SentinelOne - Get Blocklist Items

Get a list of all the items on the blocklist from SentinelOne.

Target: SentinelOne integration target or an HTTP Endpoint for "your-tenant.sentinelone.net" with a path of "/web/api/v2.1"

Account Key: None if using an integration-provided target, API token if using an HTTP endpoint target

Steps:

• Generate the authorization header
• Build the query string
• Fetch the blocklist items
• Check if the request was successful:
  • If it was, attempt to extract the results and set the output variables
  • If it wasn't, output an error

More information about this API can be found in the SentinelOne documentation.