Skip to main content
Solved

SOAR Data to Bigquery?

  • January 12, 2026
  • 5 replies
  • 75 views
ar3diu
Forum|alt.badge.img+9

Is there a way I can continuously export the SOAR case data used in dashboards to BigQuery?

Best answer by hzmndt

@ar3diu since today it’s exporting to customer’s GCP project, so all customer has.

In my view,  after SOAR phase#2 migration and later: 

Ent+ will have advanced BQ option 

→ https://docs.cloud.google.com/chronicle/docs/reports/bigquery-export

while Ent customer will have BYOBQ option → https://docs.cloud.google.com/chronicle/docs/reports/export-to-customer-managed-project

5 replies

ar3diu
Forum|alt.badge.img+9
  • ar3diuSilver 2
  • Author
  • Silver 2
  • January 13, 2026

The case information is not currently included in this list: https://docs.cloud.google.com/chronicle/docs/reports/export-to-customer-managed-project

 

Any plans to add it? 😁

hzmndt
Staff
Forum|alt.badge.img+9
  • hzmndt
  • Staff
  • January 14, 2026

@ar3diu you may want to open a support case to get access to the SOAR BQ data which has this database below. After SOAR phase#2 migration, the data should be there in the BYOP by default. 

https://docs.cloud.google.com/chronicle/docs/reference/soar-bq-schema-reference
 

This document outlines the schema for the siemplify_search_everything_db, a database designed to store and manage data for Google SecOps. This database is published to a BigQuery dataset using BYOBQ (Bring your own BigQuery) to provide the customer raw data for analysis

The database is structured to capture a comprehensive view of security operations, including:

  • Alert and case data: Detailed information about security alerts, the cases they are associated with, and their various attributes like networks, products, and tags.
  • Playbooks and action results: Information about the execution of automated workflows and playbooks, including their status and results.
  • Metadata and configuration: Tables that store configuration data for the Siemplify platform, such as case stages, user profiles, and environment parameters.
  • System and sync information: Data related to system actions and the synchronization of data within the platform.

 

ar3diu
Forum|alt.badge.img+9
  • ar3diuSilver 2
  • Author
  • Silver 2
  • January 14, 2026

@hzmndt Thank you for this! Is this exclusive to Ent+? 🤔

hzmndt
Staff
Forum|alt.badge.img+9
  • hzmndt
  • Staff
  • Answer
  • January 14, 2026

@ar3diu since today it’s exporting to customer’s GCP project, so all customer has.

In my view,  after SOAR phase#2 migration and later: 

Ent+ will have advanced BQ option 

→ https://docs.cloud.google.com/chronicle/docs/reports/bigquery-export

while Ent customer will have BYOBQ option → https://docs.cloud.google.com/chronicle/docs/reports/export-to-customer-managed-project

ar3diu
Forum|alt.badge.img+9
  • ar3diuSilver 2
  • Author
  • Silver 2
  • January 14, 2026

I will have to discuss this with our account manager. Thanks for your answers, they were very helpful! 🙏

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.