SentinelOne Integration

Hello all,

I 'm using the SentinelOne plugin well, I have one request for “Get notes”.
Currently the “Get notes” function gets only the latest note but I want to get all notes.
Could you enhance this function?

Thanks and regards,

In SentinelOne, GET /web/api/v2.1/threats/{threat_id}/notes has a default limit of 10, but you can specify 1-1000. In Swimlane 10.x, the SentinelOne plugin’s GET THREAT NOTES task has 2 inputs: threat_id & result_limit - the last one isn’t a required input, though. Try setting your workflow to use the optional input for the task to use a result_limit of 1000 and see what you get.

In this case, one threat has several notes.
If I get through the API, there is no problem.
What are you setting for the result_limit input parameter?

I set result_limit to 5, it seems normal in debugger mode but actually it can get just one result.
Debugger result, raw_json has several array results as [0],[1],[2] but I cannot get the results.