Overcoming 20 MB Limitation for Data Archiving in Google SecOps SOAR

Question

Hello,I’m looking to implement an automated process using Google SecOps SOAR to retrieve security event data from external SIEM solutions and archive it to a file share. However, the data I need to archive frequently exceeds the 20 MB limit, which poses significant challenges for using playbooks to automate this process.Are there any alternative approaches or features within SecOps SOAR that could help handle larger data sizes? Or would it be more practical to consider other tools for this use case?I appreciate any guidance you can provide.

SoarAndy · Accepted Answer

For large file/object handling you might need to use external tools (e.g. cloud functions) where SOAR would receive the trigger, prepare/triage the overall flow, but then call an external script to actually pull/push the large data object.

ipninichuck · Answer

Could you share how you are currently attempting to move the files. Please include the list of integrations being used and a list of each action used. Also what the final destination of the files is. With this information we might be able to come up with suggestions.

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded