Which Google SecOps license tiers provide access to the Entity Graph search and alerting features?

I’m trying to convert my "IOC Matches" tab into SOAR cases using YARA-L rule detections, similar to the 1° example described here.

However, when I attempt to search using Entity Graph fields, I receive the error:

“Search query contains unsupported sources.”

This is confusing because I can see threat intelligence enrichment from sources like VirusTotal, but I can’t see Entity Graph fields mentioned in the documentation, such as:

• graph.metadata.entity_type

• graph.metadata.threat.severity

• graph.metadata.product_name

• $sb.graph.metadata.source_type

even though the threat intelligence source says the IP is malicious…this ip comes from IOC Matches tab.

Are these fields already available under the Enterprise license, or do they require a different licensing level? WHat am i’m doing worng?