No more typing reviews! Try our Samantha, our new voice AI agent.

SentinelOne Singularity AI SIEM vs Trellix ESM comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 29, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
4.8
SentinelOne SIEM enhances SOC efficiency, reduces investigation times over 50%, and offers value despite higher pricing.
Sentiment score
3.2
In-house teams claim McAfee offers high ROI, but executives struggle to see it without C-level focused reports.
SentinelOne Singularity AI SIEM has reduced our response time to true positive alerts by approximately forty percent through automation.
IT Security Analyst at a tech consulting company with 11-50 employees
At the moment, I feel the pricing is a little bit on the higher side, but the tool is positioned in a place where risk is very high, and we do not want to take chances, so we are prepared to pay the premium.
Group Chief Information Officer at NeST Information Technologies Pvt Ltd
The effect of SentinelOne Singularity AI SIEM on our customers' SOC efficiency in investigating alerts and responding to incidents is significant.
Vice President Cyber Security Practice Head at orbit techsol w pvt.ltd
 

Customer Service

Sentiment score
7.4
SentinelOne Singularity AI SIEM's support is highly rated for responsiveness, AI-based help, and effective problem resolution.
Sentiment score
4.3
Trellix ESM customer service is generally satisfactory, but technical support varies with noted delays and skill gaps.
SentinelOne Singularity AI SIEM has AI-based technical support available.
IT Security Analyst at a tech consulting company with 11-50 employees
Based on my experience with the technical support of SentinelOne Singularity AI SIEM, I would rate them a ten.
Vice President Cyber Security Practice Head at orbit techsol w pvt.ltd
In rating the technical support for SentinelOne, it depends on whether we are discussing EDR or SentinelOne Singularity AI SIEM.
Managing Director at iMark Consult
I would rate support for Trellix ESM 10 out of 10 because if we connect with the support in the UK, we get excellent support.
Senior Vice President IT at AS IT Consulting Pvt. Ltd.
It's rare for me to need them unless it's an issue with licensing, and they are the best in that regard.
Cyber Security Engineer at Protec
 

Scalability Issues

Sentiment score
5.2
SentinelOne Singularity AI SIEM scales efficiently with proper configuration and management, though implementation can be challenging.
Sentiment score
8.6
Trellix ESM is highly scalable and adaptable, excelling in enterprise environments but may have limitations for medium enterprises.
With any AI adoption, the end goal should be more governance and data security and safety.
Associate Vice President at Novac Technology Solutions
The performance depends on the configuration.
IT Security Analyst at a tech consulting company with 11-50 employees
It is scalable, and we can increase the compute size. It can scale. There are no challenges.
Vice President Cyber Security Practice Head at orbit techsol w pvt.ltd
Scalability is quite easier with Trellix ESM, because all we need to do is add more receivers to it, so it can go to any point.
Senior Vice President IT at AS IT Consulting Pvt. Ltd.
 

Stability Issues

Sentiment score
7.7
SentinelOne Singularity AI SIEM is generally praised for stability and fast log searches, though some report past issues.
Sentiment score
8.3
Trellix ESM is generally stable with effective support, though some users experience bugs and interruptions affecting reliability.
When it comes to stability, I would give SentinelOne Singularity AI SIEM a nine.
IT Security Consultant at Systemhaus for you GmbH
In terms of performance stability, I have never had any crashes, downtimes, or performance issues.
Cyber Security Engineer at a retailer with 201-500 employees
Even the data lake feature they have, in terms of keeping all the logs intact, those log searches are extremely fast on SentinelOne Singularity AI SIEM, even though the data is very high.
Technical Lead at CloudBolt Software
 

Room For Improvement

SentinelOne Singularity AI SIEM struggles with stability, integrations, UI issues, high pricing, and requires improved support and automation.
Trellix ESM requires stability, HTML5 migration, and upgrades in customization, integration, support, usability, and AI for improved functionality.
The adoption rate will be less compared to other products, as this can be a time-taken process because all my data needs to be offloaded and the system needs to understand my existing alerts, logs, and other things.
Associate Vice President at Novac Technology Solutions
The interface flickers frequently, and sometimes it does not load properly.
IT Security Analyst at a tech consulting company with 11-50 employees
Whenever OT security comes into the picture, the customers do not allow us to integrate their OT devices on a cloud. It should be available on-premises because the OT SIEM market, in the India market for instance, is something around a four to eight billion dollar market.
Vice President Cyber Security Practice Head at orbit techsol w pvt.ltd
If there is any device which is not covered, there should not be any additional charges for writing the custom parsers on that.
Senior Vice President IT at AS IT Consulting Pvt. Ltd.
 

Setup Cost

Trellix ESM offers flexible, slightly costly licensing, valued for its SOC features, with straightforward setup and deployment.
I find SentinelOne's pricing to be reasonable and competitive.
Information Security Principal at a venture capital & private equity firm with 1,001-5,000 employees
 

Valuable Features

SentinelOne Singularity AI SIEM enhances threat detection and response efficiency with AI-driven insights and flexible integrations.
Trellix ESM excels in real-time threat detection, user-friendly interface, quick deployment, and strong integration with other technologies.
We finally have visibility into things that were never visible before.
IT Security Consultant at Systemhaus for you GmbH
It employs a combination of AI and ML to check for viruses or any other malicious processes, including fileless attacks.
Cyber Security Engineer at a retailer with 201-500 employees
The AI-driven threat detection capabilities improve our overall security posture.
Associate Vice President at Novac Technology Solutions
The weakest point is it doesn't cover almost all the devices, so the customer has to be more dependent on the parsers to be written by the Professional Services team.
Senior Vice President IT at AS IT Consulting Pvt. Ltd.
 

Categories and Ranking

SentinelOne Singularity AI ...
Ranking in Security Information and Event Management (SIEM)
15th
Average Rating
8.8
Reviews Sentiment
6.1
Number of Reviews
9
Ranking in other categories
AI Observability (11th)
Trellix ESM
Ranking in Security Information and Event Management (SIEM)
30th
Average Rating
7.4
Reviews Sentiment
7.0
Number of Reviews
38
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Security Information and Event Management (SIEM) category, the mindshare of SentinelOne Singularity AI SIEM is 1.4%, up from 0.6% compared to the previous year. The mindshare of Trellix ESM is 1.0%, down from 1.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Mindshare Distribution
ProductMindshare (%)
SentinelOne Singularity AI SIEM1.4%
Trellix ESM1.0%
Other97.6%
Security Information and Event Management (SIEM)
 

Featured Reviews

MM
Information Security Principal at a venture capital & private equity firm with 1,001-5,000 employees
Consolidated security operations have improved detection speed and reduced SOC costs
There is room for improvement when it comes to the technical support quality and expertise of SentinelOne. Sometimes, the technical support team does not know how to resolve certain issues and takes time to respond, often requiring follow-up interactions within 24 hours. SentinelOne Singularity AI SIEM can be improved in terms of support capabilities. Some logs from the server side need to be ingested. Secureworks was integrating with domain controllers and other systems, but SentinelOne still has some gaps. Some vendors cannot be integrated directly. For example, we are using Cisco Umbrella for DNS security, and we have to integrate it through an Amazon S3 bucket where we dump the logs and SentinelOne reads them from that location. For some Microsoft integrations, we must enable certain storage components and pay Microsoft directly to retrieve logs. There is no direct integration, so we must access the logs through that workaround. Previously with Secureworks, we had direct integration with Microsoft. Direct integration with Microsoft is not available now. SentinelOne needs to work on many product integrations to enable direct connectivity.
MD
Senior Vice President IT at AS IT Consulting Pvt. Ltd.
Offers comprehensive report generation while maintaining ease of integration
We need to improve Trellix ESM by making sure that most of the logging devices available in the global market should be covered, and if there is any device which is not covered, there should not be any additional charges for writing the custom parsers on that. We can add some new features regarding AI in the future for Trellix ESM, but the maturity will take a longer time. There are many false positives that happen in an environment during the first couple of months, or around six months, so the system analyst is not able to identify whether the event which has occurred is a true positive or a false positive.
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Comparison Review

VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Outsourcing Company
11%
Manufacturing Company
8%
Construction Company
8%
Healthcare Company
7%
Comms Service Provider
14%
Construction Company
13%
Financial Services Firm
10%
Manufacturing Company
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise3
Large Enterprise3
By reviewers
Company SizeCount
Small Business15
Midsize Enterprise6
Large Enterprise25
 

Questions from the Community

What needs improvement with SentinelOne Singularity AI SIEM?
I would want the false positive ratio to be lower and would want to improve that aspect so the true will be more, and the false will be lesser. Other than false positives, the true will be increase...
What is your primary use case for SentinelOne Singularity AI SIEM?
We discuss with customers whether they want to go on a cloud or on-premises for the usual use cases of SentinelOne Singularity AI SIEM that I work with mostly. If a customer has a SentinelOne EDR, ...
What advice do you have for others considering SentinelOne Singularity AI SIEM?
Correlation, alerting, reporting, and helping with the AI-based alerts generated by the AI are the usual use cases. The parsing is already built into SentinelOne Singularity AI SIEM. There is no ch...
What is your experience regarding pricing and costs for McAfee ESM?
When discussing Trellix ESM pricing and licensing, if you consider some premium product, the pricing also has to be premium, however, enterprise customers who look for a premium product, alongside ...
What needs improvement with McAfee ESM?
Areas of Trellix ESM that could be improved or enhanced include checking on the clients who are still on-prem, especially banks, as most are not moving everything to the cloud due to confidentialit...
What is your primary use case for McAfee ESM?
My customer's usual use case for Trellix ESM involves one client, as most of the users have moved to ESM. Nowadays, they don't use IPS only, since McAfee IPS is standalone; they incorporate firewal...
 

Also Known As

No data available
McAfee ESM, NitroSecurity, McAfee Enterprise Security Manager
 

Overview

 

Sample Customers

Information Not Available
San Francisco Police Credit Union, Wªstenrot Gruppe, Volusion, California Department of Corrections & Rehabilitation, Government of New Brunswick, State of Colorado, Macquarie Telecom, Texas Tech University Health Sciences Center, Cologne Bonn Airport
Find out what your peers are saying about SentinelOne Singularity AI SIEM vs. Trellix ESM and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.