The primary use cases for SentinelOne Singularity AI SIEM are that we are using it as a replacement for Secureworks. We migrated to and switched to SentinelOne.
SentinelOne Singularity AI SIEM offers comprehensive security information and incident management designed to enhance threat detection, response, and investigation capabilities within enterprise environments.


| Product | Mindshare (%) |
|---|---|
| SentinelOne Singularity AI SIEM | 1.4% |
| Splunk Enterprise Security | 7.3% |
| IBM Security QRadar | 5.3% |
| Other | 86.0% |
| Type | Title | Date | |
|---|---|---|---|
| Category | Security Information and Event Management (SIEM) | Jul 18, 2026 | Download |
| Product | Reviews, tips, and advice from real users | Jul 18, 2026 | Download |
| Comparison | SentinelOne Singularity AI SIEM vs Splunk Enterprise Security | Jul 18, 2026 | Download |
| Comparison | SentinelOne Singularity AI SIEM vs IBM Security QRadar | Jul 18, 2026 | Download |
| Comparison | SentinelOne Singularity AI SIEM vs Wazuh | Jul 18, 2026 | Download |
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| CrowdStrike Falcon | 4.3 | 2.8% | 97% | 139 interviewsAdd to research |
| Splunk Enterprise Security | 4.2 | 7.3% | 94% | 415 interviewsAdd to research |
| Company Size | Count |
|---|---|
| Small Business | 7 |
| Midsize Enterprise | 3 |
| Large Enterprise | 3 |
| Company Size | Count |
|---|---|
| Small Business | 114 |
| Midsize Enterprise | 40 |
| Large Enterprise | 71 |
SentinelOne Singularity AI SIEM is known for its robust capabilities in the realm of cybersecurity, providing organizations with an advanced tool to combat modern threats. The platform integrates machine learning and artificial intelligence to automate threat identification and streamline incident response processes. Its intuitive interface allows teams to manage security events efficiently, ensuring rapid reaction to potential vulnerabilities. As a scalable tool, it adapts to evolving security demands, providing valuable insights to safeguard critical business operations.
What are the important features of SentinelOne Singularity AI SIEM?In industries such as finance and healthcare, implementation of SentinelOne Singularity AI SIEM often means tailored solutions to protect sensitive data, meeting regulatory compliance. These sectors appreciate its capability to provide detailed insights and reduce the risk of data breaches, thus preserving stakeholder trust.
| Author info | Rating | Review Summary |
|---|---|---|
| Information Security Principal at a venture capital & private equity firm with 1,001-5,000 employees | 4.0 | I replaced Secureworks with SentinelOne Singularity AI SIEM due to its native integration, improved security, and cost savings. While it offers excellent threat detection and stability, direct integration for some vendors and technical support responsiveness could improve. |
| Senior Technical Engineer at Safezone Secure Solutions Private Limited | 4.5 | I find SentinelOne Singularity AI SIEM excellent for AI-driven endpoint security, significantly improving threat response and reducing manual tasks via natural language querying. It is stable and scalable, though I'd like more third-party integrations, better IOA insights, and improved customer service. |
| Infrastructure System's Manager at ICAPP (Americana Group) | 4.0 | I've used SentinelOne Singularity AI SIEM for four years. Its user-friendly interface, fast threat response, and false positive management are great. However, XDR and API integration, especially with solutions like Fortinet, significantly need improvement. |
| Associate Vice President at Novac Technology Solutions | 4.0 | I use SentinelOne AI SIEM for real-time, AI-driven threat detection and visibility in my AI applications, enhancing security. While appreciating its capabilities, I seek improved automated workflows, quicker adoption, and a lower price point for this expensive solution. |
| cybersecurity engineer at Gigabit Technologies Pvt Ltd | 4.0 | I find SentinelOne Singularity AI SIEM excellent for centralizing security data and improving SOC efficiency with AI-driven alert correlation. It speeds incident response and reduces manual work, though some AI findings need validation. I rate it 8/10. |
| Technical Lead at CloudBolt Software | 4.5 | I find SentinelOne Singularity AI SIEM excellent for security, especially for log searching and AI insights, significantly reducing investigation time. Its stability and fast performance are great, though the dashboard lacks customization and integrations. |
| Vice President Cyber Security Practice Head at orbit techsol w pvt.ltd | 5.0 | I highly value its AI-driven detection, automated workflows, and seamless integration, significantly boosting SOC efficiency. While scalable with great support, I believe more on-premises options for OT security and reduced false positives are needed. |
| Group Chief Information Officer at NeST Information Technologies Pvt Ltd | 4.0 | SentinelOne Singularity AI SIEM significantly improves my threat response and SOC efficiency, using AI to reduce false positives. While pricey, its positive security impact justifies the premium, though I desire more automation. |
| cybersecurity at a outsourcing company with 51-200 employees | 4.0 | I use SentinelOne Singularity AI SIEM for centralized log management and AI-driven threat detection, which significantly reduces investigation time. It's stable, scalable, and offers good ROI, though I'd appreciate more customization and easier third-party integrations. |
| Managing Director at iMark Consult | 2.0 | I find SentinelOne's EDR and AI features strong for threat visibility, with favorable pricing. However, the Singularity AI SIEM is immature, lacks on-premise options, and presents integration challenges, making it less suitable for enterprises. |
The primary use cases for SentinelOne Singularity AI SIEM are that we are using it as a replacement for Secureworks. We migrated to and switched to SentinelOne.
SentinelOne Singularity AI SIEM has positively affected my SOC's efficiency in investigating alerts and responding to incidents. Most of the functionality between Secureworks and SentinelOne Singularity AI SIEM is comparable, as both work in the same space.
We primarily switched to SentinelOne Singularity AI SIEM because of its native integration capabilities. We did not need to integrate with other tools because Secureworks was working with SentinelOne agents and they stopped that support. We were required to install a separate XDR client because Secureworks recently joined with Sophos and now wants us to install Sophos endpoint agents on our endpoints. That was a significant undertaking for us. From a financial perspective, SentinelOne was much more suitable for our organization. They offered us a very competitive proposal because we are among the top five SentinelOne customers in Saudi Arabia, and we are actually the first customer in Saudi Arabia. The POC was successful, so we proceeded with the implementation.
The most valuable aspect of SentinelOne Singularity AI SIEM is not actually the features themselves, but rather the integration capabilities with SentinelOne EDR. Previously, we were integrated with Secureworks, but now we are directly integrating with SentinelOne itself for AI SIEM, EDR, and NDR services. We have consolidated everything into one platform.
My impression of the AI-driven threat detection capabilities of SentinelOne Singularity AI SIEM is that it encompasses more than just AI-driven threat detection. We are integrating it with many devices and forwarding logs from multiple sources to SentinelOne Singularity AI SIEM. We are ingesting logs from Fortinet, other firewalls, other security products, and even from the cloud including Microsoft Office 365 and other security products.
SentinelOne Singularity AI SIEM has also been very stable.
There is room for improvement when it comes to the technical support quality and expertise of SentinelOne. Sometimes, the technical support team does not know how to resolve certain issues and takes time to respond, often requiring follow-up interactions within 24 hours.
SentinelOne Singularity AI SIEM can be improved in terms of support capabilities. Some logs from the server side need to be ingested. Secureworks was integrating with domain controllers and other systems, but SentinelOne still has some gaps. Some vendors cannot be integrated directly. For example, we are using Cisco Umbrella for DNS security, and we have to integrate it through an Amazon S3 bucket where we dump the logs and SentinelOne reads them from that location. For some Microsoft integrations, we must enable certain storage components and pay Microsoft directly to retrieve logs. There is no direct integration, so we must access the logs through that workaround. Previously with Secureworks, we had direct integration with Microsoft. Direct integration with Microsoft is not available now. SentinelOne needs to work on many product integrations to enable direct connectivity.
We implemented SentinelOne Singularity AI SIEM in February, and we have been using it for almost eight months now.
SentinelOne Singularity AI SIEM has been very stable.
SentinelOne Singularity AI SIEM's scalability in adapting to our organization's growing data and complex IT structures is flexible. We have not faced any scalability issues so far. Perhaps after one or two years we can discuss challenges we may have encountered, but as of now we have not faced anything related to scalability.
I would rate the technical support from SentinelOne as 8.5 out of ten.
We were using Secureworks before migrating to SentinelOne Singularity AI SIEM. My impression of the AI-driven threat detection capabilities is that SentinelOne Singularity AI SIEM encompasses more than just AI-driven threat detection. We are integrating it with many devices and forwarding logs from multiple sources to SentinelOne Singularity AI SIEM. We are ingesting logs from Fortinet, other firewalls, other security products, and even from the cloud including Microsoft Office 365 and other security products.
SentinelOne Singularity AI SIEM is deployed using a cloud-based SaaS model.
SentinelOne Singularity AI SIEM is used in our company.
When we took the service from SentinelOne, they provided an onboarding process with a dedicated engineer who helped us with all aspects of the implementation. A dedicated engineer from SentinelOne regularly contacts us, assists with configuration, and works with us on implementation details.
I find SentinelOne's pricing to be reasonable and competitive. We have taken SentinelOne Singularity AI SIEM along with the MDR service and also included ITDR (Identity Detection and Response) and EDR. They bundled all these services together and provided them to us as a single package.
SentinelOne offers a SOC service that handles our SOC operations. My impression of the AI-driven threat detection capabilities of SentinelOne Singularity AI SIEM is that it encompasses more than just AI-driven threat detection. We are integrating it with many devices and forwarding logs from multiple sources to SentinelOne Singularity AI SIEM. We are ingesting logs from Fortinet, other firewalls, other security products, and even from the cloud including Microsoft Office 365 and other security products.
We have used the automated workflow feature of SentinelOne Singularity AI SIEM and are still working on it. We started implementing automated workflows almost three months ago. The automated configuration is not a one-time setup, as we are continuously making changes and modifications over time.
I assess the overall security posture of our organization after implementing SentinelOne Singularity AI SIEM as significantly improved. We have developed a security posture that has definitely reached the benchmark. Previously, we were using Secureworks XDR, which is also a very good solution. We ran both solutions in parallel and discovered that Secureworks had almost a ten minute gap in identifying issues compared to SentinelOne, with a five to eight minute difference between the two platforms. The issue with Secureworks XDR is that it was not taking action because their playbooks were not efficient enough, partially because they were integrating with SentinelOne. In contrast, SentinelOne has local integration, so it immediately takes action and responds on the endpoint with automation. If any threat or suspicious activity is detected on any endpoint or server, SentinelOne immediately takes action at the same time. We have definitely increased our security posture.
I would rate SentinelOne Singularity AI SIEM overall as 8.5 out of ten. There are still certain things we are evaluating, so we maintain the rating of 8.5. I am basing this rating on three main factors: the quality of support, the frequency and quality of updates, and the integration and update capabilities. In terms of threat detection, response, and log collection, SentinelOne Singularity AI SIEM is excellent. We do not have any issues with those areas.
SentinelOne Singularity AI SIEM's AI-driven analytics have positively affected our SOC's ability to reduce false positives. We initially encountered false positives, but after configuration and adjustment, it performed much better for us. We now experience very low rates of false positives.
Consolidating multiple tools into SentinelOne Singularity AI SIEM has positively impacted our SOC's operational costs. We now manage our EDR, MDR, view logs, and handle automation all from one consolidated console from SentinelOne Singularity AI SIEM.
The consolidation has also reduced our SOC's operational costs and staffing needs. We are also taking SOC services from SentinelOne itself. SentinelOne has a dedicated SOC service that handles our SOC operations.
SentinelOne Singularity AI SIEM's scalability in adapting to our organization's growing data and complex IT structures is flexible. We have not faced any scalability issues so far. Perhaps after one or two years we can discuss challenges we may have encountered, but as of now we have not faced anything related to scalability.
We currently have five administrators managing this product, each with different roles and responsibilities. Within our structure, we have multiple entities, and we can create entity-wise administrators, which works very well for us.
More than 2,500 users in our company are using this product.
One issue we are facing is that SentinelOne's support team, as part of Amazon, works on updates on Sundays at the weekend. However, Sunday is the first working day for the Middle East region, particularly in Saudi Arabia. We have requested them to address tenant-related issues during our working hours. They are considering this request, and once Amazon establishes operations in Saudi Arabia, our tenant will be shifted to the kingdom and this issue will be resolved.
I would also like to mention the maintenance window for upgrades, which is an area that could be improved. My overall rating for SentinelOne Singularity AI SIEM is 8.5 out of ten.

Clients can use SentinelOne Singularity AI SIEM for endpoint security solutions, and apart from that, we currently have something called prompt security where it is helping us to enhance control over the AI prompts given by end-users. Some end-users tend to feed sensitive data to AI tools like Claude, Gemini, and ChatGPT. We have not implemented it yet, but we have provided a POC for agnostic prompt security.
AI-driven Threat Detection capability is crucial because attackers have started conducting attacks using AI patterns. They analyze the patterns of defending solutions, and based on the defense architecture, they generate the payload according to the environment. To detect those kinds of payloads, we need AI-based threat detection to sense whether they come from a single source or distinct sources, where these kinds of prompts and malicious payloads are being generated.
Real-time monitoring is a must-have functionality for any product, and SentinelOne Singularity AI SIEM has the same response. We can create rules for peculiar situations we encounter, and if those rules get triggered, the system can automatically help isolate or contain that system while providing us alerts at the same time. This way, if a particular user reports not being able to reach anything, we can quickly understand that SentinelOne Singularity AI SIEM has isolated their system.
With the help of this tool, the response time to sophisticated threats has improved significantly, and it recently cuts the MTTR time using Purple AI by 40%.
SentinelOne Singularity AI SIEM allows us to use natural language; we do not need knowledge of scripting or querying languages to correlate threats. We can search in normal, plain, simple English. For example, if I want to check the detections regarding a particular threat in a particular attack surface, I only need to provide it in plain, simple English, and Purple AI will generate a query and summarize the results for that. It has made my job much easier, both for myself and for the SOC teams. With minimal effort, we can get the queries asked by the auditors or forensics teams.
AI analytics reduces the manual tasks and helps us prioritize critical and immediate threats that need to be addressed. The analytical part mainly provides clarity on what we should focus on, which threats to investigate, or if we need to report it or whitelist false positives. These kinds of tasks are largely automated and taken care of.
Knowing which threat we need to look at first based on its criticality makes it easier for us to address it. Getting to the problem is one thing, and with Purple AI, we are able to get answers without using complex queries; we just search for what we are looking for, and it generates the corresponding steps right in the console, which helps us respond to critical threats on an immediate basis.
After implementing SentinelOne Singularity AI SIEM, we can see that we have visibility over all the applications on our endpoints, and it helps us identify which of those applications are more vulnerable or critical, whether high or medium. These kinds of visibilities are available, allowing us to proactively protect the endpoint and our infrastructure.
They could expand more integrations for other third-party products that are not currently available. Those are areas they can improve or have yet to improve.
For example, we have firewall integrations, so if we integrate our firewalls, we will be able to have a log view of the traffic. If traffic is coming from the firewall, we can see from which side a particular threat is coming. Currently, they support only FortiNet, Cisco, and Palo Alto. However, many of our clients use SonicWall firewalls, which are not in SentinelOne Singularity AI SIEM marketplace. They could add SonicWall because it is also a global product that needs to be included.
SentinelOne Singularity AI SIEM is pretty good compared to Charlotte AI from CrowdStrike. However, if it could provide more information on IOA, that would be beneficial. While SentinelOne Singularity AI SIEM does provide those details, leveraging that information to proactively check our systems for vulnerabilities would be better. In Charlotte AI, those functionalities are available. Therefore, the prompt can be improved, and provide more information on the attackers and attacks we are facing. Indicators of compromise are one thing, but IOA is another critical aspect that needs to be taken care of to help organizations proactively improve their cyber defenses against evolving attacks, as many attacks are happening globally. The same attacks may come to India or target our organization as well; thus improving on the IOA part would be beneficial.
I have been working with SentinelOne Singularity AI SIEM for around three to four years.
SentinelOne Singularity AI SIEM is 99% stable with no glitches as of now.
The product is pretty much scalable.
Customer support could be better. Customer support could be better because it is frequently transferred to various agents. This is just one particular case, and I do not want to elaborate further.
The deployment process with SentinelOne Singularity AI SIEM is somewhat complicated. Until some versions, we had scenarios where we needed to reboot machines, impacting deployment. However, with upgraded versions, we can now install the agent without any reboot, showing that they have improved that aspect.
For instance, if you are getting attacked and you use a brand other than SentinelOne Singularity AI SIEM, you will need to contact the OEM for recovery, which takes time. In contrast, with SentinelOne Singularity AI SIEM, we have a rollback option with just an automated click. If the data gets encrypted, it automatically rolls back. This functionality minimizes downtime and the impact of the attack. Looking at that perspective—post-attack damage control—the ROI is better. Using SentinelOne Singularity AI SIEM, data retrieval happens at a much faster rate, allowing production to continue without impact.
The automated workflow feature impacts my security tasks and manual efforts significantly.
Downtime is not necessarily required in scenarios where a particular system has to be isolated. Whether it is a server or a normal endpoint, if an application server faces downtime, the situation differs from a normal endpoint. If an application server needs to be contained, the customer will obviously experience downtime.
The consolidation of multiple tools with SentinelOne Singularity AI SIEM impacts SOC operations positively concerning cost and staffing needs. While I am unsure about staffing because it depends on daily occurrences, it definitely makes work easier for the team. For example, without it, a person can hardly handle two or three threats a day, but with SentinelOne Singularity AI SIEM, they can handle around 10 to 12 threats daily, which makes it much more efficient. SentinelOne Singularity AI SIEM is quite affordable. My overall review rating for this product is 9 out of 10.

The best features of SentinelOne Singularity AI SIEM include its user-friendly interface, ease of deployment, and ease of use. It is also easy to control the devices, as we block USB on all machines. You can export the configuration of machines and have very good visibility of the instance. The reports are excellent.
SentinelOne Singularity AI SIEM has impacted my organization positively and it was a very good solution.
SentinelOne Singularity AI SIEM can improve in the area of XDR, especially in the integration between SentinelOne and other solutions and components in the network, as it was not working well with the Fortinet firewall. The API and the integration between each other is not working well at this time, and they are promising to work on this area, but they have not done that effectively.
We did not face any downtime with SentinelOne Singularity AI SIEM.
SentinelOne Singularity AI SIEM is scalable in terms of adapting to my organization's growing data.
Around six to eight engineers were involved in the process of migration, working on this project.
I was personally involved in the project.
SentinelOne Singularity AI SIEM has impacted my operational costs positively, and I think we made a good deal with them because we are a big group and have a big account, so we got a good deal with SentinelOne.
The licensing cost for SentinelOne Singularity AI SIEM is a little bit high compared with the others, but it is worth it. It deserves the prices and is value for money; it is not very expensive according to the services that they are giving us.
For the implementation and deployment of SentinelOne Singularity AI SIEM for the whole solution, it takes about months as we made a migration from EDR to another for 3,000 users across Egypt and GCC, so it takes a lot of efforts.
I assess the efficiency of SentinelOne Singularity AI SIEM in improving my response time to sophisticated threats as very fast and very good.
For false positive incidents, SentinelOne Singularity AI SIEM manages these situations very well, and when we are facing someone uploading a false positive file, we can deal with these situations very well. You can easily go into the interface and mark this as a false positive, and I can recover the deleted or false positive files or anything like that.
AI-driven analytics of SentinelOne Singularity AI SIEM helped me to reduce false positives.
I assess the real-time monitoring feature of SentinelOne Singularity AI SIEM as very good and very responsive. Monitoring is working well, and it has a fast response to any threat; it does not take more than a few seconds to detect any threat and send a request for action. So it is very good.
For the automated workflow feature of SentinelOne Singularity AI SIEM, we did not try it.
I rate this product an 8 out of 10.

I am using SentinelOne Singularity AI SIEM as a customer only, and I have taken it very recently. I am using it to get visibility of investigating my alerts based on the alert events received from my endpoints. For AI-driven applications, I want to have end-to-end visibility, which is where the observability piece comes in. I am using it primarily for the AI part, as this product will cover my real-time data detections. I am planning on implementing it for my AI-driven applications.
AI-driven capabilities will give me real-time detection and will protect my autonomous AI interruption. We are using NLP language where my prompt engineer will upload some sensitive data. This can be detected and can protect my sensitive data from exfiltration. The AI-driven threat detection capabilities improve our overall security posture. By enabling the power of these capabilities, I can allocate my engineers or analysts in a more effective manner instead of allocating them on a day-to-day basis, which plays the major role.
I could see some workflows, but I am unable to do automated workflows. For example, some repetitive jobs or repetitive tasks I am doing, but I am trying to have less manual intervention on the front. I am raising some issues that should be resolvable. The SentinelOne team has told me that this can be resolved within a couple of months, but they are saying that it is in future for enhancement and it may take some time. So far, the numbers are great.
Regarding disadvantages or areas for improvement, I could say that 35 percent of my manual effort can be detected since I implemented it very recently. I could be able to say my current data talks about only 35 percent, and it may improve further, as I am expecting. But I can only comment based on my alerts and events. The adoption rate will be less compared to other products, as this can be a time-taken process because all my data needs to be offloaded and the system needs to understand my existing alerts, logs, and other things. This will take some more time, probably another month.
Another area for improvement is that the product is somewhat expensive. Pricing could be improved as well.
I have not experienced any incidents as of now. Regarding downtime, performance, and stability in general, my experience with the system downtime has been good.
SentinelOne Singularity AI SIEM is scalable in general. However, I carefully take the governance piece because it is an AI adoption and not a simple one. Protecting guardrails and getting visibility is a little challenging. I will carefully design our governance piece because with any AI adoption, the end goal should be more governance and data security and safety.
As of now, I have not faced many issues with technical support from SentinelOne. They are good. I would give eight out of ten for technical support because I am not sure how other solutions work, so I will take some time to fully evaluate.
Positive
My deployment was done with a partner and not in-house.
I have checked with Check Point and CrowdStrike when comparing competitors. This particular new AI era is new, and people are more focused on the AI part, but the outcome discussions are what matter. Because it is new technology, I do not have that much clarity on the costing front. However, this is not too expensive and it is not a white elephant. It is somewhere in the middle. If I take this trio of Check Point, SentinelOne, and CrowdStrike, SentinelOne is the most expensive among them.
All other products are having the same limitations. After every quarter or every release, they are also evolving. It is not only with SentinelOne. I have also checked with Fortinet and other products from Cisco.
SentinelOne Singularity AI SIEM serves as our centralized platform for security data across our environments, enabling real-time threat detection and accelerated incident response. I use it to collect and analyze logs from endpoints, cloud workloads, identity providers, firewalls, and SaaS applications.
We initially used SentinelOne Singularity AI SIEM to identify and investigate a potential account compromise. The platform correlated unusual login activities from our identity provider, multiple authentication attempts, and suspicious PowerShell execution on an endpoint. Rather than having analysts manually check logs from different tools, the AI SIEM automatically connected these events into a single incident. This allowed our SOC team to quickly determine that the credentials were compromised and isolate the affected endpoint.
Our primary use case focuses on improving SOC efficiency by centralizing security telemetry and using AI to correlate alerts from endpoints, cloud identity, and network sources. Instead of investigating isolated alerts, analysts receive prioritized incidents with the full attack timeline. This helps reduce alert fatigue, speed up investigations, and enable faster response to threats such as phishing, credential compromise, and lateral movement.
The best feature is that it collects and correlates logs, which is very helpful. We also use it for AI-powered investigations. The platform provides unified visibility, AI-driven alert correlations, threat hunting, automated response, and AI-driven data pipelines. These are the features I found most valuable.
We have been using the AI-driven alert correlation feature extensively. Without AI-driven alert correlation, an employee clicking on a phishing email could exploit our entire organization. The AI automatically recognizes that all of these events are connected because they involve the same user, endpoint, and timeframe. We use it when somebody receives a phishing email or clicks a link, credentials are used from an unusual location, PowerShell is launched, connections are made to a malicious server, and persistence attempts occur. The correlation feature helps us identify and correlate these attacks, determine where the attack started, and find the threat so we can fix it.
The platform brings together AI, automation, and unified visibility in a way that helps security teams work more efficiently. Rather than switching between multiple tools and manually correlating alerts, analysts can investigate incidents from a single console with AI-assisted context. Features such as automated alert correlation, threat hunting, and response workflows help reduce investigation time and improve overall SOC productivity.
One of the biggest positive impacts has been improved operational efficiency for the security team. By centralizing telemetries from multiple sources and using AI to correlate related alerts, we have reduced the time spent on manual investigation. Analysts can focus on higher priority incidents. We have also noticed faster incident detection and response, better visibility across endpoints, cloud, and identity environments, as well as improved collaboration because everyone works from the same incident view.
Overall, SentinelOne Singularity AI SIEM is a very strong platform, but there are a few areas where I would like to see improvements. The AI-generated investigations can occasionally require manual validation for complex incidents. Increasing the precision and explainability of AI recommendations would be valuable. I would also appreciate even broader out-of-the-box integrations with third-party security tools and more pre-built detections and response playbooks. Additionally, making dashboards and reporting even more customizable would help organizations tailor the platform to different teams and executive reporting needs.
SentinelOne Singularity AI SIEM is a very strong platform, so I do not have much to suggest for improvement. Those are the main areas I would highlight. Overall, the platform is quite mature, and the improvements I would like to see are more about enhancing usability than addressing major shortcomings. Continued investigation into AI accuracy and explainability, additional native integrations with third-party tools, richer pre-built automation playbooks, and more flexible dashboards and reporting would be beneficial.
I have been working in this field for one year.
I have experienced no issues with SentinelOne Singularity AI SIEM. It is the best product I have ever used. The platform has been very stable in my experience. I have worked with it, and it is very handy, easy to manage, and excellent with its AI-driven capabilities.
From what I have seen, I have not personally encountered scalability issues, so I cannot point to any specific challenge in a production environment. As with any enterprise SIEM, the main considerations tend to be planning data ingestion, tuning detection rules to minimize noise, and integrating new data sources as the environment expands. Those are common operational considerations rather than unique limitations of the platform.
I have not reached out to customer support yet and have not experienced it directly. However, I have heard from my organization that their customer support is very good. Several of my colleagues have spoken with customer support, and their experience was great.
I have only worked with SentinelOne Singularity AI SIEM because I have recently started working. I have seven to eight months of experience, so I have never used any different solution.
My advice would be to plan the deployment carefully, integrate all relevant security data sources, and invest time in tuning detection and automation. SentinelOne Singularity AI SIEM delivers the most value when AI supports experienced analysts by reducing manual work and improving investigation speed rather than operating without human oversight.
My organization is currently a partner of SentinelOne.
I cannot provide verified metrics because I was not directly involved in measuring ROI, so I would not want to speculate. My experience is that the value comes from improved analyst productivity, faster investigations, and reduced operational overhead rather than a specific percentage of cost savings.
We actually had a great experience with pricing, setup cost, and licensing. I was not directly involved in pricing or contract negotiation, so I cannot comment on exact licensing costs. My understanding is that SentinelOne offers enterprise licensing based on factors such as the product selected, deployment size, and required capabilities. The platform appears to provide good value because it consolidates multiple security functions into a single platform.
I was not directly involved in the product evaluation or selection process, so I cannot accurately state which vendors were formally evaluated. In general, organizations looking at AI-powered SIEM solutions consider options such as Microsoft Sentinel, Google Security Operations, IBM, Falcon Next-Gen SIEM, and Microsoft Defender. However, I have not worked on those solutions, so I only have knowledge of SentinelOne Singularity AI SIEM.
AI-driven analytics can reduce false positives by providing better context and correlating related alerts into meaningful incidents. This helps analysts spend less time investigating false activity and more time responding to genuine threats.
My impression is that the AI-driven threat detection capabilities are one of the platform's key strengths. Overall, I have a positive impression. The AI-driven threat detection helps identify suspicious behavior, correlate related events into meaningful insights, and prioritize higher-risk threats. This enables analysts to investigate and respond more quickly while reducing alert fatigue. Human validation is still important, but the AI provides valuable decision support.
From my perspective, SentinelOne Singularity AI SIEM appears very suited for organizations with growing data volumes and increasingly complex IT environments. The visibility to ingest and correlate telemetry from endpoints, cloud workloads, identity systems, and third-party security tools provides a centralized view as the environment expands. Real-time monitoring impacts our threat identification process significantly.
Based on its capability, SentinelOne Singularity AI SIEM can improve SOC efficiency by correlating alerts, summarizing incidents, and helping analysts prioritize genuine threats. This reduces manual investigation and enables faster incident response while analysts still validate the AI's recommendations for critical decisions.
I think SentinelOne has taken a strong approach to AI governance and security. The platform uses AI to assist analysts with tasks such as alert correlation, investigations, and incident summarization while still allowing human analysts to validate findings before taking actions. From a governance perspective, having role-based access control, audit logs, and centralized visibility helps organizations maintain oversight. It is important to have clear governance policies, regularly review AI-generated recommendations, and ensure automated response workflows are appropriately validated.
Overall, I would rate the accuracy and reliability of the AI capabilities as good. The AI is effective at correlating related alerts, summarizing incidents, and helping analysts prioritize investigations, which can significantly reduce manual effort. However, AI outputs should not be treated as infallible, and for higher impact security decisions, it is still important for analysts to validate the AI findings and recommendations. I would rate this review as an eight out of ten overall.

After a CrowdStrike issue, we began using their cloud security offering. SentinelOne Singularity AI SIEM is more of an integration to their existing cloud security solution. We have been using this particular solution for more than a year, though slightly less than that range.
I am an observability engineer, and this solution is very helpful for security-related needs. When working in a company that handles a lot of data, particularly infrastructure data, you encounter numerous security alerts due to dependencies and security vulnerabilities on infrastructure machines. When we receive this data from different machines, these are signals. When you get this kind of data, it is almost impossible to do it manually in any way or form. What we need is a sampler that samples consistent data. With the AI SIEM on top of SentinelOne Singularity AI SIEM Observability Cloud security solution, we can filter out many things in terms of telemetry data that we receive. The endpoint telemetry is something we actually focus on with this particular solution, followed by the cloud infrastructure logs. We have used Splunk in the past. After a certain time, if you are not on their cloud offering on a very high tier, they will charge you money excessively or they will throttle your application. This is not the case with SentinelOne Singularity AI SIEM. That is a better approach. We also manage Kubernetes containers and environments through this solution. All the pods used to send a lot of telemetry data, and we can easily identify that. The dashboard, though it has some limited functionalities, works extremely well with what they offer. We use it day in and day out.
As we have the enterprise solution for this, we have used it extensively for Kubernetes pods where we have attached certain authentication systems. We have also used it for a lot of network security events when we have to do a compliance report. We have complete automation around it which provides us the reporting and everything at the end of the day. We have integrated it with our data pipelines also, and it helps us there as well.
The log segregation is my favorite feature. When you want to search over a very high or extremely long range of logs, it helps you tremendously because it becomes very easy to identify vulnerabilities and issues on the ongoing system. Otherwise, what happens with ELK is it becomes very expensive. With Splunk, though it has a data lake on its own, it requires you a good amount of investment. Though their system is more mature than SentinelOne Singularity AI SIEM, the best part about SentinelOne Singularity AI SIEM is the searching capability they have. It is extremely one of the best in the market right now, from what I remember, because their AI also provides you insights. It tells you what is happening in the system and asks you to check that part or check this part. This provides you with an edge when you are looking for vulnerabilities. In my role as a lead engineer in SRE, my domain is observability. There we have a lot of telemetry data. Telemetry data are metrics, logs, and a lot of other alerts. To identify those parts on the security layer, it is extremely good.
I can talk about the amount of tokens we can use. These are limited, though the searches are very extensive. The actual pricing model is something that is handled by the FinOps team, as I have already mentioned before on one of the products, Cribl. We do not have full visibility and observability and telemetry information, but I can provide you engineering insights. Costing is something that every company has their own FinOps team manage everything. If you want to purchase it, you go through that team. I do not know the enterprise costing for that, but I know that cost for an individual purchase. I think it is justified compared to other peers in the market.
What I dislike is that the dashboard is very old, so they do not have much capability to be honest. Dashboard customization is almost nonexistent. What they have is something they offer as standard. They do not have a DataDog style plug and play model where you can add a lot of metrics and it will provide you with them. They basically have pre-built compliance report templates that they just send you, but you do not have a way to customize it further. Currently, as the system is not that mature right now because it has been a very limited offering at the moment for SentinelOne Singularity AI SIEM. Third party integrations are something they lack a lot. I cannot connect it to Grafana or directly to a system which can help me identify things. This is something they lack right now at the moment.
We have been using this particular solution for more than a year, though slightly less than that range.
We have had no issues to be honest. It was compliant and reliable. I have not even seen much AI hallucinating on top of this. It has provided proper patterns and I do not have any complaints.
These things are properly managed and I do not see a problem to be honest. Though data volumes are really high for logs and other things, it worked well. I will say that even the data lake feature they have, in terms of keeping all the logs intact, those log searches are extremely fast on SentinelOne Singularity AI SIEM, even though the data is very high. Whatever you need, you get it fast as simple as that.
We were using something similar before. We were using CrowdStrike extensively for this, but the SIEM approach they have, not the AI feature, is more mature than this. However, due to that outage, our company moved towards SentinelOne Singularity AI SIEM because we had compliance and client issues. Clients specifically asked us to remove CrowdStrike permanently from whatever Windows machines we have for security issues. Something came very strong from one of the companies which we took into account and we changed it across whatever customer we have. We moved with a better alternative. SentinelOne Singularity AI SIEM was relatively a good choice as of now.
The AI integration was pretty straightforward. I did not face any problem. We created some policies and based on those policies, we were able to identify how to integrate it via this. I do not remember the exact steps. I have a document written on it somewhere that I need to pull out. It was a pretty standard thing. You just have to go to some consoles and integrate it based on this. You have to provide the endpoint details and it got integrated very smoothly.
I do not maintain it. My work was just the integration aspect. Maintenance and other aspects are something that one of the other teams manages. These are the security engineers that we have. They actually provide all this information. If you need, I can connect you with them. I can send you their name or information so you can reach out to them.
Definitely, that is what I told you. It has given good ROI on that part where our investigation time has reduced to a certain degree. I will say the gains we get are more than fifty percent to be honest. We have reduced almost fifty percent of the dev's time, or not dev, the security engineer's time, SDs, whatever SECs we had. Even my VP of engineering who manages me is one of the guys who manages security. He is very happy with all this investigation time that we have reduced. We have a metric that we track in the company. This actually shows us a good amount of time. Previously it was a continuous problem for us where we had to manage all these things. An engineer had to be there for one of those problems. Now that is gone. We have a little bit more breathing room. It is not completely gone, but it is manageable now.
The sampling happens based on a single line of code. You do not need this one or a similar kind of logs, or some system should not go and sit in the data lakes. The best part about analytics is you do not have to look into anything. Threat hunting, how it works, the experience of the overall threat hunting aspect has actually improved a lot with AI because you do not want to read telemetry data. Who wants to do that? Who has time to do that? Telemetry data are raw data of signals where metrics and logs are coming in. No one wants to read them. The AI helps on top of it and helps you to make sense out of it or provides patterns. You are seeing that pattern or not. These kind of things matter. The best part is it is relatively faster than its peers because even though the data is more, it is relatively faster. I do not know what kind of algorithm they are using in the back end, but it is extremely good to be honest.
I will strongly recommend this. After SentinelOne Singularity AI SIEM, we have reduced our engineering time to a certain degree as it has helped us to do investigations fast. We get actual alerts that matter, and we can prioritize it properly. The monitoring capability is now completely in one single platform. We do not have to go here and there. This actually has given us good ROI in total.
I am an observability engineer, and my current domain is that. SentinelOne Singularity AI SIEM is very helpful for security-related needs. When working in a company that handles a lot of data, particularly infrastructure data, you encounter numerous security alerts due to dependencies and security vulnerabilities on infrastructure machines. When we receive this data from different machines, these are signals. When you get this kind of data, it is almost impossible to do it manually in any way or form. What we need is a sampler that samples consistent data. With the AI SIEM on top of SentinelOne Singularity AI SIEM Observability Cloud security solution, we can filter out many things in terms of telemetry data that we receive. The endpoint telemetry is something we actually focus on with this particular solution, followed by the cloud infrastructure logs. We have used Splunk in the past. After a certain time, if you are not on their cloud offering on a very high tier, they will charge you money excessively or they will throttle your application. This is not the case with SentinelOne Singularity AI SIEM. That is a better approach. We also manage Kubernetes containers and environments through this solution. All the pods used to send a lot of telemetry data, and we can easily identify that. The dashboard, though it has some limited functionalities, works extremely well with what they offer. We use it day in and day out.
I can talk about the amount of tokens we can use. These are limited, though the searches are very extensive. The actual pricing model is something that is handled by the FinOps team, as I have already mentioned before on one of the products, Cribl. We do not have full visibility and observability and telemetry information, but I can provide you engineering insights. Costing is something that every company has their own FinOps team manage everything. If you want to purchase it, you go through that team. I do not know the enterprise costing for that, but I know that cost for an individual purchase. I think it is justified compared to other peers in the market. I would rate this solution a nine out of ten.

We discuss with customers whether they want to go on a cloud or on-premises for the usual use cases of SentinelOne Singularity AI SIEM that I work with mostly. If a customer has a SentinelOne EDR, the EPS we do not count. The rest of the things we can integrate on a cloud.
Correlation, alerting, reporting, and helping with the AI-based alerts generated by the AI are the usual use cases. The parsing is already built into SentinelOne Singularity AI SIEM.
Detect undetected is a method for SentinelOne Singularity AI SIEM that I have found the most valuable so far. It can improve the true and reduce the false alerts and give a more granular report with a custom dashboard. Whatever the customer wants to see and however the customer wants to see it on the cloud-based SIEM. We can have the S3 bucket where we can manage the data retention from the customer side.
The automated workflow feature of SentinelOne Singularity AI SIEM is very good, which is not in the traditional SIEM. The next-gen is helping customers create multiple workflows, either automatically taking action in a SOAR kind of concept, and then you can create a playbook and multiple runbooks. The beauty of the integration is that it integrates very smoothly with third-party tools, so we do not need to think about the parsers, coding, depending on the codes, or the software developers. That is a good addition to SentinelOne Singularity AI SIEM.
I would want the false positive ratio to be lower and would want to improve that aspect so the true will be more, and the false will be lesser.
Other than false positives, the true will be increased and more focus should be on the OT security operations center. Now everything is on the cloud. Whenever OT security comes into the picture, the customers do not allow us to integrate their OT devices on a cloud. It should be available on-premises because the OT SIEM market, in the India market for instance, is something around a four to eight billion dollar market. Due to limitations on the cloud, we will not be able to configure with the OT SOC or the OT AI SOC.
I want SentinelOne to offer more on-premises integrations to focus on the OT SOC. It is one market which is an untouched market by the SentinelOne team. They have a very good SIEM, but it should be the target industry, the automobile, automotive, and then definitely IT is one of them. Everything is there with IT. The very good controls, integration, no parser requirements. But OT should also be the focus of the SentinelOne team.
I have been working with SentinelOne Singularity AI SIEM for about one and a half years.
I can rate SentinelOne Singularity AI SIEM a four out of five in terms of scalability in adapting to customer growing data and complex IT structures.
Four is because the product is beautiful, and the one reason why it is not a five out of five is because the capability of the SentinelOne pieces is not up to the mark.
It is scalable, and we can increase the compute size. It can scale. There are no challenges. It is good because it is on a cloud, so there is no problem with the scalability.
There are no challenges in handling growing data and complex IT structures because we create a log collector that is on AI. We build the VPN tunnel from all the locations. We pull in the logs. It is a pull and push mechanism. Things work fine. There is nothing critical these days.
The technical support of SentinelOne Singularity AI SIEM is very good, and we are getting support from them. Sometimes, whenever customization is required, they ask for PS. The team sometimes asks for professional services, which the customer does not agree to pay for.
Based on my experience with the technical support of SentinelOne Singularity AI SIEM, I would rate them a ten.
For one year they have been safely managing because they have replaced some of the competition with SentinelOne Singularity AI SIEM, including CrowdStrike.
We do participate in the initial setup of SentinelOne Singularity AI SIEM.
The usual setup process involves the log collectors and the cloud-based device. We create the VPN tunnel from the customer locations, and then we analyze the logs, create the alert, identify the incident, exposure management, and event search. It also works as a data lake, which is very good in SentinelOne Singularity AI SIEM. We have very good vulnerability management, which shows the beauty of the product.
There are no challenges with the initial setup because we have done multiple successful deployments.
The effect of SentinelOne Singularity AI SIEM on our customers' SOC efficiency in investigating alerts and responding to incidents is significant. We align our people, including L1, L2, and L3 engineers, for post-implementation, migration, reporting, alerting, correlations, and the behavior-based SIEM alerts. We align the people and discuss the ROI with the customers on SentinelOne Singularity AI SIEM.
For one year they have been safely managing because they have replaced some of the competition with SentinelOne Singularity AI SIEM, including CrowdStrike.
We do the red teaming to assess the real-time monitoring feature of SentinelOne Singularity AI SIEM. We check whether the real-time alerts are coming or not from the SIEM.
For one year they have been safely managing because they have replaced some of the competition with SentinelOne Singularity AI SIEM, including CrowdStrike.
Correlation, alerting, reporting, and helping with the AI-based alerts generated by the AI are the usual use cases. The parsing is already built into SentinelOne Singularity AI SIEM.
There is no challenge with operations because there are very good training portals where the people learn and perform the operation actively, and there is super training available on the SentinelOne portal through the SentinelOne Training University.
I provide this review with an overall rating of ten out of ten.

For us, the use case is primarily to analyze security events that are coming in and also events that are kept over a period of time, to track and use it for investigation and maybe analysis, sometimes even forensics.
SentinelOne Singularity AI SIEM improves my response time to sophisticated threats in two ways: it helps me to identify which ones I need to act on, which means I am not wasting time on the things I do not need to worry about or can be a lower priority. In that respect, it helps me to prioritize and act on what needs to be acted on first, so it brings it to the surface faster.
Regarding AI-driven threat detection capabilities, I have a positive impression; when it is working very well, I do not really know if it is working, but when it does not work and if I have been hit by something, then I know it did not work. My SOC team seems to be utilizing it fully, and we have been kept secure and without any breach, which I think is probably the only proof we can give. The number of events and logs that it detects is numerous and very high, so it is doing its job. Fingers crossed, we do not have anything to report where we find that we have been broken into.
SentinelOne Singularity AI SIEM's AI-powered analytics does affect our SOC's ability to reduce false positives; that is one of the biggest advantages because the manpower that I have is limited. The tool should be able to do a lot more of the first-level analysis, and what is flagged up for the man in the middle or the man to act on should be things that really need validation, meaning it has been correlated properly and brought up for visibility and action. In this manner, it is actually helping us to protect our security operations very effectively.
It does affect my efficiency in investigating alerts and responding to incidents; we have gone to the point of using SentinelOne Singularity AI SIEM now, and our SOC is mainly dependent on SentinelOne Singularity AI SIEM. That is becoming the foundation on which all these activities and tasks are being run, and when it is all coming together, we are seeing that it is far more effective. I hope it stays that way.
I would not say there is anything that could be better in SentinelOne Singularity AI SIEM; I think we have seen something unique in the product. This product has the potential to add more SOC functionality on top of its SIEM, which can automate a few more things because I have the information there. I need to do what I would call security agents or agentic AI to be built on top; it can take care of a lot more analysis and actions. Maybe licensing cost can also be looked at and reduced.
We are still to see the automated feature work a little bit more; we are not really using it to the full extent.
With SentinelOne Singularity AI SIEM, I have been dealing with this product for under a year, at seven or eight months now.
There has been no issue with stability; it was perfectly fine.
Scaling out, we did not face an issue because we are always looking to see where we are deploying it and what the coverage is, so no challenges are seen there.
I am happy with the technical team of SentinelOne Singularity AI SIEM; they are pretty good. I would rate the technical support as eight to nine.
The deployment process was straightforward; we did not face any challenges in that.
It was largely done by my in-house team; I have a fairly competent in-house team. We did have a partner through whom we procured the product, so they were available on standby, but even more than the partner, I think the SentinelOne Singularity AI SIEM technical team was also available to us. Their guidance was good enough.
In terms of ROI, it is hard to justify; the good thing is if there is a cost to an incident, I think we are protected. If we are not having any incidents, then it is doing its job, but I am not able to convince people about it. Overall, my perspective should be about my security budget in this space, how it benchmarks, and from that perspective, how the metrics are showing. If I am spending more compared to my peers in this space and the value that I am getting is the same as what they are getting, then I am probably overpaying. However, if I am in the middle of the park kind of range, then it is probably optimally priced. At the moment, I feel the pricing is a little bit on the higher side, but the tool is positioned in a place where risk is very high, and we do not want to take chances, so we are prepared to pay the premium.
We have looked at other XDR products, but the strength of SentinelOne Singularity AI SIEM's SIEM, their logs, the event log capture part, which can also take in logs from other non-SentinelOne entities, stands out as quite unique. The automation that is possible on the AI platform adds to that as well. When your footprint is all on SentinelOne Singularity AI SIEM in terms of VDR, then adding to that the same from the same suite is going to be helpful. At the moment, I see them as leading in their spaces.
I assess the overall security posture of the company after implementation as positive; I see a big impact on that. I would rate this review as an overall eight.
My main use case for SentinelOne Singularity AI SIEM is centralized log management, threat detection and correlation for incident investigation, automated response, cloud security monitoring, and endpoint plus SIM correlations.
My primary use case for SentinelOne Singularity AI SIEM is centralized security monitoring and incident investigation. I ingest logs from Microsoft Entra ID, Active Directory, Microsoft 365, firewall, VPNs, and SentinelOne EDR into the AI SIEM. Instead of checking each platform individually, I use SIEM to correlate events, identify suspicious activity, and investigate incidents from a single console.
The best features SentinelOne Singularity AI SIEM offers include centralized log management, AI-powered threat detection, Purple AI, AI Security Assistant, unified investigation timeline, and threat hunting. Hyper automation, fast search and investigation, cloud, and identity visibility are also standout features.
Out of those features, the centralized console is the one I find myself using the most, and it has made a big difference in my daily work.
SentinelOne Singularity AI SIEM has positively impacted my organization by improving visibility, reducing investigation time, and helping the security team respond to incidents faster.
Overall, SentinelOne Singularity AI SIEM is a strong platform, but there are a few areas where it could be improved. One area is customization. While it provides many built-in decorations and dashboards, creating highly customized decoration rules and reports can sometimes require additional efforts. Another area is third-party integrations. Although it integrates with many security products, expanding native integration and simplifying onboarding for less common vendors would make deployment easier.
From a usability perspective, I think the platform could make advanced investigation more intuitive. New analysts can face a learning curve when building complex searches, custom detection rules, or dashboards. Improving the user experience with more guided workflow templates and contextual recommendations would help teams become productive more quickly.
I have been using SentinelOne Singularity AI SIEM for about one year.
In my experience, SentinelOne Singularity AI SIEM has been a stable platform. It has been reliable for day-to-day SOC operations, including log ingestion, real-time monitoring, threat detection, and incident investigation.
In my experience, SentinelOne Singularity AI SIEM is highly scalable. As my organization grows, it is able to ingest and analyze logs for additional cloud services, identity providers, and network devices without requiring major changes to my security operations. This makes it well-suited for organizations with hybrid or multi-cloud environments.
I would rate the scalability of SentinelOne Singularity AI SIEM very high. It is designed to handle growing log volumes and supports environments that include on-premises infrastructure, cloud services, endpoints, identity platforms, and network devices.
My experience with the support has been very responsive and knowledgeable, particularly for technical issues and troubleshooting. I would rate the customer support eight out of ten.
I previously used another SIM solution. The main reason for moving to SentinelOne was to improve centralized visibility, simplify security options, and take advantage of AI-driven event correlations. With the previous solution, investigation often required switching between multiple tools and manually correlating events.
Overall, my experience with pricing, setup cost, and licensing has been positive. While SentinelOne Singularity AI SIEM is an enterprise-grade platform and not the lowest cost option, I think the pricing is reasonable considering the capabilities it provides. Features such as centralized log management, AI-driven analytics, automated workflow, and integrated security options can reduce operational overhead and improve SOC efficiency, which helps justify the investment.
I have seen a positive return on investment primarily through operational efficiency rather than reducing headcount. The biggest measurable benefit has been the reduction in investigation time. Before using SentinelOne Singularity AI SIEM, investigating a moderately complex alert took around thirty to sixty minutes because analysts had to collect logs from multiple security tools. With centralized log management and AI-driven correlation, I can often understand the scope of an incident in about ten to fifteen minutes.
Overall, my experience with pricing, setup cost, and licensing has been positive. While SentinelOne Singularity AI SIEM is an enterprise-grade platform and not the lowest cost option, I think the pricing is reasonable considering the capabilities it provides. Features such as centralized log management, AI-driven analytics, automated workflow, and integrated security options can reduce operational overhead and improve SOC efficiency, which helps justify the investment.
I considered other enterprise SIEM platforms such as Sentinel, Splunk, Enterprise Security, IBM, and Google Security Operations. I evaluated them based on integration with my existing environment, AI-assisted threat detection, scalability, ease of investigation, automation capabilities, and total cost of ownership. SentinelOne stood out because of its strong integration between EDR and AI SIEM, centralized visibility, and AI-driven event correlations.
My advice would be to spend time planning the deployment and identifying the log resources that provide the most value. SentinelOne Singularity AI SIEM is most effective when it is integrated with key systems such as Entra ID, 365, VPN, and endpoints. I would rate this product eight out of ten overall.

We have dealt with SentinelOne Endpoint, and at some point, we also used SentinelOne Singularity AI SIEM, which was introduced somewhere last year. I went on training in South Africa, where there were many questions discussing having one platform that allows control over all endpoints with visibility, which eliminates the need for separate systems. The challenge with SentinelOne Singularity AI SIEM is having an ingester to integrate with it at the syslog level. For some customers, we needed an ingester to integrate with the network devices before we could see them. For the endpoint side, everything was acceptable; we were able to do remediation, ransomware rollback, and everything operates autonomously, so no manual intervention is necessary. In terms of group level, you can assign policies to specific devices in specific environments. Additionally, there was a new introduction to cloud-native apps for cloud security, enabling integration of AWS and Google Suite apps, including Azure platforms, providing visibility, especially for AWS, where we can monitor all Kubernetes clusters and pods, allowing for remediation as vulnerabilities are identified.
The AI features of SentinelOne Singularity AI SIEM are absolutely perfect. There are not any issues because there is a game that you play with SentinelOne. This game allows me to drive a proof of concept for customers. When I play the game, SentinelOne provides a tool called Purple AI, which allows for simple queries just like ChatGPT. This means you do not need an expert to understand what is happening around your endpoints and identify threats. I can simply write, 'What happened to my Windows endpoint in the last seventy-two hours?' and it provides all reports and logs. This functionality makes it accessible even for CEOs and decision-makers to understand their environment better, making it an excellent feature for SOC, giving visibility and clarity.
I did use the automated workflow feature for a client. The automation allows for configuring all integration with endpoints, as well as SentinelOne Singularity AI SIEM. Unfortunately, I was not happy with SentinelOne Singularity AI SIEM because it is not mature yet. When comparing SentinelOne Singularity AI SIEM to platforms like Elasticsearch or Exabeam, or even QRadar, they are more matured. SentinelOne Singularity AI SIEM is designed to provide an affordable platform integrated with endpoints, eliminating the need for separate SIEM deployments. However, the integration of a log ingester in the cloud makes deployment cumbersome and requires an expert or native system integrator for setup.
SentinelOne Singularity AI SIEM should be separated from the overall platform. If the intention is to make it a complete solution and enable SIEM features, separating it would yield better results. You get a lot of noise when it is combined; separating it would mean clearly identifying logs from the EDR or SDR platform to SentinelOne Singularity AI SIEM. This would help in minimizing confusion and panic for customers facing numerous logs and potential false positives. A separate SIEM would allow clearer visibility, and there is a need for an on-premise option, particularly for organizations with data sovereignty concerns. Many institutions prefer to keep their data on-premise due to regulations, so adding an appliance that firms can integrate into their data centers would be valuable. If larger organizations need a SIEM solution, they will likely turn to QRadar or FortiSIEM instead.
I already have experience with SentinelOne because I have been with SentinelOne for the past five years.
In rating the technical support for SentinelOne, it depends on whether we are discussing EDR or SentinelOne Singularity AI SIEM. I would not rate the entire company uniformly. For the EDR, I might rate it around eight out of ten; for SentinelOne Singularity AI SIEM, I would give it five out of ten or two out of five.
Regarding pricing, the pricing of SentinelOne is quite favorable when compared to CrowdStrike. I appreciate the MSSP distribution model. For instance, if I purchase SentinelOne from Exclusive Networks, which I believe is known to you, I can provide it to individuals, allowing them to have SentinelOne installed on their laptops while maintaining the ability to control policies and monitor attacks. The MSSP pricing is negotiable, around thirty-three dollars per endpoint annually. For the reseller level, if support is needed, contacting SentinelOne directly allows me to open a case and access assistance from their engineers, which may cost around fifty dollars per endpoint. Comparatively, SentinelOne is more affordable than CrowdStrike. SentinelOne Singularity AI SIEM pricing also depends on the number of devices onboarded, including switches and firewalls, which all contribute to lowering costs. However, selling a complete cloud solution can be challenging in West Africa due to data sovereignty concerns.
The need for improvement mainly revolves around focus areas. If SentinelOne only concentrates on developed countries, my experience in West Africa suggests disparities. SentinelOne needs to consider implementing an on-premise configuration or introducing a hybrid model. A staging server that sits on-premise allows for better data sovereignty while still using cloud services. If all logs are sent to the SentinelOne cloud, it poses challenges for customers without AWS capabilities.
I would rate SentinelOne Singularity AI SIEM overall at five out of ten. It is not suited for enterprises but works for startups or any environment that relies on cloud resources. My overall review rating for SentinelOne is five out of ten.