Stay organized with collectionsSave and categorize content based on your preferences.
This document contains current content limits and rate quotas for the
Security Command Center API. This page will be updated to reflect any changes to these
restrictions and usage limits.
Content limits
The Security Command Center API enforces the following usage limits:
Content Limit
Value
Findings uploads
500 MB per day
Rate quotas
The current API usage quotas for the Security Command Center API are as
follows (and are subject to change):
Quota
Value
Reads per minute
1,000
Writes per minute
1,000
These limits apply to each Google Cloud console project and are shared across
all applications and IP addresses using that project.
Attack path simulation limits
The attack path simulation feature of Security Command Center is subject to
the following limits:
You can define up to 100 resource value configurations in an organization
Both the number of custom detection modules you can create and the number
of API calls custom modules can make are subject to the quotas described
in the following sections.
Quotas for the creation of custom modules
The following table shows the quotas for the creation of custom modules.
Custom module type
Quota
Security Health Analytics custom modules
100 custom modules per organization.
API call quotas for custom modules
API calls to custom module methods are also subject to quota limits. The
following table shows the default quota limits for custom module API calls.
If you want to transfer more than 5 GB per day or more than 1,000 reads or
writes per minute, we would like to understand more about your needs and we
might be able to build custom solutions. Submit a Security Command Center API
Quota Request for your project in theGoogle Cloud console.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["| Standard, Premium, and Enterprise [service tiers](/security-command-center/docs/service-tiers)\n\nThis document contains current content limits and rate quotas for the\nSecurity Command Center API. This page will be updated to reflect any changes to these\nrestrictions and usage limits.\n\nContent limits Standard, Premium, and Enterprise [service tiers](/security-command-center/docs/service-tiers)\n\nThe Security Command Center API enforces the following usage limits:\n\n| Content Limit | Value |\n|------------------|----------------|\n| Findings uploads | 500 MB per day |\n\nRate quotas Standard, Premium, and Enterprise [service tiers](/security-command-center/docs/service-tiers)\n\nThe current API usage quotas for the Security Command Center API are as\nfollows (and are subject to change):\n\n| Quota | Value |\n|-------------------|-------|\n| Reads per minute | 1,000 |\n| Writes per minute | 1,000 |\n\nThese limits apply to each Google Cloud console project and are shared across\nall applications and IP addresses using that project.\n\nAttack path simulation limits Premium and Enterprise [service tiers](/security-command-center/docs/service-tiers) (requires [organization-level activation](/security-command-center/docs/activate-scc-overview#overview_of_organization-level_activation))\n\nThe attack path simulation feature of Security Command Center is subject to\nthe following limits:\n\n- You can define up to 100 resource value configurations in an organization\n- A high-value resource set can contain no more that 1,000 instances of high-value resources. For more information, see [Limit on resources in a high-value resource set](/security-command-center/docs/attack-exposure-learn#limit_on_resources_in_a_high-value_resource_set).\n\nNotifications Standard, Premium, and Enterprise [service tiers](/security-command-center/docs/service-tiers)\n\nCalls that use the Security Command Center API for notifications are subject to the\nfollowing quotas:\n\n| API Call Type | Limit |\n|--------------------------------------------|---------------------------------------------|\n| Read Calls (`get`, `list`) | 1000 API calls per minute per organization. |\n| Write Calls (`create`, `update`, `delete`) | 1000 API calls per minute per organization. |\n\nThe following additional limits apply to Security Command Center API notifications:\n\n| Usage | Limit |\n|--------------------------------------|-----------------------|\n| Number of `NotificationConfig` files | 500 per organization. |\n\nSecurity posture service limitations Premium and Enterprise [service tiers](/security-command-center/docs/service-tiers) (requires [organization-level activation](/security-command-center/docs/activate-scc-overview#overview_of_organization-level_activation))\n\nThe security posture service includes the following limits:\n\n- A maximum of 100 postures in an organization.\n- A maximum of 400 policies in a posture.\n- A maximum of 1000 posture deployments in an organization.\n\nInfrastructure as code validation limitations Premium and Enterprise [service tiers](/security-command-center/docs/service-tiers) (requires [organization-level activation](/security-command-center/docs/activate-scc-overview#overview_of_organization-level_activation))\n\nThe infrastructure as code (IaC) validation feature has the following\nlimitations:\n\n- A maximum input file size of 2 MB or 1,000 assets.\n- A maximum output file size of 2 MB.\n- A maximum of 5 requests per minute per organization.\n- A maximum of 1,000 requests per day per organization.\n\nExport configurations to BigQuery Standard, Premium, and Enterprise [service tiers](/security-command-center/docs/service-tiers)\n\nThe following limit applies to\n[export configurations to BigQuery](/security-command-center/docs/how-to-analyze-findings-in-big-query):\n\n| Usage limit | Value |\n|---------------------------------------------|-----------------------|\n| Number of export configurations to BigQuery | 500 per organization. |\n\nCustom module quotas Premium and Enterprise [service tiers](/security-command-center/docs/service-tiers)\n\nBoth the number of custom detection modules you can create and the number\nof API calls custom modules can make are subject to the quotas described\nin the following sections.\n\nQuotas for the creation of custom modules\n\nThe following table shows the quotas for the creation of custom modules.\n\n| Custom module type | Quota |\n|------------------------------------------|--------------------------------------|\n| Security Health Analytics custom modules | 100 custom modules per organization. |\n\nAPI call quotas for custom modules\n\nAPI calls to custom module methods are also subject to quota limits. The\nfollowing table shows the default quota limits for custom module API calls.\n\n| API Call Type | Limit |\n|-----------------------------------------------------------|----------------------------------------------|\n| **CustomModules Read Requests** (Get, List) | 1,000 API calls per minute, per organization |\n| **CustomModules Write Requests** (Create, Update, Delete) | 60 API calls per minute, per organization |\n| **CustomModules Test Requests** | 12 API calls per minute, per organization |\n\nFor more information about custom modules, see the following:\n\n- [Overview of custom modules for Security Health Analytics](/security-command-center/docs/custom-modules-sha-overview)\n\nQuota increases Standard, Premium, and Enterprise [service tiers](/security-command-center/docs/service-tiers)\n\nIf you want to transfer more than 5 GB per day or more than 1,000 reads or\nwrites per minute, we would like to understand more about your needs and we\nmight be able to build custom solutions. Submit a Security Command Center API\nQuota Request for your project in the\n[Google Cloud console](https://console.cloud.google.com/iam-admin/quotas)."]]
