) per alert. |
8 million characters (8MB) per alert. An alert over 8MB is subject to trimming.
For more information, see
Handle large alerts. |
| Events in alert |
500 events |
500 events (events that exceed the amount are removed from the alert) |
| Entities in alert or case |
500 entities in
the same case or alert |
500 entities in
the same case or alert |
| Relations in alert or case |
500 relations in the
same case or alert |
500 relations in the
same case or alert. The same case or alert can contain both 500 entities and 500
relations. |
| Timeframe for grouping alerts |
2 hours |
24 hours |
| Timeframe for overflow case grouping |
2 hours |
24 hours. For more information, see
Define alert overflow.
|
| Alert grouping into overflow case |
50 |
100 |
Playbook limits
| Type |
Default amount |
Maximum amount |
| Playbooks per day |
Based on the amount of alerts according to your license
(calculation is that
each alert will have one playbook
automatically attached) |
Based on the amount of alerts according to your license |
| Playbooks per alert |
10 in total - 1 automatically and 9 can be manually added |
10 in total |
| Parallel actions |
5 actions per step |
5 actions. For more information, see
Using parallel actions. |
| Playbook sync actions run time |
10 minutes |
20 minutes |
| Playbook async actions runtime |
- 10 minutes for script timeout
- 1 hour for async polling interval
- 1 day for async action timeout
|
- 20 minutes for script timeout
- 24 hours for async polling interval
- 1 day for async action timeout
|
| Playbook JSON result |
15 MB |
15 MB |
Case and User Management limits
| Type |
Default amount |
Maximum amount |
| Case - entity properties |
100 properties per entity |
100 properties per entity |
| File size uploaded on case wall |
50 MB |
50 MB |
| Roles in platform |
20 roles |
20 roles |
System limits
| Type |
Default amount |
Maximum amount |
| Data retention |
12 months |
60 months |
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-04-24 UTC.
[{
"type": "thumb-down",
"id": "hardToUnderstand",
"label":"Hard to understand"
},{
"type": "thumb-down",
"id": "incorrectInformationOrSampleCode",
"label":"Incorrect information or sample code"
},{
"type": "thumb-down",
"id": "missingTheInformationSamplesINeed",
"label":"Missing the information/samples I need"
},{
"type": "thumb-down",
"id": "otherDown",
"label":"Other"
}]
[{
"type": "thumb-up",
"id": "easyToUnderstand",
"label":"Easy to understand"
},{
"type": "thumb-up",
"id": "solvedMyProblem",
"label":"Solved my problem"
},{
"type": "thumb-up",
"id": "otherUp",
"label":"Other"
}]
