What is our primary use case?
SentinelOne Singularity AI SIEM serves as our centralized platform for security data across our environments, enabling real-time threat detection and accelerated incident response. I use it to collect and analyze logs from endpoints, cloud workloads, identity providers, firewalls, and SaaS applications.
We initially used SentinelOne Singularity AI SIEM to identify and investigate a potential account compromise. The platform correlated unusual login activities from our identity provider, multiple authentication attempts, and suspicious PowerShell execution on an endpoint. Rather than having analysts manually check logs from different tools, the AI SIEM automatically connected these events into a single incident. This allowed our SOC team to quickly determine that the credentials were compromised and isolate the affected endpoint.
Our primary use case focuses on improving SOC efficiency by centralizing security telemetry and using AI to correlate alerts from endpoints, cloud identity, and network sources. Instead of investigating isolated alerts, analysts receive prioritized incidents with the full attack timeline. This helps reduce alert fatigue, speed up investigations, and enable faster response to threats such as phishing, credential compromise, and lateral movement.
What is most valuable?
The best feature is that it collects and correlates logs, which is very helpful. We also use it for AI-powered investigations. The platform provides unified visibility, AI-driven alert correlations, threat hunting, automated response, and AI-driven data pipelines. These are the features I found most valuable.
We have been using the AI-driven alert correlation feature extensively. Without AI-driven alert correlation, an employee clicking on a phishing email could exploit our entire organization. The AI automatically recognizes that all of these events are connected because they involve the same user, endpoint, and timeframe. We use it when somebody receives a phishing email or clicks a link, credentials are used from an unusual location, PowerShell is launched, connections are made to a malicious server, and persistence attempts occur. The correlation feature helps us identify and correlate these attacks, determine where the attack started, and find the threat so we can fix it.
The platform brings together AI, automation, and unified visibility in a way that helps security teams work more efficiently. Rather than switching between multiple tools and manually correlating alerts, analysts can investigate incidents from a single console with AI-assisted context. Features such as automated alert correlation, threat hunting, and response workflows help reduce investigation time and improve overall SOC productivity.
One of the biggest positive impacts has been improved operational efficiency for the security team. By centralizing telemetries from multiple sources and using AI to correlate related alerts, we have reduced the time spent on manual investigation. Analysts can focus on higher priority incidents. We have also noticed faster incident detection and response, better visibility across endpoints, cloud, and identity environments, as well as improved collaboration because everyone works from the same incident view.
What needs improvement?
Overall, SentinelOne Singularity AI SIEM is a very strong platform, but there are a few areas where I would like to see improvements. The AI-generated investigations can occasionally require manual validation for complex incidents. Increasing the precision and explainability of AI recommendations would be valuable. I would also appreciate even broader out-of-the-box integrations with third-party security tools and more pre-built detections and response playbooks. Additionally, making dashboards and reporting even more customizable would help organizations tailor the platform to different teams and executive reporting needs.
SentinelOne Singularity AI SIEM is a very strong platform, so I do not have much to suggest for improvement. Those are the main areas I would highlight. Overall, the platform is quite mature, and the improvements I would like to see are more about enhancing usability than addressing major shortcomings. Continued investigation into AI accuracy and explainability, additional native integrations with third-party tools, richer pre-built automation playbooks, and more flexible dashboards and reporting would be beneficial.
For how long have I used the solution?
I have been working in this field for one year.
What do I think about the stability of the solution?
I have experienced no issues with SentinelOne Singularity AI SIEM. It is the best product I have ever used. The platform has been very stable in my experience. I have worked with it, and it is very handy, easy to manage, and excellent with its AI-driven capabilities.
What do I think about the scalability of the solution?
From what I have seen, I have not personally encountered scalability issues, so I cannot point to any specific challenge in a production environment. As with any enterprise SIEM, the main considerations tend to be planning data ingestion, tuning detection rules to minimize noise, and integrating new data sources as the environment expands. Those are common operational considerations rather than unique limitations of the platform.
How are customer service and support?
I have not reached out to customer support yet and have not experienced it directly. However, I have heard from my organization that their customer support is very good. Several of my colleagues have spoken with customer support, and their experience was great.
Which solution did I use previously and why did I switch?
I have only worked with SentinelOne Singularity AI SIEM because I have recently started working. I have seven to eight months of experience, so I have never used any different solution.
How was the initial setup?
My advice would be to plan the deployment carefully, integrate all relevant security data sources, and invest time in tuning detection and automation. SentinelOne Singularity AI SIEM delivers the most value when AI supports experienced analysts by reducing manual work and improving investigation speed rather than operating without human oversight.
What about the implementation team?
My organization is currently a partner of SentinelOne.
What was our ROI?
I cannot provide verified metrics because I was not directly involved in measuring ROI, so I would not want to speculate. My experience is that the value comes from improved analyst productivity, faster investigations, and reduced operational overhead rather than a specific percentage of cost savings.
What's my experience with pricing, setup cost, and licensing?
We actually had a great experience with pricing, setup cost, and licensing. I was not directly involved in pricing or contract negotiation, so I cannot comment on exact licensing costs. My understanding is that SentinelOne offers enterprise licensing based on factors such as the product selected, deployment size, and required capabilities. The platform appears to provide good value because it consolidates multiple security functions into a single platform.
Which other solutions did I evaluate?
I was not directly involved in the product evaluation or selection process, so I cannot accurately state which vendors were formally evaluated. In general, organizations looking at AI-powered SIEM solutions consider options such as Microsoft Sentinel, Google Security Operations, IBM, Falcon Next-Gen SIEM, and Microsoft Defender. However, I have not worked on those solutions, so I only have knowledge of SentinelOne Singularity AI SIEM.
What other advice do I have?
AI-driven analytics can reduce false positives by providing better context and correlating related alerts into meaningful incidents. This helps analysts spend less time investigating false activity and more time responding to genuine threats.
My impression is that the AI-driven threat detection capabilities are one of the platform's key strengths. Overall, I have a positive impression. The AI-driven threat detection helps identify suspicious behavior, correlate related events into meaningful insights, and prioritize higher-risk threats. This enables analysts to investigate and respond more quickly while reducing alert fatigue. Human validation is still important, but the AI provides valuable decision support.
From my perspective, SentinelOne Singularity AI SIEM appears very suited for organizations with growing data volumes and increasingly complex IT environments. The visibility to ingest and correlate telemetry from endpoints, cloud workloads, identity systems, and third-party security tools provides a centralized view as the environment expands. Real-time monitoring impacts our threat identification process significantly.
Based on its capability, SentinelOne Singularity AI SIEM can improve SOC efficiency by correlating alerts, summarizing incidents, and helping analysts prioritize genuine threats. This reduces manual investigation and enables faster incident response while analysts still validate the AI's recommendations for critical decisions.
I think SentinelOne has taken a strong approach to AI governance and security. The platform uses AI to assist analysts with tasks such as alert correlation, investigations, and incident summarization while still allowing human analysts to validate findings before taking actions. From a governance perspective, having role-based access control, audit logs, and centralized visibility helps organizations maintain oversight. It is important to have clear governance policies, regularly review AI-generated recommendations, and ensure automated response workflows are appropriately validated.
Overall, I would rate the accuracy and reliability of the AI capabilities as good. The AI is effective at correlating related alerts, summarizing incidents, and helping analysts prioritize investigations, which can significantly reduce manual effort. However, AI outputs should not be treated as infallible, and for higher impact security decisions, it is still important for analysts to validate the AI findings and recommendations. I would rate this review as an eight out of ten overall.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)