Service limits
This page provides details on the limits that apply to Google Security Operations. You can request API limit increases by contacting Cloud Customer Care.
API limits
The following APIs enforce limits on the volume of requests that can be made by you against the Google Security Operations platform. The limits are measured in queries per second (QPS) or queries per hour (QPH).
| API name | API method | Limit |
|---|---|---|
| Search API | List Alerts | 1 QPS |
| Search API | ListEvents | 1 QPS |
| Search API | ListIocs | 1 QPS |
| Search API | ListIocDetails | 1 QPS |
| Search API | ListAssets | 5 QPS |
| Search API | ListAssetAliases | 1 QPS |
| Search API | ListUserAliases | 1 QPS |
| Search API | udmSearch | 360 QPH |
| Search API | GetLog | 60 QPS |
| Search API | GetEvent | 60 QPS |
| Feed management | Create Feed | 1 QPS |
| Feed management | Get Feed | 1 QPS |
| Feed management | List Feeds | 1 QPS |
| Feed management | Update Feed | 1 QPS |
| Feed management | Delete Feed | 1 QPS |
| Forwarder management | Create Forwarder | 1 QPS |
| Forwarder management | Get Forwarder | 1 QPS |
| Forwarder management | List Forwarders | 1 QPS |
| Forwarder management | Update Forwarder | 1 QPS |
| Forwarder management | Delete Forwarder | 1 QPS |
| Collector management | Create Collector | 1 QPS |
| Collector management | Get Collector | 1 QPS |
| Collector management | List Collectors | 1 QPS |
| Collector management | Update Collector | 1 QPS |
| Collector management | Delete Collector | 1 QPS |
| BigQuery Access | Update BigQuery Access | 4 QPS |
Reference list limits
A reference list is a generic list of values which can be used to analyze your data. For more information, see Reference lists.
String lists
String lists have the following limits:
- Maximum list size: 6MB
- Maximum length of any single list content line: 5000 characters
Regular expression lists
Regular expression lists have the following size limits:
- Maximum list size: 0.1MB
- Maximum number of lines: 100
- Maximum length of each content line: 5000 characters
CIDR lists
CIDR lists have the following size limits:
- Maximum list size: 0.1MB
- Maximum number of lines: 150
- Maximum length of each content line: 5000 characters
Ingestion rate
When the data ingestion rate for a tenant reaches a certain threshold, Google Security Operations dynamically adjusts the ingestion rate to ensure availability for new data feeds. The ingestion volume and tenant's usage history determines the threshold. For information on volume of data which can be ingested into Google SecOps by a single customer, see Burst limits.
Dashboard search limit
In search, the quota is per user per hour but for dashboards it is per Google SecOps instance. For more information about dashboards, see Dashboards.