Hi all,

I am kinda new to Siemplify. Just started building my first playbook with SentinelOne and want to get an insight not only on the file hash but on the sample itself as well. I see that there is an action to download the threat file related to the alert. Where exactly the file is saved (locally or on the server) and how do I submit it to VT or other external entity for validation?

Thanks a lot for your help,

Victor