The primary use cases for SentinelOne Singularity AI SIEM are that we are using it as a replacement for Secureworks. We migrated to and switched to SentinelOne.
SentinelOne Singularity AI SIEM offers comprehensive security information and incident management designed to enhance threat detection, response, and investigation capabilities within enterprise environments.


| Product | Mindshare (%) |
|---|---|
| SentinelOne Singularity AI SIEM | 1.4% |
| Splunk Enterprise Security | 7.3% |
| IBM Security QRadar | 5.3% |
| Other | 86.0% |
| Type | Title | Date | |
|---|---|---|---|
| Category | Security Information and Event Management (SIEM) | Jul 9, 2026 | Download |
| Product | Reviews, tips, and advice from real users | Jul 9, 2026 | Download |
| Comparison | SentinelOne Singularity AI SIEM vs Splunk Enterprise Security | Jul 9, 2026 | Download |
| Comparison | SentinelOne Singularity AI SIEM vs IBM Security QRadar | Jul 9, 2026 | Download |
| Comparison | SentinelOne Singularity AI SIEM vs Wazuh | Jul 9, 2026 | Download |
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| CrowdStrike Falcon | 4.3 | 2.8% | 97% | 139 interviewsAdd to research |
| Splunk Enterprise Security | 4.2 | 7.3% | 94% | 408 interviewsAdd to research |
| Company Size | Count |
|---|---|
| Small Business | 5 |
| Midsize Enterprise | 2 |
| Large Enterprise | 3 |
| Company Size | Count |
|---|---|
| Small Business | 107 |
| Midsize Enterprise | 40 |
| Large Enterprise | 70 |
SentinelOne Singularity AI SIEM is known for its robust capabilities in the realm of cybersecurity, providing organizations with an advanced tool to combat modern threats. The platform integrates machine learning and artificial intelligence to automate threat identification and streamline incident response processes. Its intuitive interface allows teams to manage security events efficiently, ensuring rapid reaction to potential vulnerabilities. As a scalable tool, it adapts to evolving security demands, providing valuable insights to safeguard critical business operations.
What are the important features of SentinelOne Singularity AI SIEM?In industries such as finance and healthcare, implementation of SentinelOne Singularity AI SIEM often means tailored solutions to protect sensitive data, meeting regulatory compliance. These sectors appreciate its capability to provide detailed insights and reduce the risk of data breaches, thus preserving stakeholder trust.
| Author info | Rating | Review Summary |
|---|---|---|
| Information Security Principal at a venture capital & private equity firm with 1,001-5,000 employees | 4.0 | I replaced Secureworks with SentinelOne Singularity AI SIEM due to its native integration, improved security, and cost savings. While it offers excellent threat detection and stability, direct integration for some vendors and technical support responsiveness could improve. |
| Senior Technical Engineer at Safezone Secure Solutions Private Limited | 4.5 | I find SentinelOne Singularity AI SIEM excellent for AI-driven endpoint security, significantly improving threat response and reducing manual tasks via natural language querying. It is stable and scalable, though I'd like more third-party integrations, better IOA insights, and improved customer service. |
| Associate Vice President at Novac Technology Solutions | 4.0 | I use SentinelOne AI SIEM for real-time, AI-driven threat detection and visibility in my AI applications, enhancing security. While appreciating its capabilities, I seek improved automated workflows, quicker adoption, and a lower price point for this expensive solution. |
| Technical Lead at CloudBolt Software | 4.5 | I find SentinelOne Singularity AI SIEM excellent for security, especially for log searching and AI insights, significantly reducing investigation time. Its stability and fast performance are great, though the dashboard lacks customization and integrations. |
| Vice President Cyber Security Practice Head at orbit techsol w pvt.ltd | 5.0 | I highly value its AI-driven detection, automated workflows, and seamless integration, significantly boosting SOC efficiency. While scalable with great support, I believe more on-premises options for OT security and reduced false positives are needed. |
| Group Chief Information Officer at NeST Information Technologies Pvt Ltd | 4.0 | SentinelOne Singularity AI SIEM significantly improves my threat response and SOC efficiency, using AI to reduce false positives. While pricey, its positive security impact justifies the premium, though I desire more automation. |
| Managing Director at iMark Consult | 2.0 | I find SentinelOne's EDR and AI features strong for threat visibility, with favorable pricing. However, the Singularity AI SIEM is immature, lacks on-premise options, and presents integration challenges, making it less suitable for enterprises. |
| IT Security Analyst at a tech consulting company with 11-50 employees | 4.0 | I value SentinelOne Singularity AI SIEM for its powerful AI, Purple AI, and hyper-automation, which significantly reduce response times and false positives. However, interface performance and reliability need improvement, as it often flickers or fails to load properly. |
| IT Security Consultant at Systemhaus for you GmbH | 5.0 | I use SentinelOne Singularity AI SIEM mainly for AI observability and SIEM, and Purple AI is its standout value, boosting visibility and cutting false positives about 80%. It’s stable with strong support, but third‑party parsing and event evaluation can be tedious. |
| Cyber Security Engineer at a retailer with 201-500 employees | 4.5 | I’ve used SentinelOne Singularity AI SIEM for six months and find its AI-driven EDR effective with fewer false positives, strong zero-day and ransomware protection, and an easy dashboard. Setup and support are good; it’s stable but costly, and analysis could improve. |
The primary use cases for SentinelOne Singularity AI SIEM are that we are using it as a replacement for Secureworks. We migrated to and switched to SentinelOne.
SentinelOne Singularity AI SIEM has positively affected my SOC's efficiency in investigating alerts and responding to incidents. Most of the functionality between Secureworks and SentinelOne Singularity AI SIEM is comparable, as both work in the same space.
We primarily switched to SentinelOne Singularity AI SIEM because of its native integration capabilities. We did not need to integrate with other tools because Secureworks was working with SentinelOne agents and they stopped that support. We were required to install a separate XDR client because Secureworks recently joined with Sophos and now wants us to install Sophos endpoint agents on our endpoints. That was a significant undertaking for us. From a financial perspective, SentinelOne was much more suitable for our organization. They offered us a very competitive proposal because we are among the top five SentinelOne customers in Saudi Arabia, and we are actually the first customer in Saudi Arabia. The POC was successful, so we proceeded with the implementation.
The most valuable aspect of SentinelOne Singularity AI SIEM is not actually the features themselves, but rather the integration capabilities with SentinelOne EDR. Previously, we were integrated with Secureworks, but now we are directly integrating with SentinelOne itself for AI SIEM, EDR, and NDR services. We have consolidated everything into one platform.
My impression of the AI-driven threat detection capabilities of SentinelOne Singularity AI SIEM is that it encompasses more than just AI-driven threat detection. We are integrating it with many devices and forwarding logs from multiple sources to SentinelOne Singularity AI SIEM. We are ingesting logs from Fortinet, other firewalls, other security products, and even from the cloud including Microsoft Office 365 and other security products.
SentinelOne Singularity AI SIEM has also been very stable.
There is room for improvement when it comes to the technical support quality and expertise of SentinelOne. Sometimes, the technical support team does not know how to resolve certain issues and takes time to respond, often requiring follow-up interactions within 24 hours.
SentinelOne Singularity AI SIEM can be improved in terms of support capabilities. Some logs from the server side need to be ingested. Secureworks was integrating with domain controllers and other systems, but SentinelOne still has some gaps. Some vendors cannot be integrated directly. For example, we are using Cisco Umbrella for DNS security, and we have to integrate it through an Amazon S3 bucket where we dump the logs and SentinelOne reads them from that location. For some Microsoft integrations, we must enable certain storage components and pay Microsoft directly to retrieve logs. There is no direct integration, so we must access the logs through that workaround. Previously with Secureworks, we had direct integration with Microsoft. Direct integration with Microsoft is not available now. SentinelOne needs to work on many product integrations to enable direct connectivity.
We implemented SentinelOne Singularity AI SIEM in February, and we have been using it for almost eight months now.
SentinelOne Singularity AI SIEM has been very stable.
SentinelOne Singularity AI SIEM's scalability in adapting to our organization's growing data and complex IT structures is flexible. We have not faced any scalability issues so far. Perhaps after one or two years we can discuss challenges we may have encountered, but as of now we have not faced anything related to scalability.
I would rate the technical support from SentinelOne as 8.5 out of ten.
We were using Secureworks before migrating to SentinelOne Singularity AI SIEM. My impression of the AI-driven threat detection capabilities is that SentinelOne Singularity AI SIEM encompasses more than just AI-driven threat detection. We are integrating it with many devices and forwarding logs from multiple sources to SentinelOne Singularity AI SIEM. We are ingesting logs from Fortinet, other firewalls, other security products, and even from the cloud including Microsoft Office 365 and other security products.
SentinelOne Singularity AI SIEM is deployed using a cloud-based SaaS model.
SentinelOne Singularity AI SIEM is used in our company.
When we took the service from SentinelOne, they provided an onboarding process with a dedicated engineer who helped us with all aspects of the implementation. A dedicated engineer from SentinelOne regularly contacts us, assists with configuration, and works with us on implementation details.
I find SentinelOne's pricing to be reasonable and competitive. We have taken SentinelOne Singularity AI SIEM along with the MDR service and also included ITDR (Identity Detection and Response) and EDR. They bundled all these services together and provided them to us as a single package.
SentinelOne offers a SOC service that handles our SOC operations. My impression of the AI-driven threat detection capabilities of SentinelOne Singularity AI SIEM is that it encompasses more than just AI-driven threat detection. We are integrating it with many devices and forwarding logs from multiple sources to SentinelOne Singularity AI SIEM. We are ingesting logs from Fortinet, other firewalls, other security products, and even from the cloud including Microsoft Office 365 and other security products.
We have used the automated workflow feature of SentinelOne Singularity AI SIEM and are still working on it. We started implementing automated workflows almost three months ago. The automated configuration is not a one-time setup, as we are continuously making changes and modifications over time.
I assess the overall security posture of our organization after implementing SentinelOne Singularity AI SIEM as significantly improved. We have developed a security posture that has definitely reached the benchmark. Previously, we were using Secureworks XDR, which is also a very good solution. We ran both solutions in parallel and discovered that Secureworks had almost a ten minute gap in identifying issues compared to SentinelOne, with a five to eight minute difference between the two platforms. The issue with Secureworks XDR is that it was not taking action because their playbooks were not efficient enough, partially because they were integrating with SentinelOne. In contrast, SentinelOne has local integration, so it immediately takes action and responds on the endpoint with automation. If any threat or suspicious activity is detected on any endpoint or server, SentinelOne immediately takes action at the same time. We have definitely increased our security posture.
I would rate SentinelOne Singularity AI SIEM overall as 8.5 out of ten. There are still certain things we are evaluating, so we maintain the rating of 8.5. I am basing this rating on three main factors: the quality of support, the frequency and quality of updates, and the integration and update capabilities. In terms of threat detection, response, and log collection, SentinelOne Singularity AI SIEM is excellent. We do not have any issues with those areas.
SentinelOne Singularity AI SIEM's AI-driven analytics have positively affected our SOC's ability to reduce false positives. We initially encountered false positives, but after configuration and adjustment, it performed much better for us. We now experience very low rates of false positives.
Consolidating multiple tools into SentinelOne Singularity AI SIEM has positively impacted our SOC's operational costs. We now manage our EDR, MDR, view logs, and handle automation all from one consolidated console from SentinelOne Singularity AI SIEM.
The consolidation has also reduced our SOC's operational costs and staffing needs. We are also taking SOC services from SentinelOne itself. SentinelOne has a dedicated SOC service that handles our SOC operations.
SentinelOne Singularity AI SIEM's scalability in adapting to our organization's growing data and complex IT structures is flexible. We have not faced any scalability issues so far. Perhaps after one or two years we can discuss challenges we may have encountered, but as of now we have not faced anything related to scalability.
We currently have five administrators managing this product, each with different roles and responsibilities. Within our structure, we have multiple entities, and we can create entity-wise administrators, which works very well for us.
More than 2,500 users in our company are using this product.
One issue we are facing is that SentinelOne's support team, as part of Amazon, works on updates on Sundays at the weekend. However, Sunday is the first working day for the Middle East region, particularly in Saudi Arabia. We have requested them to address tenant-related issues during our working hours. They are considering this request, and once Amazon establishes operations in Saudi Arabia, our tenant will be shifted to the kingdom and this issue will be resolved.
I would also like to mention the maintenance window for upgrades, which is an area that could be improved. My overall rating for SentinelOne Singularity AI SIEM is 8.5 out of ten.

Clients can use SentinelOne Singularity AI SIEM for endpoint security solutions, and apart from that, we currently have something called prompt security where it is helping us to enhance control over the AI prompts given by end-users. Some end-users tend to feed sensitive data to AI tools like Claude, Gemini, and ChatGPT. We have not implemented it yet, but we have provided a POC for agnostic prompt security.
AI-driven Threat Detection capability is crucial because attackers have started conducting attacks using AI patterns. They analyze the patterns of defending solutions, and based on the defense architecture, they generate the payload according to the environment. To detect those kinds of payloads, we need AI-based threat detection to sense whether they come from a single source or distinct sources, where these kinds of prompts and malicious payloads are being generated.
Real-time monitoring is a must-have functionality for any product, and SentinelOne Singularity AI SIEM has the same response. We can create rules for peculiar situations we encounter, and if those rules get triggered, the system can automatically help isolate or contain that system while providing us alerts at the same time. This way, if a particular user reports not being able to reach anything, we can quickly understand that SentinelOne Singularity AI SIEM has isolated their system.
With the help of this tool, the response time to sophisticated threats has improved significantly, and it recently cuts the MTTR time using Purple AI by 40%.
SentinelOne Singularity AI SIEM allows us to use natural language; we do not need knowledge of scripting or querying languages to correlate threats. We can search in normal, plain, simple English. For example, if I want to check the detections regarding a particular threat in a particular attack surface, I only need to provide it in plain, simple English, and Purple AI will generate a query and summarize the results for that. It has made my job much easier, both for myself and for the SOC teams. With minimal effort, we can get the queries asked by the auditors or forensics teams.
AI analytics reduces the manual tasks and helps us prioritize critical and immediate threats that need to be addressed. The analytical part mainly provides clarity on what we should focus on, which threats to investigate, or if we need to report it or whitelist false positives. These kinds of tasks are largely automated and taken care of.
Knowing which threat we need to look at first based on its criticality makes it easier for us to address it. Getting to the problem is one thing, and with Purple AI, we are able to get answers without using complex queries; we just search for what we are looking for, and it generates the corresponding steps right in the console, which helps us respond to critical threats on an immediate basis.
After implementing SentinelOne Singularity AI SIEM, we can see that we have visibility over all the applications on our endpoints, and it helps us identify which of those applications are more vulnerable or critical, whether high or medium. These kinds of visibilities are available, allowing us to proactively protect the endpoint and our infrastructure.
They could expand more integrations for other third-party products that are not currently available. Those are areas they can improve or have yet to improve.
For example, we have firewall integrations, so if we integrate our firewalls, we will be able to have a log view of the traffic. If traffic is coming from the firewall, we can see from which side a particular threat is coming. Currently, they support only FortiNet, Cisco, and Palo Alto. However, many of our clients use SonicWall firewalls, which are not in SentinelOne Singularity AI SIEM marketplace. They could add SonicWall because it is also a global product that needs to be included.
SentinelOne Singularity AI SIEM is pretty good compared to Charlotte AI from CrowdStrike. However, if it could provide more information on IOA, that would be beneficial. While SentinelOne Singularity AI SIEM does provide those details, leveraging that information to proactively check our systems for vulnerabilities would be better. In Charlotte AI, those functionalities are available. Therefore, the prompt can be improved, and provide more information on the attackers and attacks we are facing. Indicators of compromise are one thing, but IOA is another critical aspect that needs to be taken care of to help organizations proactively improve their cyber defenses against evolving attacks, as many attacks are happening globally. The same attacks may come to India or target our organization as well; thus improving on the IOA part would be beneficial.
I have been working with SentinelOne Singularity AI SIEM for around three to four years.
SentinelOne Singularity AI SIEM is 99% stable with no glitches as of now.
The product is pretty much scalable.
Customer support could be better. Customer support could be better because it is frequently transferred to various agents. This is just one particular case, and I do not want to elaborate further.
The deployment process with SentinelOne Singularity AI SIEM is somewhat complicated. Until some versions, we had scenarios where we needed to reboot machines, impacting deployment. However, with upgraded versions, we can now install the agent without any reboot, showing that they have improved that aspect.
For instance, if you are getting attacked and you use a brand other than SentinelOne Singularity AI SIEM, you will need to contact the OEM for recovery, which takes time. In contrast, with SentinelOne Singularity AI SIEM, we have a rollback option with just an automated click. If the data gets encrypted, it automatically rolls back. This functionality minimizes downtime and the impact of the attack. Looking at that perspective—post-attack damage control—the ROI is better. Using SentinelOne Singularity AI SIEM, data retrieval happens at a much faster rate, allowing production to continue without impact.
The automated workflow feature impacts my security tasks and manual efforts significantly.
Downtime is not necessarily required in scenarios where a particular system has to be isolated. Whether it is a server or a normal endpoint, if an application server faces downtime, the situation differs from a normal endpoint. If an application server needs to be contained, the customer will obviously experience downtime.
The consolidation of multiple tools with SentinelOne Singularity AI SIEM impacts SOC operations positively concerning cost and staffing needs. While I am unsure about staffing because it depends on daily occurrences, it definitely makes work easier for the team. For example, without it, a person can hardly handle two or three threats a day, but with SentinelOne Singularity AI SIEM, they can handle around 10 to 12 threats daily, which makes it much more efficient. SentinelOne Singularity AI SIEM is quite affordable. My overall review rating for this product is 9 out of 10.

I am using SentinelOne Singularity AI SIEM as a customer only, and I have taken it very recently. I am using it to get visibility of investigating my alerts based on the alert events received from my endpoints. For AI-driven applications, I want to have end-to-end visibility, which is where the observability piece comes in. I am using it primarily for the AI part, as this product will cover my real-time data detections. I am planning on implementing it for my AI-driven applications.
AI-driven capabilities will give me real-time detection and will protect my autonomous AI interruption. We are using NLP language where my prompt engineer will upload some sensitive data. This can be detected and can protect my sensitive data from exfiltration. The AI-driven threat detection capabilities improve our overall security posture. By enabling the power of these capabilities, I can allocate my engineers or analysts in a more effective manner instead of allocating them on a day-to-day basis, which plays the major role.
I could see some workflows, but I am unable to do automated workflows. For example, some repetitive jobs or repetitive tasks I am doing, but I am trying to have less manual intervention on the front. I am raising some issues that should be resolvable. The SentinelOne team has told me that this can be resolved within a couple of months, but they are saying that it is in future for enhancement and it may take some time. So far, the numbers are great.
Regarding disadvantages or areas for improvement, I could say that 35 percent of my manual effort can be detected since I implemented it very recently. I could be able to say my current data talks about only 35 percent, and it may improve further, as I am expecting. But I can only comment based on my alerts and events. The adoption rate will be less compared to other products, as this can be a time-taken process because all my data needs to be offloaded and the system needs to understand my existing alerts, logs, and other things. This will take some more time, probably another month.
Another area for improvement is that the product is somewhat expensive. Pricing could be improved as well.
I have not experienced any incidents as of now. Regarding downtime, performance, and stability in general, my experience with the system downtime has been good.
SentinelOne Singularity AI SIEM is scalable in general. However, I carefully take the governance piece because it is an AI adoption and not a simple one. Protecting guardrails and getting visibility is a little challenging. I will carefully design our governance piece because with any AI adoption, the end goal should be more governance and data security and safety.
As of now, I have not faced many issues with technical support from SentinelOne. They are good. I would give eight out of ten for technical support because I am not sure how other solutions work, so I will take some time to fully evaluate.
Positive
My deployment was done with a partner and not in-house.
I have checked with Check Point and CrowdStrike when comparing competitors. This particular new AI era is new, and people are more focused on the AI part, but the outcome discussions are what matter. Because it is new technology, I do not have that much clarity on the costing front. However, this is not too expensive and it is not a white elephant. It is somewhere in the middle. If I take this trio of Check Point, SentinelOne, and CrowdStrike, SentinelOne is the most expensive among them.
All other products are having the same limitations. After every quarter or every release, they are also evolving. It is not only with SentinelOne. I have also checked with Fortinet and other products from Cisco.

After a CrowdStrike issue, we began using their cloud security offering. SentinelOne Singularity AI SIEM is more of an integration to their existing cloud security solution. We have been using this particular solution for more than a year, though slightly less than that range.
I am an observability engineer, and this solution is very helpful for security-related needs. When working in a company that handles a lot of data, particularly infrastructure data, you encounter numerous security alerts due to dependencies and security vulnerabilities on infrastructure machines. When we receive this data from different machines, these are signals. When you get this kind of data, it is almost impossible to do it manually in any way or form. What we need is a sampler that samples consistent data. With the AI SIEM on top of SentinelOne Singularity AI SIEM Observability Cloud security solution, we can filter out many things in terms of telemetry data that we receive. The endpoint telemetry is something we actually focus on with this particular solution, followed by the cloud infrastructure logs. We have used Splunk in the past. After a certain time, if you are not on their cloud offering on a very high tier, they will charge you money excessively or they will throttle your application. This is not the case with SentinelOne Singularity AI SIEM. That is a better approach. We also manage Kubernetes containers and environments through this solution. All the pods used to send a lot of telemetry data, and we can easily identify that. The dashboard, though it has some limited functionalities, works extremely well with what they offer. We use it day in and day out.
As we have the enterprise solution for this, we have used it extensively for Kubernetes pods where we have attached certain authentication systems. We have also used it for a lot of network security events when we have to do a compliance report. We have complete automation around it which provides us the reporting and everything at the end of the day. We have integrated it with our data pipelines also, and it helps us there as well.
The log segregation is my favorite feature. When you want to search over a very high or extremely long range of logs, it helps you tremendously because it becomes very easy to identify vulnerabilities and issues on the ongoing system. Otherwise, what happens with ELK is it becomes very expensive. With Splunk, though it has a data lake on its own, it requires you a good amount of investment. Though their system is more mature than SentinelOne Singularity AI SIEM, the best part about SentinelOne Singularity AI SIEM is the searching capability they have. It is extremely one of the best in the market right now, from what I remember, because their AI also provides you insights. It tells you what is happening in the system and asks you to check that part or check this part. This provides you with an edge when you are looking for vulnerabilities. In my role as a lead engineer in SRE, my domain is observability. There we have a lot of telemetry data. Telemetry data are metrics, logs, and a lot of other alerts. To identify those parts on the security layer, it is extremely good.
I can talk about the amount of tokens we can use. These are limited, though the searches are very extensive. The actual pricing model is something that is handled by the FinOps team, as I have already mentioned before on one of the products, Cribl. We do not have full visibility and observability and telemetry information, but I can provide you engineering insights. Costing is something that every company has their own FinOps team manage everything. If you want to purchase it, you go through that team. I do not know the enterprise costing for that, but I know that cost for an individual purchase. I think it is justified compared to other peers in the market.
What I dislike is that the dashboard is very old, so they do not have much capability to be honest. Dashboard customization is almost nonexistent. What they have is something they offer as standard. They do not have a DataDog style plug and play model where you can add a lot of metrics and it will provide you with them. They basically have pre-built compliance report templates that they just send you, but you do not have a way to customize it further. Currently, as the system is not that mature right now because it has been a very limited offering at the moment for SentinelOne Singularity AI SIEM. Third party integrations are something they lack a lot. I cannot connect it to Grafana or directly to a system which can help me identify things. This is something they lack right now at the moment.
We have been using this particular solution for more than a year, though slightly less than that range.
We have had no issues to be honest. It was compliant and reliable. I have not even seen much AI hallucinating on top of this. It has provided proper patterns and I do not have any complaints.
These things are properly managed and I do not see a problem to be honest. Though data volumes are really high for logs and other things, it worked well. I will say that even the data lake feature they have, in terms of keeping all the logs intact, those log searches are extremely fast on SentinelOne Singularity AI SIEM, even though the data is very high. Whatever you need, you get it fast as simple as that.
We were using something similar before. We were using CrowdStrike extensively for this, but the SIEM approach they have, not the AI feature, is more mature than this. However, due to that outage, our company moved towards SentinelOne Singularity AI SIEM because we had compliance and client issues. Clients specifically asked us to remove CrowdStrike permanently from whatever Windows machines we have for security issues. Something came very strong from one of the companies which we took into account and we changed it across whatever customer we have. We moved with a better alternative. SentinelOne Singularity AI SIEM was relatively a good choice as of now.
The AI integration was pretty straightforward. I did not face any problem. We created some policies and based on those policies, we were able to identify how to integrate it via this. I do not remember the exact steps. I have a document written on it somewhere that I need to pull out. It was a pretty standard thing. You just have to go to some consoles and integrate it based on this. You have to provide the endpoint details and it got integrated very smoothly.
I do not maintain it. My work was just the integration aspect. Maintenance and other aspects are something that one of the other teams manages. These are the security engineers that we have. They actually provide all this information. If you need, I can connect you with them. I can send you their name or information so you can reach out to them.
Definitely, that is what I told you. It has given good ROI on that part where our investigation time has reduced to a certain degree. I will say the gains we get are more than fifty percent to be honest. We have reduced almost fifty percent of the dev's time, or not dev, the security engineer's time, SDs, whatever SECs we had. Even my VP of engineering who manages me is one of the guys who manages security. He is very happy with all this investigation time that we have reduced. We have a metric that we track in the company. This actually shows us a good amount of time. Previously it was a continuous problem for us where we had to manage all these things. An engineer had to be there for one of those problems. Now that is gone. We have a little bit more breathing room. It is not completely gone, but it is manageable now.
The sampling happens based on a single line of code. You do not need this one or a similar kind of logs, or some system should not go and sit in the data lakes. The best part about analytics is you do not have to look into anything. Threat hunting, how it works, the experience of the overall threat hunting aspect has actually improved a lot with AI because you do not want to read telemetry data. Who wants to do that? Who has time to do that? Telemetry data are raw data of signals where metrics and logs are coming in. No one wants to read them. The AI helps on top of it and helps you to make sense out of it or provides patterns. You are seeing that pattern or not. These kind of things matter. The best part is it is relatively faster than its peers because even though the data is more, it is relatively faster. I do not know what kind of algorithm they are using in the back end, but it is extremely good to be honest.
I will strongly recommend this. After SentinelOne Singularity AI SIEM, we have reduced our engineering time to a certain degree as it has helped us to do investigations fast. We get actual alerts that matter, and we can prioritize it properly. The monitoring capability is now completely in one single platform. We do not have to go here and there. This actually has given us good ROI in total.
I am an observability engineer, and my current domain is that. SentinelOne Singularity AI SIEM is very helpful for security-related needs. When working in a company that handles a lot of data, particularly infrastructure data, you encounter numerous security alerts due to dependencies and security vulnerabilities on infrastructure machines. When we receive this data from different machines, these are signals. When you get this kind of data, it is almost impossible to do it manually in any way or form. What we need is a sampler that samples consistent data. With the AI SIEM on top of SentinelOne Singularity AI SIEM Observability Cloud security solution, we can filter out many things in terms of telemetry data that we receive. The endpoint telemetry is something we actually focus on with this particular solution, followed by the cloud infrastructure logs. We have used Splunk in the past. After a certain time, if you are not on their cloud offering on a very high tier, they will charge you money excessively or they will throttle your application. This is not the case with SentinelOne Singularity AI SIEM. That is a better approach. We also manage Kubernetes containers and environments through this solution. All the pods used to send a lot of telemetry data, and we can easily identify that. The dashboard, though it has some limited functionalities, works extremely well with what they offer. We use it day in and day out.
I can talk about the amount of tokens we can use. These are limited, though the searches are very extensive. The actual pricing model is something that is handled by the FinOps team, as I have already mentioned before on one of the products, Cribl. We do not have full visibility and observability and telemetry information, but I can provide you engineering insights. Costing is something that every company has their own FinOps team manage everything. If you want to purchase it, you go through that team. I do not know the enterprise costing for that, but I know that cost for an individual purchase. I think it is justified compared to other peers in the market. I would rate this solution a nine out of ten.

We discuss with customers whether they want to go on a cloud or on-premises for the usual use cases of SentinelOne Singularity AI SIEM that I work with mostly. If a customer has a SentinelOne EDR, the EPS we do not count. The rest of the things we can integrate on a cloud.
Correlation, alerting, reporting, and helping with the AI-based alerts generated by the AI are the usual use cases. The parsing is already built into SentinelOne Singularity AI SIEM.
Detect undetected is a method for SentinelOne Singularity AI SIEM that I have found the most valuable so far. It can improve the true and reduce the false alerts and give a more granular report with a custom dashboard. Whatever the customer wants to see and however the customer wants to see it on the cloud-based SIEM. We can have the S3 bucket where we can manage the data retention from the customer side.
The automated workflow feature of SentinelOne Singularity AI SIEM is very good, which is not in the traditional SIEM. The next-gen is helping customers create multiple workflows, either automatically taking action in a SOAR kind of concept, and then you can create a playbook and multiple runbooks. The beauty of the integration is that it integrates very smoothly with third-party tools, so we do not need to think about the parsers, coding, depending on the codes, or the software developers. That is a good addition to SentinelOne Singularity AI SIEM.
I would want the false positive ratio to be lower and would want to improve that aspect so the true will be more, and the false will be lesser.
Other than false positives, the true will be increased and more focus should be on the OT security operations center. Now everything is on the cloud. Whenever OT security comes into the picture, the customers do not allow us to integrate their OT devices on a cloud. It should be available on-premises because the OT SIEM market, in the India market for instance, is something around a four to eight billion dollar market. Due to limitations on the cloud, we will not be able to configure with the OT SOC or the OT AI SOC.
I want SentinelOne to offer more on-premises integrations to focus on the OT SOC. It is one market which is an untouched market by the SentinelOne team. They have a very good SIEM, but it should be the target industry, the automobile, automotive, and then definitely IT is one of them. Everything is there with IT. The very good controls, integration, no parser requirements. But OT should also be the focus of the SentinelOne team.
I have been working with SentinelOne Singularity AI SIEM for about one and a half years.
I can rate SentinelOne Singularity AI SIEM a four out of five in terms of scalability in adapting to customer growing data and complex IT structures.
Four is because the product is beautiful, and the one reason why it is not a five out of five is because the capability of the SentinelOne pieces is not up to the mark.
It is scalable, and we can increase the compute size. It can scale. There are no challenges. It is good because it is on a cloud, so there is no problem with the scalability.
There are no challenges in handling growing data and complex IT structures because we create a log collector that is on AI. We build the VPN tunnel from all the locations. We pull in the logs. It is a pull and push mechanism. Things work fine. There is nothing critical these days.
The technical support of SentinelOne Singularity AI SIEM is very good, and we are getting support from them. Sometimes, whenever customization is required, they ask for PS. The team sometimes asks for professional services, which the customer does not agree to pay for.
Based on my experience with the technical support of SentinelOne Singularity AI SIEM, I would rate them a ten.
For one year they have been safely managing because they have replaced some of the competition with SentinelOne Singularity AI SIEM, including CrowdStrike.
We do participate in the initial setup of SentinelOne Singularity AI SIEM.
The usual setup process involves the log collectors and the cloud-based device. We create the VPN tunnel from the customer locations, and then we analyze the logs, create the alert, identify the incident, exposure management, and event search. It also works as a data lake, which is very good in SentinelOne Singularity AI SIEM. We have very good vulnerability management, which shows the beauty of the product.
There are no challenges with the initial setup because we have done multiple successful deployments.
The effect of SentinelOne Singularity AI SIEM on our customers' SOC efficiency in investigating alerts and responding to incidents is significant. We align our people, including L1, L2, and L3 engineers, for post-implementation, migration, reporting, alerting, correlations, and the behavior-based SIEM alerts. We align the people and discuss the ROI with the customers on SentinelOne Singularity AI SIEM.
For one year they have been safely managing because they have replaced some of the competition with SentinelOne Singularity AI SIEM, including CrowdStrike.
We do the red teaming to assess the real-time monitoring feature of SentinelOne Singularity AI SIEM. We check whether the real-time alerts are coming or not from the SIEM.
For one year they have been safely managing because they have replaced some of the competition with SentinelOne Singularity AI SIEM, including CrowdStrike.
Correlation, alerting, reporting, and helping with the AI-based alerts generated by the AI are the usual use cases. The parsing is already built into SentinelOne Singularity AI SIEM.
There is no challenge with operations because there are very good training portals where the people learn and perform the operation actively, and there is super training available on the SentinelOne portal through the SentinelOne Training University.
I provide this review with an overall rating of ten out of ten.

For us, the use case is primarily to analyze security events that are coming in and also events that are kept over a period of time, to track and use it for investigation and maybe analysis, sometimes even forensics.
SentinelOne Singularity AI SIEM improves my response time to sophisticated threats in two ways: it helps me to identify which ones I need to act on, which means I am not wasting time on the things I do not need to worry about or can be a lower priority. In that respect, it helps me to prioritize and act on what needs to be acted on first, so it brings it to the surface faster.
Regarding AI-driven threat detection capabilities, I have a positive impression; when it is working very well, I do not really know if it is working, but when it does not work and if I have been hit by something, then I know it did not work. My SOC team seems to be utilizing it fully, and we have been kept secure and without any breach, which I think is probably the only proof we can give. The number of events and logs that it detects is numerous and very high, so it is doing its job. Fingers crossed, we do not have anything to report where we find that we have been broken into.
SentinelOne Singularity AI SIEM's AI-powered analytics does affect our SOC's ability to reduce false positives; that is one of the biggest advantages because the manpower that I have is limited. The tool should be able to do a lot more of the first-level analysis, and what is flagged up for the man in the middle or the man to act on should be things that really need validation, meaning it has been correlated properly and brought up for visibility and action. In this manner, it is actually helping us to protect our security operations very effectively.
It does affect my efficiency in investigating alerts and responding to incidents; we have gone to the point of using SentinelOne Singularity AI SIEM now, and our SOC is mainly dependent on SentinelOne Singularity AI SIEM. That is becoming the foundation on which all these activities and tasks are being run, and when it is all coming together, we are seeing that it is far more effective. I hope it stays that way.
I would not say there is anything that could be better in SentinelOne Singularity AI SIEM; I think we have seen something unique in the product. This product has the potential to add more SOC functionality on top of its SIEM, which can automate a few more things because I have the information there. I need to do what I would call security agents or agentic AI to be built on top; it can take care of a lot more analysis and actions. Maybe licensing cost can also be looked at and reduced.
We are still to see the automated feature work a little bit more; we are not really using it to the full extent.
With SentinelOne Singularity AI SIEM, I have been dealing with this product for under a year, at seven or eight months now.
There has been no issue with stability; it was perfectly fine.
Scaling out, we did not face an issue because we are always looking to see where we are deploying it and what the coverage is, so no challenges are seen there.
I am happy with the technical team of SentinelOne Singularity AI SIEM; they are pretty good. I would rate the technical support as eight to nine.
The deployment process was straightforward; we did not face any challenges in that.
It was largely done by my in-house team; I have a fairly competent in-house team. We did have a partner through whom we procured the product, so they were available on standby, but even more than the partner, I think the SentinelOne Singularity AI SIEM technical team was also available to us. Their guidance was good enough.
In terms of ROI, it is hard to justify; the good thing is if there is a cost to an incident, I think we are protected. If we are not having any incidents, then it is doing its job, but I am not able to convince people about it. Overall, my perspective should be about my security budget in this space, how it benchmarks, and from that perspective, how the metrics are showing. If I am spending more compared to my peers in this space and the value that I am getting is the same as what they are getting, then I am probably overpaying. However, if I am in the middle of the park kind of range, then it is probably optimally priced. At the moment, I feel the pricing is a little bit on the higher side, but the tool is positioned in a place where risk is very high, and we do not want to take chances, so we are prepared to pay the premium.
We have looked at other XDR products, but the strength of SentinelOne Singularity AI SIEM's SIEM, their logs, the event log capture part, which can also take in logs from other non-SentinelOne entities, stands out as quite unique. The automation that is possible on the AI platform adds to that as well. When your footprint is all on SentinelOne Singularity AI SIEM in terms of VDR, then adding to that the same from the same suite is going to be helpful. At the moment, I see them as leading in their spaces.
I assess the overall security posture of the company after implementation as positive; I see a big impact on that. I would rate this review as an overall eight.

We have dealt with SentinelOne Endpoint, and at some point, we also used SentinelOne Singularity AI SIEM, which was introduced somewhere last year. I went on training in South Africa, where there were many questions discussing having one platform that allows control over all endpoints with visibility, which eliminates the need for separate systems. The challenge with SentinelOne Singularity AI SIEM is having an ingester to integrate with it at the syslog level. For some customers, we needed an ingester to integrate with the network devices before we could see them. For the endpoint side, everything was acceptable; we were able to do remediation, ransomware rollback, and everything operates autonomously, so no manual intervention is necessary. In terms of group level, you can assign policies to specific devices in specific environments. Additionally, there was a new introduction to cloud-native apps for cloud security, enabling integration of AWS and Google Suite apps, including Azure platforms, providing visibility, especially for AWS, where we can monitor all Kubernetes clusters and pods, allowing for remediation as vulnerabilities are identified.
The AI features of SentinelOne Singularity AI SIEM are absolutely perfect. There are not any issues because there is a game that you play with SentinelOne. This game allows me to drive a proof of concept for customers. When I play the game, SentinelOne provides a tool called Purple AI, which allows for simple queries just like ChatGPT. This means you do not need an expert to understand what is happening around your endpoints and identify threats. I can simply write, 'What happened to my Windows endpoint in the last seventy-two hours?' and it provides all reports and logs. This functionality makes it accessible even for CEOs and decision-makers to understand their environment better, making it an excellent feature for SOC, giving visibility and clarity.
I did use the automated workflow feature for a client. The automation allows for configuring all integration with endpoints, as well as SentinelOne Singularity AI SIEM. Unfortunately, I was not happy with SentinelOne Singularity AI SIEM because it is not mature yet. When comparing SentinelOne Singularity AI SIEM to platforms like Elasticsearch or Exabeam, or even QRadar, they are more matured. SentinelOne Singularity AI SIEM is designed to provide an affordable platform integrated with endpoints, eliminating the need for separate SIEM deployments. However, the integration of a log ingester in the cloud makes deployment cumbersome and requires an expert or native system integrator for setup.
SentinelOne Singularity AI SIEM should be separated from the overall platform. If the intention is to make it a complete solution and enable SIEM features, separating it would yield better results. You get a lot of noise when it is combined; separating it would mean clearly identifying logs from the EDR or SDR platform to SentinelOne Singularity AI SIEM. This would help in minimizing confusion and panic for customers facing numerous logs and potential false positives. A separate SIEM would allow clearer visibility, and there is a need for an on-premise option, particularly for organizations with data sovereignty concerns. Many institutions prefer to keep their data on-premise due to regulations, so adding an appliance that firms can integrate into their data centers would be valuable. If larger organizations need a SIEM solution, they will likely turn to QRadar or FortiSIEM instead.
I already have experience with SentinelOne because I have been with SentinelOne for the past five years.
In rating the technical support for SentinelOne, it depends on whether we are discussing EDR or SentinelOne Singularity AI SIEM. I would not rate the entire company uniformly. For the EDR, I might rate it around eight out of ten; for SentinelOne Singularity AI SIEM, I would give it five out of ten or two out of five.
Regarding pricing, the pricing of SentinelOne is quite favorable when compared to CrowdStrike. I appreciate the MSSP distribution model. For instance, if I purchase SentinelOne from Exclusive Networks, which I believe is known to you, I can provide it to individuals, allowing them to have SentinelOne installed on their laptops while maintaining the ability to control policies and monitor attacks. The MSSP pricing is negotiable, around thirty-three dollars per endpoint annually. For the reseller level, if support is needed, contacting SentinelOne directly allows me to open a case and access assistance from their engineers, which may cost around fifty dollars per endpoint. Comparatively, SentinelOne is more affordable than CrowdStrike. SentinelOne Singularity AI SIEM pricing also depends on the number of devices onboarded, including switches and firewalls, which all contribute to lowering costs. However, selling a complete cloud solution can be challenging in West Africa due to data sovereignty concerns.
The need for improvement mainly revolves around focus areas. If SentinelOne only concentrates on developed countries, my experience in West Africa suggests disparities. SentinelOne needs to consider implementing an on-premise configuration or introducing a hybrid model. A staging server that sits on-premise allows for better data sovereignty while still using cloud services. If all logs are sent to the SentinelOne cloud, it poses challenges for customers without AWS capabilities.
I would rate SentinelOne Singularity AI SIEM overall at five out of ten. It is not suited for enterprises but works for startups or any environment that relies on cloud resources. My overall review rating for SentinelOne is five out of ten.
I use SentinelOne Singularity AI SIEM for endpoint security, including EDR and SIEM-based monitoring, as well as for XDR. I monitor endpoints for security reasons and receive alerts when suspicious or malicious activity is detected. When I find anything suspicious or malicious, I investigate it further.
I particularly appreciate a feature called Purple AI, which is an AI-based tool that allows us to fetch logs and investigate through a single prompt. It is useful for providing a brief summary of what has happened without needing to review logs in detail. Through this AI capability, we can understand exactly what has been occurring.
There is significant automation we can implement through a feature called hyper-automation. We can automate workflows easily using a drag and drop interface, rather than writing scripts. This makes automation in SentinelOne very straightforward.
I would say the quality is top-notch. It provides perfect summaries, has reduced our response time, and helps us reduce false positives. We receive mostly true positive alerts and do not need to write additional detection rules. SentinelOne Singularity AI SIEM can detect new sophisticated threats and zero-day attacks on its own without requiring rules from us. This automated detection capability is something I truly appreciate.
SentinelOne Singularity AI SIEM has some performance and reliability issues that need improvement. The interface flickers frequently, and sometimes it does not load properly. When this happens, we have to log out and log back in, or refresh the page before we can see the alerts. Sometimes the interface will be blank. These performance and reliability issues need to be addressed.
I would rate the stability at six out of ten.
I would rate scalability at seven out of ten. SentinelOne Singularity AI SIEM handles a large environment fairly smoothly and works well. The performance depends on the configuration. If it is properly configured, it works well for large environments as well.
I would rate the technical support at eight out of ten. SentinelOne Singularity AI SIEM has AI-based technical support available. When we have questions or require documentation, we receive it promptly. The support is good.
Compared to other tools we have used, such as Sumo Logic, Splunk, and CrowdStrike, those solutions do not have as much AI capability. After using SentinelOne Singularity AI SIEM, it has reduced our incident response time by forty to fifty percent compared to other tools.
SentinelOne Singularity AI SIEM has reduced our response time to true positive alerts by approximately forty percent through automation. For false positive reduction, it has decreased our false positive rate by fifty percent.
I can appreciate SentinelOne Singularity AI SIEM primarily for its AI capability. For this reason, we switched to SentinelOne Singularity AI SIEM. It has behavioral AI plus machine learning that has been integrated. We chose SentinelOne Singularity AI SIEM mainly because of its AI capability. It is a unified platform that provides a unified view of security alerts without requiring us to look at other data sources or switch between different tools. This has reduced the time required for faster detection and response.
I would recommend SentinelOne Singularity AI SIEM to other users. Most tools do not have the same level of AI capability. SentinelOne Singularity AI SIEM has Purple AI and hyper-automation features that I can suggest to other users based on these capabilities.
SentinelOne Singularity AI SIEM has improved our SOC's efficiency in investigating alerts and responding to incidents through its AI capability. It provides us a unified view of entire alerts. We do not need to go to other data sources to understand what happened. It connects all the dots and gives us a unified alert view without requiring us to navigate to other tabs. We can see what happened from start to end. Cybersecurity and hacker tactics are constantly evolving, and we are seeing many sophisticated attacks nowadays. SentinelOne Singularity AI SIEM detects these attacks by itself without needing predefined rules, using machine learning and behavioral baselines to detect anomalies and trigger alerts. Additionally, Purple AI automatically provides a summary of incidents explaining what has happened in simple terms without requiring deep investigation into alerts or logs. This explanation of what was abused helps us make faster decisions about whether an incident is truly a threat or a false positive alert.
SentinelOne Singularity AI SIEM has significantly impacted our security tasks and reduced manual effort. We have requirements from clients we provide services for regarding particular alerts or unreported data. We can automate notifications to the customer when these conditions occur without manually creating a ticket. SentinelOne Singularity AI SIEM can automatically notify the user. We also use it for responding to alerts. In some cases, we need to disconnect an endpoint from the network to prevent malicious activity from spreading. We use hyper-automation to automatically disconnect endpoints or remove malicious files if they are present on an endpoint.
I give this product an overall rating of eight out of ten.
Our use case with SentinelOne Singularity AI SIEM is primarily AI observability for a large part. We are using it for SIEM purposes as well. Prior to the inclusion of Purple AI, it was exclusively SIEM.
The best features of SentinelOne Singularity AI SIEM are 100% Purple AI.
In addition to that, though somewhat tedious, the implementation of any data you want is a feature of SentinelOne Singularity AI SIEM, and also the option to analyze that via Purple AI to some degree. Additionally, the existence of a large catalog of native integrations is valuable.
Overall, I would assess the overall security posture after implementing SentinelOne Singularity AI SIEM as significantly improved. We finally have visibility into things that were never visible before. When talking to new customers and onboarding them, it is always apparent that there are so many things in their environment that they never even really knew about and had no visibility into. They previously needed to go through obscure, hard-to-use, and weird tooling to potentially access this information. Having all of that in SentinelOne Singularity AI SIEM makes it so much easier.
In AI SIEM, the areas that have room for improvement are the parsers for third-party integrated data or for third-party data sources that are not native integrations, which could be made a bit easier. I did hear that there is something on the horizon for this, but that is an area that could be made less tedious.
Potentially to some degree, the evaluation of singular events in SentinelOne Singularity AI SIEM could improve. Sometimes they are painting the devil on the wall where there is not really a big issue, just a normal, everyday event. Those are sometimes taken a bit too negatively.
I am still using SentinelOne Singularity AI SIEM presently.
When it comes to stability, I would give SentinelOne Singularity AI SIEM a nine. There are no really noticeable glitches or bugs. There used to be a few availability issues, but those are essentially mitigated by now. SentinelOne has taken those very seriously and in the past months, which might have been almost a year by now, I have not really noticed any availability issues.
I would rate the technical support of SentinelOne Singularity AI SIEM a nine.
Positive
As for maintenance required with SentinelOne Singularity AI SIEM, I would say it is even easier than the base product because you do not really onboard new data sources that often. If I put it into times a year, I would say it might be twice a year-ish that you need to do maintenance work essentially. Of course, if you want to add new detections or anything, that can be whenever, but I would not really consider that maintenance.
For others looking to implement SentinelOne Singularity AI SIEM, I would recommend starting with a proof of concept. Of course, with a SIEM that is a bit more effort to fully onboard, you might want to get an in-depth demonstration first and see if it meets your needs. Even before the demonstration, ask yourself what you even expect of a SIEM and what points you want from the solution. Once you are in the presentation, you will realize that those can very easily be met and completed with SentinelOne.
In comparison, I would assess SentinelOne Singularity AI SIEM favorably to other solutions or vendors such as Splunk, Microsoft, Hunters, Anomali, and Graylog. The nice part about it as well is that you can use AI SIEM standalone. However, the big advantage in my opinion comes from using it with the EDR. If you do that, you just have one of the main issues of SIEMs completely taken care of.
That being the data from the endpoints, in modern SIEMs, you have roughly 80 to 90% of the data is endpoint data. In other SIEMs, you have to pay for those and pay for every bit of data that you put in. With SentinelOne, if it is from the endpoint, you natively have that data and you do not have to pay extra for that, and it is just additional data on top of that. Additionally, combining that with the ability to have all the data in a single data lake means you do not need to use multiple data stores. It is using an open source data format, which is awesome.
My impression of the AI-driven threat detection capabilities of SentinelOne Singularity AI SIEM is great. I am really looking forward to the upcoming feature with agentic incident investigation. If that is actually capable of autonomously investigating incidents across multiple data sources, for example, not just from SentinelOne, it will be transformative. The example I heard recently was an employee of the company opening a normal ticket just stating that their VPN connection is not working. That ticket is also made available to SentinelOne and it will then investigate what is going on with that. In the end, it turned out that this was actually an attack and that employee's VPN connection was hijacked. I am really looking forward to that feature, though it is not here yet, but even right now, it is great.
In terms of assessing the efficiency of SentinelOne Singularity AI SIEM in improving response time to sophisticated threats, you very quickly get an overview of all data and data related to the incident. Even if there is no active incident, you can very quickly get all related information due to the Storylines and Purple AI.
SentinelOne's AI-driven analytics have affected our SOC abilities to reduce false positives, and I would say roughly about 80%.
I would rate this solution a 10 overall.
The main use cases for SentinelOne Singularity AI SIEM are endpoint protection and EDRs. When you compare the EDRs with Trend Micro and others, you will find many false positives, but SentinelOne gives you the best protection. It uses its AI to scan and find new malware, how new attackers are behaving, and addresses zero-day attacks as well. It is quite good, but the only downside is that it is costly.
The best features in SentinelOne Singularity AI SIEM include AI capabilities; they have two types of AI. First, AI is on the dashboard, which you can interact with, such as asking for logs of the last ten days, and it will provide them to you. This is one type of AI, similar to a chatbot. The other AI operates in the back end to find malware. It employs a combination of AI and ML to check for viruses or any other malicious processes, including fileless attacks.
The impression I have of the AI-driven threat detection capabilities of SentinelOne Singularity AI SIEM is that it is good and working fine, and I have never found any complaints from any customer. The dashboard is also quite simple.
When it comes to room for improvement, I would say the analysis page can be improved.
In terms of improvement, you can add more detection features.
I have not seen any stability or scalability issues with it; it is usually license-based, so when you are buying, you typically know how much you need.
In terms of performance stability, I have never had any crashes, downtimes, or performance issues.
The scalability of SentinelOne Singularity AI SIEM in adapting to an organization's growing data or complex IT structures is good, but it actually depends on the person who is managing it and how they make the policies; it totally depends on the policies they are making.
My thoughts on the tech support of SentinelOne Singularity AI SIEM are that it is good and AI-based, and the documentation is also good compared to other solutions I have seen.
Positive
The benefits of SentinelOne Singularity AI SIEM include that most of the customers who use it upgrade from their existing endpoint solutions. Many are using Trend Micro endpoints, Check Point endpoints, or others, and they are unhappy, especially with solutions such as Kaspersky. When they face attacks such as ransomware and are dissatisfied with their existing solutions, they switch to SentinelOne Singularity AI SIEM, which is quite good in detecting unknown threats, cleaning the system, and handling ransomware.
Regarding the initial setup of SentinelOne Singularity AI SIEM, I can walk you through the deployment process: you can sync your AD, and the agent installation can also be automated. You can push it directly from your Microsoft Active Directory using GPO, which makes it easy. The agent installation can be automated, so I do not think it takes much time. However, since it is an endpoint tool, you have to consider policies for different departments, including allow lists and block lists, so deploying any endpoint does take some time.
We are not directly system integrators of the product, but we sell through Lenovo.
Apart from the Harmony, I work with various CloudGuard Check Point products, and I also have a certification for SOCRADAR. I work with SOCRADAR and still have hands-on experience doing POCs and demos with SOCRADAR. I have recently done POCs or demos with SOCRADAR. We are working with an alternate solution for that, and it is a new solution.
SentinelOne Singularity AI SIEM has many features, and my recommendation is to utilize all of them, but people often do not use them all. It would be helpful to automate it or use playbooks to take full advantage of the features. I rate this product a nine out of ten.