Overview
AI SIEM Overview
Learn more about AI SIEM from SentinelOne.
SentinelOne Singularity AI SIEM is a cloud-native SaaS solution that revolutionizes security operations by unifying cutting-edge generative and agentic AI with advanced hyperautomation. This fundamentally shifts the security analyst's role from repetitive, manual tasks to strategic threat analysis and proactive defense, enabling teams to operate with unprecedented speed and efficiency.
Unlike legacy SIEMs, our platform is built on an open, unified data lake designed for the scale and speed of modern cloud environments. It processes rich, unfiltered data to deliver autonomous threat mitigation, drastically reducing alert fatigue and mean time to resolution (MTTR) for AWS customers.
Key Features & Benefits
Autonomous & Agentic AI: Critical threats are autonomously mitigated by our AI, seamlessly augmenting human analysts for effective threat hunting and investigations.
Hyperautomation Workflows: Streamline security operations with no-code automation to design and deploy workflows that automate triage, investigation, and response processes.
Observo AI for Data Optimization: Our integration gives you an AI-native pipeline that ingests, enriches, and optimizes data before it reaches the SIEM. This reduces ingestion costs by ensuring you only pay for critical security posture data.
Purple AI for Accelerated SecOps: Our generative AI analyst is built into the platform to reduce manual effort. It provides instant summaries and automates threat hunting with natural language to accelerate investigations.
Seamless AWS Integrations
SentinelOne Singularity AI SIEM is designed to integrate seamlessly into your AWS security ecosystem, providing enhanced visibility and simplified operations.
Amazon Security Lake: Ingest high-fidelity security data from SentinelOne and other sources into Amazon Security Lake for a unified view, simplifying compliance and enabling in-depth threat hunting.
AWS Security Hub: Automatically send and receive security findings, allowing for centralized management and a comprehensive security posture assessment across your entire AWS environment.
Amazon GuardDuty: Enhance your threat detection by correlating SentinelOne data with findings from GuardDuty, gaining a deeper understanding of malicious activity in your AWS accounts.
AWS AppFabric: Get a unified, contextualized view of user activity across your SaaS applications and your AWS environment, improving your ability to detect and respond to insider threats and compromised accounts.
NEW - AWS Security Incident Response: Manage security incident response across AWS environments within Hyperautomation's no-code canvas, adding context from both external and internal sources and reducing MTTR.
Experience the Autonomous SOC
Break free from the limitations of legacy SIEMs and empower your security team to focus on what matters most. With SentinelOne Singularity AI SIEM on AWS, you can achieve faster threat detection, more efficient investigations, and a stronger security posture.
Highlights
- 100x faster than legacy SIEM
- 50% lower operational costs and 246% ROI compared to legacy SIEM
- 99% reduction in risk exposure, and 80% faster threat detection compared to AI SIEM
Details
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Buyer guide

Financing for AWS Marketplace purchases
Pricing
Dimension | Description | Cost/12 months |
|---|---|---|
Contact us for pricing | Daily ingestion starting from $721 | $125,000.00 |
Vendor refund policy
Contact us for refund questions or concerns.
Custom pricing options
How can we make this page better?
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
Support is available for these solutions via telephone or our customer support portal. Contact: 1-855-868-3733 General Inquiries: sales@sentinelone.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Customer reviews
Centralized monitoring has transformed investigations and now reduces incident response time
What is our primary use case?
My main use case for SentinelOne Singularity AI SIEM is centralized log management, threat detection and correlation for incident investigation, automated response, cloud security monitoring, and endpoint plus SIM correlations.
My primary use case for SentinelOne Singularity AI SIEM is centralized security monitoring and incident investigation. I ingest logs from Microsoft Entra ID , Active Directory, Microsoft 365, firewall, VPNs, and SentinelOne EDR into the AI SIEM . Instead of checking each platform individually, I use SIEM to correlate events, identify suspicious activity, and investigate incidents from a single console.
What is most valuable?
The best features SentinelOne Singularity AI SIEM offers include centralized log management, AI-powered threat detection, Purple AI , AI Security Assistant, unified investigation timeline, and threat hunting. Hyper automation, fast search and investigation, cloud, and identity visibility are also standout features.
Out of those features, the centralized console is the one I find myself using the most, and it has made a big difference in my daily work.
SentinelOne Singularity AI SIEM has positively impacted my organization by improving visibility, reducing investigation time, and helping the security team respond to incidents faster.
What needs improvement?
Overall, SentinelOne Singularity AI SIEM is a strong platform, but there are a few areas where it could be improved. One area is customization. While it provides many built-in decorations and dashboards, creating highly customized decoration rules and reports can sometimes require additional efforts. Another area is third-party integrations. Although it integrates with many security products, expanding native integration and simplifying onboarding for less common vendors would make deployment easier.
From a usability perspective, I think the platform could make advanced investigation more intuitive. New analysts can face a learning curve when building complex searches, custom detection rules, or dashboards. Improving the user experience with more guided workflow templates and contextual recommendations would help teams become productive more quickly.
For how long have I used the solution?
I have been using SentinelOne Singularity AI SIEM for about one year.
What do I think about the stability of the solution?
In my experience, SentinelOne Singularity AI SIEM has been a stable platform. It has been reliable for day-to-day SOC operations, including log ingestion, real-time monitoring, threat detection, and incident investigation.
What do I think about the scalability of the solution?
In my experience, SentinelOne Singularity AI SIEM is highly scalable. As my organization grows, it is able to ingest and analyze logs for additional cloud services, identity providers, and network devices without requiring major changes to my security operations. This makes it well-suited for organizations with hybrid or multi-cloud environments.
I would rate the scalability of SentinelOne Singularity AI SIEM very high. It is designed to handle growing log volumes and supports environments that include on-premises infrastructure, cloud services, endpoints, identity platforms, and network devices.
How are customer service and support?
My experience with the support has been very responsive and knowledgeable, particularly for technical issues and troubleshooting. I would rate the customer support eight out of ten.
Which solution did I use previously and why did I switch?
I previously used another SIM solution. The main reason for moving to SentinelOne was to improve centralized visibility, simplify security options, and take advantage of AI-driven event correlations. With the previous solution, investigation often required switching between multiple tools and manually correlating events.
How was the initial setup?
Overall, my experience with pricing, setup cost, and licensing has been positive. While SentinelOne Singularity AI SIEM is an enterprise-grade platform and not the lowest cost option, I think the pricing is reasonable considering the capabilities it provides. Features such as centralized log management, AI-driven analytics, automated workflow, and integrated security options can reduce operational overhead and improve SOC efficiency, which helps justify the investment.
What was our ROI?
I have seen a positive return on investment primarily through operational efficiency rather than reducing headcount. The biggest measurable benefit has been the reduction in investigation time. Before using SentinelOne Singularity AI SIEM, investigating a moderately complex alert took around thirty to sixty minutes because analysts had to collect logs from multiple security tools. With centralized log management and AI-driven correlation, I can often understand the scope of an incident in about ten to fifteen minutes.
What's my experience with pricing, setup cost, and licensing?
Overall, my experience with pricing, setup cost, and licensing has been positive. While SentinelOne Singularity AI SIEM is an enterprise-grade platform and not the lowest cost option, I think the pricing is reasonable considering the capabilities it provides. Features such as centralized log management, AI-driven analytics, automated workflow, and integrated security options can reduce operational overhead and improve SOC efficiency, which helps justify the investment.
Which other solutions did I evaluate?
I considered other enterprise SIEM platforms such as Sentinel , Splunk, Enterprise Security, IBM, and Google Security Operations . I evaluated them based on integration with my existing environment, AI-assisted threat detection, scalability, ease of investigation, automation capabilities, and total cost of ownership. SentinelOne stood out because of its strong integration between EDR and AI SIEM, centralized visibility, and AI-driven event correlations.
What other advice do I have?
My advice would be to spend time planning the deployment and identifying the log resources that provide the most value. SentinelOne Singularity AI SIEM is most effective when it is integrated with key systems such as Entra ID, 365, VPN, and endpoints. I would rate this product eight out of ten overall.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Centralized security data has improved AI-driven threat correlation and faster incident response
What is our primary use case?
SentinelOne Singularity AI SIEM serves as our centralized platform for security data across our environments, enabling real-time threat detection and accelerated incident response. I use it to collect and analyze logs from endpoints, cloud workloads, identity providers, firewalls, and SaaS applications.
We initially used SentinelOne Singularity AI SIEM to identify and investigate a potential account compromise. The platform correlated unusual login activities from our identity provider, multiple authentication attempts, and suspicious PowerShell execution on an endpoint. Rather than having analysts manually check logs from different tools, the AI SIEM automatically connected these events into a single incident. This allowed our SOC team to quickly determine that the credentials were compromised and isolate the affected endpoint.
Our primary use case focuses on improving SOC efficiency by centralizing security telemetry and using AI to correlate alerts from endpoints, cloud identity, and network sources. Instead of investigating isolated alerts, analysts receive prioritized incidents with the full attack timeline. This helps reduce alert fatigue, speed up investigations, and enable faster response to threats such as phishing, credential compromise, and lateral movement.
What is most valuable?
The best feature is that it collects and correlates logs, which is very helpful. We also use it for AI-powered investigations. The platform provides unified visibility, AI-driven alert correlations, threat hunting, automated response, and AI-driven data pipelines. These are the features I found most valuable.
We have been using the AI-driven alert correlation feature extensively. Without AI-driven alert correlation, an employee clicking on a phishing email could exploit our entire organization. The AI automatically recognizes that all of these events are connected because they involve the same user, endpoint, and timeframe. We use it when somebody receives a phishing email or clicks a link, credentials are used from an unusual location, PowerShell is launched, connections are made to a malicious server, and persistence attempts occur. The correlation feature helps us identify and correlate these attacks, determine where the attack started, and find the threat so we can fix it.
The platform brings together AI, automation, and unified visibility in a way that helps security teams work more efficiently. Rather than switching between multiple tools and manually correlating alerts, analysts can investigate incidents from a single console with AI-assisted context. Features such as automated alert correlation, threat hunting, and response workflows help reduce investigation time and improve overall SOC productivity.
One of the biggest positive impacts has been improved operational efficiency for the security team. By centralizing telemetries from multiple sources and using AI to correlate related alerts, we have reduced the time spent on manual investigation. Analysts can focus on higher priority incidents. We have also noticed faster incident detection and response, better visibility across endpoints, cloud, and identity environments, as well as improved collaboration because everyone works from the same incident view.
What needs improvement?
Overall, SentinelOne Singularity AI SIEM is a very strong platform, but there are a few areas where I would like to see improvements. The AI-generated investigations can occasionally require manual validation for complex incidents. Increasing the precision and explainability of AI recommendations would be valuable. I would also appreciate even broader out-of-the-box integrations with third-party security tools and more pre-built detections and response playbooks. Additionally, making dashboards and reporting even more customizable would help organizations tailor the platform to different teams and executive reporting needs.
SentinelOne Singularity AI SIEM is a very strong platform, so I do not have much to suggest for improvement. Those are the main areas I would highlight. Overall, the platform is quite mature, and the improvements I would like to see are more about enhancing usability than addressing major shortcomings. Continued investigation into AI accuracy and explainability, additional native integrations with third-party tools, richer pre-built automation playbooks, and more flexible dashboards and reporting would be beneficial.
For how long have I used the solution?
I have been working in this field for one year.
What do I think about the stability of the solution?
I have experienced no issues with SentinelOne Singularity AI SIEM. It is the best product I have ever used. The platform has been very stable in my experience. I have worked with it, and it is very handy, easy to manage, and excellent with its AI-driven capabilities.
What do I think about the scalability of the solution?
From what I have seen, I have not personally encountered scalability issues, so I cannot point to any specific challenge in a production environment. As with any enterprise SIEM, the main considerations tend to be planning data ingestion, tuning detection rules to minimize noise, and integrating new data sources as the environment expands. Those are common operational considerations rather than unique limitations of the platform.
How are customer service and support?
I have not reached out to customer support yet and have not experienced it directly. However, I have heard from my organization that their customer support is very good. Several of my colleagues have spoken with customer support, and their experience was great.
Which solution did I use previously and why did I switch?
I have only worked with SentinelOne Singularity AI SIEM because I have recently started working. I have seven to eight months of experience, so I have never used any different solution.
How was the initial setup?
My advice would be to plan the deployment carefully, integrate all relevant security data sources, and invest time in tuning detection and automation. SentinelOne Singularity AI SIEM delivers the most value when AI supports experienced analysts by reducing manual work and improving investigation speed rather than operating without human oversight.
What about the implementation team?
My organization is currently a partner of SentinelOne.
What was our ROI?
I cannot provide verified metrics because I was not directly involved in measuring ROI, so I would not want to speculate. My experience is that the value comes from improved analyst productivity, faster investigations, and reduced operational overhead rather than a specific percentage of cost savings.
What's my experience with pricing, setup cost, and licensing?
We actually had a great experience with pricing, setup cost, and licensing. I was not directly involved in pricing or contract negotiation, so I cannot comment on exact licensing costs. My understanding is that SentinelOne offers enterprise licensing based on factors such as the product selected, deployment size, and required capabilities. The platform appears to provide good value because it consolidates multiple security functions into a single platform.
Which other solutions did I evaluate?
I was not directly involved in the product evaluation or selection process, so I cannot accurately state which vendors were formally evaluated. In general, organizations looking at AI-powered SIEM solutions consider options such as Microsoft Sentinel , Google Security Operations , IBM, Falcon Next-Gen SIEM, and Microsoft Defender. However, I have not worked on those solutions, so I only have knowledge of SentinelOne Singularity AI SIEM.
What other advice do I have?
AI-driven analytics can reduce false positives by providing better context and correlating related alerts into meaningful incidents. This helps analysts spend less time investigating false activity and more time responding to genuine threats.
My impression is that the AI-driven threat detection capabilities are one of the platform's key strengths. Overall, I have a positive impression. The AI-driven threat detection helps identify suspicious behavior, correlate related events into meaningful insights, and prioritize higher-risk threats. This enables analysts to investigate and respond more quickly while reducing alert fatigue. Human validation is still important, but the AI provides valuable decision support.
From my perspective, SentinelOne Singularity AI SIEM appears very suited for organizations with growing data volumes and increasingly complex IT environments. The visibility to ingest and correlate telemetry from endpoints, cloud workloads, identity systems, and third-party security tools provides a centralized view as the environment expands. Real-time monitoring impacts our threat identification process significantly.
Based on its capability, SentinelOne Singularity AI SIEM can improve SOC efficiency by correlating alerts, summarizing incidents, and helping analysts prioritize genuine threats. This reduces manual investigation and enables faster incident response while analysts still validate the AI's recommendations for critical decisions.
I think SentinelOne has taken a strong approach to AI governance and security. The platform uses AI to assist analysts with tasks such as alert correlation, investigations, and incident summarization while still allowing human analysts to validate findings before taking actions. From a governance perspective, having role-based access control, audit logs, and centralized visibility helps organizations maintain oversight. It is important to have clear governance policies, regularly review AI-generated recommendations, and ensure automated response workflows are appropriately validated.
Overall, I would rate the accuracy and reliability of the AI capabilities as good. The AI is effective at correlating related alerts, summarizing incidents, and helping analysts prioritize investigations, which can significantly reduce manual effort. However, AI outputs should not be treated as infallible, and for higher impact security decisions, it is still important for analysts to validate the AI findings and recommendations. I would rate this review as an eight out of ten overall.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Unified monitoring has improved threat response and reduced false positives across our devices
What is our primary use case?
I have been working with SentinelOne Singularity AI SIEM for four years.
What is most valuable?
The best features of SentinelOne Singularity AI SIEM include its user-friendly interface, ease of deployment, and ease of use. It is also easy to control the devices, as we block USB on all machines. You can export the configuration of machines and have very good visibility of the instance. The reports are excellent.
SentinelOne Singularity AI SIEM has impacted my organization positively and it was a very good solution.
What needs improvement?
SentinelOne Singularity AI SIEM can improve in the area of XDR , especially in the integration between SentinelOne and other solutions and components in the network, as it was not working well with the Fortinet firewall. The API and the integration between each other is not working well at this time, and they are promising to work on this area, but they have not done that effectively.
What do I think about the stability of the solution?
We did not face any downtime with SentinelOne Singularity AI SIEM.
What do I think about the scalability of the solution?
SentinelOne Singularity AI SIEM is scalable in terms of adapting to my organization's growing data.
What about the implementation team?
Around six to eight engineers were involved in the process of migration, working on this project.
I was personally involved in the project.
What was our ROI?
SentinelOne Singularity AI SIEM has impacted my operational costs positively, and I think we made a good deal with them because we are a big group and have a big account, so we got a good deal with SentinelOne.
What's my experience with pricing, setup cost, and licensing?
The licensing cost for SentinelOne Singularity AI SIEM is a little bit high compared with the others, but it is worth it. It deserves the prices and is value for money; it is not very expensive according to the services that they are giving us.
What other advice do I have?
For the implementation and deployment of SentinelOne Singularity AI SIEM for the whole solution, it takes about months as we made a migration from EDR to another for 3,000 users across Egypt and GCC, so it takes a lot of efforts.
I assess the efficiency of SentinelOne Singularity AI SIEM in improving my response time to sophisticated threats as very fast and very good.
For false positive incidents, SentinelOne Singularity AI SIEM manages these situations very well, and when we are facing someone uploading a false positive file, we can deal with these situations very well. You can easily go into the interface and mark this as a false positive, and I can recover the deleted or false positive files or anything like that.
AI-driven analytics of SentinelOne Singularity AI SIEM helped me to reduce false positives.
I assess the real-time monitoring feature of SentinelOne Singularity AI SIEM as very good and very responsive. Monitoring is working well, and it has a fast response to any threat; it does not take more than a few seconds to detect any threat and send a request for action. So it is very good.
For the automated workflow feature of SentinelOne Singularity AI SIEM, we did not try it.
I rate this product an 8 out of 10.
AI-driven security has transformed threat response and now empowers faster incident resolution
What is our primary use case?
Clients can use SentinelOne Singularity AI SIEM for endpoint security solutions, and apart from that, we currently have something called prompt security where it is helping us to enhance control over the AI prompts given by end-users. Some end-users tend to feed sensitive data to AI tools like Claude, Gemini , and ChatGPT. We have not implemented it yet, but we have provided a POC for agnostic prompt security.
AI-driven Threat Detection capability is crucial because attackers have started conducting attacks using AI patterns. They analyze the patterns of defending solutions, and based on the defense architecture, they generate the payload according to the environment. To detect those kinds of payloads, we need AI-based threat detection to sense whether they come from a single source or distinct sources, where these kinds of prompts and malicious payloads are being generated.
Real-time monitoring is a must-have functionality for any product, and SentinelOne Singularity AI SIEM has the same response. We can create rules for peculiar situations we encounter, and if those rules get triggered, the system can automatically help isolate or contain that system while providing us alerts at the same time. This way, if a particular user reports not being able to reach anything, we can quickly understand that SentinelOne Singularity AI SIEM has isolated their system.
What is most valuable?
With the help of this tool, the response time to sophisticated threats has improved significantly, and it recently cuts the MTTR time using Purple AI by 40%.
SentinelOne Singularity AI SIEM allows us to use natural language; we do not need knowledge of scripting or querying languages to correlate threats. We can search in normal, plain, simple English. For example, if I want to check the detections regarding a particular threat in a particular attack surface, I only need to provide it in plain, simple English, and Purple AI will generate a query and summarize the results for that. It has made my job much easier, both for myself and for the SOC teams. With minimal effort, we can get the queries asked by the auditors or forensics teams.
AI analytics reduces the manual tasks and helps us prioritize critical and immediate threats that need to be addressed. The analytical part mainly provides clarity on what we should focus on, which threats to investigate, or if we need to report it or whitelist false positives. These kinds of tasks are largely automated and taken care of.
Knowing which threat we need to look at first based on its criticality makes it easier for us to address it. Getting to the problem is one thing, and with Purple AI, we are able to get answers without using complex queries; we just search for what we are looking for, and it generates the corresponding steps right in the console, which helps us respond to critical threats on an immediate basis.
After implementing SentinelOne Singularity AI SIEM, we can see that we have visibility over all the applications on our endpoints, and it helps us identify which of those applications are more vulnerable or critical, whether high or medium. These kinds of visibilities are available, allowing us to proactively protect the endpoint and our infrastructure.
What needs improvement?
They could expand more integrations for other third-party products that are not currently available. Those are areas they can improve or have yet to improve.
For example, we have firewall integrations, so if we integrate our firewalls, we will be able to have a log view of the traffic. If traffic is coming from the firewall, we can see from which side a particular threat is coming. Currently, they support only FortiNet, Cisco, and Palo Alto. However, many of our clients use SonicWall firewalls, which are not in SentinelOne Singularity AI SIEM marketplace. They could add SonicWall because it is also a global product that needs to be included.
SentinelOne Singularity AI SIEM is pretty good compared to Charlotte AI from CrowdStrike. However, if it could provide more information on IOA, that would be beneficial. While SentinelOne Singularity AI SIEM does provide those details, leveraging that information to proactively check our systems for vulnerabilities would be better. In Charlotte AI , those functionalities are available. Therefore, the prompt can be improved, and provide more information on the attackers and attacks we are facing. Indicators of compromise are one thing, but IOA is another critical aspect that needs to be taken care of to help organizations proactively improve their cyber defenses against evolving attacks, as many attacks are happening globally. The same attacks may come to India or target our organization as well; thus improving on the IOA part would be beneficial.
For how long have I used the solution?
I have been working with SentinelOne Singularity AI SIEM for around three to four years.
What do I think about the stability of the solution?
SentinelOne Singularity AI SIEM is 99% stable with no glitches as of now.
What do I think about the scalability of the solution?
The product is pretty much scalable.
How are customer service and support?
Customer support could be better. Customer support could be better because it is frequently transferred to various agents. This is just one particular case, and I do not want to elaborate further.
How was the initial setup?
The deployment process with SentinelOne Singularity AI SIEM is somewhat complicated. Until some versions, we had scenarios where we needed to reboot machines, impacting deployment. However, with upgraded versions, we can now install the agent without any reboot, showing that they have improved that aspect.
What was our ROI?
For instance, if you are getting attacked and you use a brand other than SentinelOne Singularity AI SIEM, you will need to contact the OEM for recovery, which takes time. In contrast, with SentinelOne Singularity AI SIEM, we have a rollback option with just an automated click. If the data gets encrypted, it automatically rolls back. This functionality minimizes downtime and the impact of the attack. Looking at that perspective—post-attack damage control—the ROI is better. Using SentinelOne Singularity AI SIEM, data retrieval happens at a much faster rate, allowing production to continue without impact.
What other advice do I have?
The automated workflow feature impacts my security tasks and manual efforts significantly.
Downtime is not necessarily required in scenarios where a particular system has to be isolated. Whether it is a server or a normal endpoint, if an application server faces downtime, the situation differs from a normal endpoint. If an application server needs to be contained, the customer will obviously experience downtime.
The consolidation of multiple tools with SentinelOne Singularity AI SIEM impacts SOC operations positively concerning cost and staffing needs. While I am unsure about staffing because it depends on daily occurrences, it definitely makes work easier for the team. For example, without it, a person can hardly handle two or three threats a day, but with SentinelOne Singularity AI SIEM, they can handle around 10 to 12 threats daily, which makes it much more efficient. SentinelOne Singularity AI SIEM is quite affordable. My overall review rating for this product is 9 out of 10.
Struggled with immature cloud analytics but have gained strong endpoint visibility and rollback
What is our primary use case?
We have dealt with SentinelOne Endpoint, and at some point, we also used SentinelOne Singularity AI SIEM , which was introduced somewhere last year. I went on training in South Africa, where there were many questions discussing having one platform that allows control over all endpoints with visibility, which eliminates the need for separate systems. The challenge with SentinelOne Singularity AI SIEM is having an ingester to integrate with it at the syslog level. For some customers, we needed an ingester to integrate with the network devices before we could see them. For the endpoint side, everything was acceptable; we were able to do remediation, ransomware rollback, and everything operates autonomously, so no manual intervention is necessary. In terms of group level, you can assign policies to specific devices in specific environments. Additionally, there was a new introduction to cloud-native apps for cloud security, enabling integration of AWS and Google Suite apps, including Azure platforms, providing visibility, especially for AWS , where we can monitor all Kubernetes clusters and pods, allowing for remediation as vulnerabilities are identified.
What is most valuable?
The AI features of SentinelOne Singularity AI SIEM are absolutely perfect. There are not any issues because there is a game that you play with SentinelOne. This game allows me to drive a proof of concept for customers. When I play the game, SentinelOne provides a tool called Purple AI , which allows for simple queries just like ChatGPT. This means you do not need an expert to understand what is happening around your endpoints and identify threats. I can simply write, 'What happened to my Windows endpoint in the last seventy-two hours?' and it provides all reports and logs. This functionality makes it accessible even for CEOs and decision-makers to understand their environment better, making it an excellent feature for SOC, giving visibility and clarity.
What needs improvement?
I did use the automated workflow feature for a client. The automation allows for configuring all integration with endpoints, as well as SentinelOne Singularity AI SIEM . Unfortunately, I was not happy with SentinelOne Singularity AI SIEM because it is not mature yet. When comparing SentinelOne Singularity AI SIEM to platforms like Elasticsearch or Exabeam , or even QRadar, they are more matured. SentinelOne Singularity AI SIEM is designed to provide an affordable platform integrated with endpoints, eliminating the need for separate SIEM deployments. However, the integration of a log ingester in the cloud makes deployment cumbersome and requires an expert or native system integrator for setup.
SentinelOne Singularity AI SIEM should be separated from the overall platform. If the intention is to make it a complete solution and enable SIEM features, separating it would yield better results. You get a lot of noise when it is combined; separating it would mean clearly identifying logs from the EDR or SDR platform to SentinelOne Singularity AI SIEM. This would help in minimizing confusion and panic for customers facing numerous logs and potential false positives. A separate SIEM would allow clearer visibility, and there is a need for an on-premise option, particularly for organizations with data sovereignty concerns. Many institutions prefer to keep their data on-premise due to regulations, so adding an appliance that firms can integrate into their data centers would be valuable. If larger organizations need a SIEM solution, they will likely turn to QRadar or FortiSIEM instead.
For how long have I used the solution?
I already have experience with SentinelOne because I have been with SentinelOne for the past five years.
How are customer service and support?
In rating the technical support for SentinelOne, it depends on whether we are discussing EDR or SentinelOne Singularity AI SIEM. I would not rate the entire company uniformly. For the EDR, I might rate it around eight out of ten; for SentinelOne Singularity AI SIEM, I would give it five out of ten or two out of five.
Which other solutions did I evaluate?
Regarding pricing, the pricing of SentinelOne is quite favorable when compared to CrowdStrike. I appreciate the MSSP distribution model. For instance, if I purchase SentinelOne from Exclusive Networks, which I believe is known to you, I can provide it to individuals, allowing them to have SentinelOne installed on their laptops while maintaining the ability to control policies and monitor attacks. The MSSP pricing is negotiable, around thirty-three dollars per endpoint annually. For the reseller level, if support is needed, contacting SentinelOne directly allows me to open a case and access assistance from their engineers, which may cost around fifty dollars per endpoint. Comparatively, SentinelOne is more affordable than CrowdStrike. SentinelOne Singularity AI SIEM pricing also depends on the number of devices onboarded, including switches and firewalls, which all contribute to lowering costs. However, selling a complete cloud solution can be challenging in West Africa due to data sovereignty concerns.
What other advice do I have?
The need for improvement mainly revolves around focus areas. If SentinelOne only concentrates on developed countries, my experience in West Africa suggests disparities. SentinelOne needs to consider implementing an on-premise configuration or introducing a hybrid model. A staging server that sits on-premise allows for better data sovereignty while still using cloud services. If all logs are sent to the SentinelOne cloud, it poses challenges for customers without AWS capabilities.
I would rate SentinelOne Singularity AI SIEM overall at five out of ten. It is not suited for enterprises but works for startups or any environment that relies on cloud resources. My overall review rating for SentinelOne is five out of ten.