According to the limitations section of the documentation the databricksquery custom command has a limit on the number of results that will be returned (though the limit doesn't appear defined). This limitation (stated as being part of the API) is an inhibitor to adoption as it means results cannot be relied upon as queries that may return a larger number of results may be truncated.
If this data is being used for security purposes then this truncation of results could create blind-spots in detections. Any query being performed should return either the full number of results for the query or a limited number based on a defined configuration parameter (to prevent billions of results being returned for example).
According to the limitations section of the documentation the databricksquery custom command has a limit on the number of results that will be returned (though the limit doesn't appear defined). This limitation (stated as being part of the API) is an inhibitor to adoption as it means results cannot be relied upon as queries that may return a larger number of results may be truncated.
If this data is being used for security purposes then this truncation of results could create blind-spots in detections. Any query being performed should return either the full number of results for the query or a limited number based on a defined configuration parameter (to prevent billions of results being returned for example).