English
Deutsch
Español – América Latina
Français
Português – Brasil
中文 – 简体
日本語
한국어

Console

Contact Us Start free

Service limits

Supported in:

Google SecOps SOAR

Ingestion limits

Type	Default amount	Maximum amount
Alerts per day	According to license	According to license
Alerts per case	20 alerts	30 alerts as defined in the platform. Can be increased up to 90 alerts based on customer request
Alert size	8 million characters (approximately 8MB) per alert.	8 million characters (8MB) per alert. An alert over 8MB is subject to trimming. For more information, see Handle large alerts.
Events in alert	500 events	500 events (events that exceed the amount are removed from the alert)
Entities in alert or case	500 entities in the same case or alert	500 entities in the same case or alert
Relations in alert or case	500 relations in the same case or alert	500 relations in the same case or alert. The same case or alert can contain both 500 entities and 500 relations.
Timeframe for grouping alerts	2 hours	24 hours
Timeframe for overflow case grouping	2 hours	24 hours. For more information, see Define alert overflow.
Alert grouping into overflow case	50	100

Playbook limits

Type	Default amount	Maximum amount
Playbooks per day	Based on the amount of alerts according to your license (calculation is that each alert will have one playbook automatically attached)	Based on the amount of alerts according to your license
Playbooks per alert	10 in total - 1 automatically and 9 can be manually added	10 in total
Parallel actions	5 actions per step	5 actions. For more information, see Using parallel actions.
Playbook sync actions run time	10 minutes	20 minutes
Playbook async actions runtime	10 minutes for script timeout 1 hour for async polling interval 1 day for async action timeout	20 minutes for script timeout 24 hours for async polling interval 1 day for async action timeout
Playbook JSON result	15 MB	15 MB

Case and User Management limits

Type	Default amount	Maximum amount
Case - entity properties	100 properties per entity	100 properties per entity
File size uploaded on case wall	50 MB	50 MB
Roles in platform	20 roles	20 roles

System limits

Type	Default amount	Maximum amount
Data retention	12 months	60 months
API rate	900 requests per minute	N/A
Size of libraries added to IDE integration	N/A	500 MB
Manual Python execution: Run connector once Run manual action IDE - Play item	5 minute timeout	5 minute timeout

Need more help? Get answers from Community members and Google SecOps professionals.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-03-06 UTC.