Sold by: SentinelOne
Deployed on AWS
SentinelOne Singularity AI SIEM revolutionizes your security operations on AWS. Eliminate the skyrocketing ingestion costs and data overloads of legacy SIEMs by utilizing Observo AI to filter data volumes. This provides a deeper, richer dataset, enabling smarter and more accurate detections, accelerated generative AI investigations, and precise responses with Singularity Hyperautomation. AI SIEM is fundamentally shifting the role of security analyst from manual, repetitive tasks to strategic defense. Empower your team to accelerate investigations and mitigate critical risks with a fast, scalable, and intelligent SIEM built for the Autonomous SOC.
4.8
Overview
SentinelOne Singularity AI SIEM is a cloud-native SaaS solution that revolutionizes security operations by unifying cutting-edge generative and agentic AI with advanced hyperautomation. This fundamentally shifts the security analyst's role from repetitive, manual tasks to strategic threat analysis and proactive defense, enabling teams to operate with unprecedented speed and efficiency.
Unlike legacy SIEMs, our platform is built on an open, unified data lake designed for the scale and speed of modern cloud environments. It processes rich, unfiltered data to deliver autonomous threat mitigation, drastically reducing alert fatigue and mean time to resolution (MTTR) for AWS customers.
Key Features & Benefits
Autonomous & Agentic AI: Critical threats are autonomously mitigated by our AI, seamlessly augmenting human analysts for effective threat hunting and investigations.
Hyperautomation Workflows: Streamline security operations with no-code automation to design and deploy workflows that automate triage, investigation, and response processes.
Observo AI for Data Optimization: Our integration gives you an AI-native pipeline that ingests, enriches, and optimizes data before it reaches the SIEM. This reduces ingestion costs by ensuring you only pay for critical security posture data.
Purple AI for Accelerated SecOps: Our generative AI analyst is built into the platform to reduce manual effort. It provides instant summaries and automates threat hunting with natural language to accelerate investigations.
Seamless AWS Integrations
SentinelOne Singularity AI SIEM is designed to integrate seamlessly into your AWS security ecosystem, providing enhanced visibility and simplified operations.
Amazon Security Lake: Ingest high-fidelity security data from SentinelOne and other sources into Amazon Security Lake for a unified view, simplifying compliance and enabling in-depth threat hunting.
AWS Security Hub: Automatically send and receive security findings, allowing for centralized management and a comprehensive security posture assessment across your entire AWS environment.
Amazon GuardDuty: Enhance your threat detection by correlating SentinelOne data with findings from GuardDuty, gaining a deeper understanding of malicious activity in your AWS accounts.
AWS AppFabric: Get a unified, contextualized view of user activity across your SaaS applications and your AWS environment, improving your ability to detect and respond to insider threats and compromised accounts.
NEW - AWS Security Incident Response: Manage security incident response across AWS environments within Hyperautomation's no-code canvas, adding context from both external and internal sources and reducing MTTR.
Experience the Autonomous SOC
Break free from the limitations of legacy SIEMs and empower your security team to focus on what matters most. With SentinelOne Singularity AI SIEM on AWS, you can achieve faster threat detection, more efficient investigations, and a stronger security posture.
Highlights
- 100x faster than legacy SIEM
- 50% lower operational costs and 246% ROI compared to legacy SIEM
- 99% reduction in risk exposure, and 80% faster threat detection compared to AI SIEM
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Access real-time vendor security and compliance information through their Trust Center powered by Drata. Review certifications and security standards before purchase.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Contact us for pricing | Daily ingestion starting from $721 | $125,000.00 |
Vendor refund policy
Contact us for refund questions or concerns.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
Support is available for these solutions via telephone or our customer support portal. Contact: 1-855-868-3733 General Inquiries: sales@sentinelone.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Unlock enterprise-wide security for your AWS environment with SentinelOne Singularity Platform. This AI-powered solution provides real-time threat detection and automated response across your infrastructure, ensuring continuous protection at infinite scale. By autonomously securing endpoints, cloud workloads, and identity, SentinelOne delivers total visibility while eliminating security silos. Integrate seamlessly with AWS and leverage our unified data lake and Purple AI to accelerate investigations and gain deeper insights. Secure your AWS cloud and focus on innovation with the speed and efficiency of AI.
Block attacks and secure your entire cloud with SentinelOne Singularity Cloud Security, an AI-powered CNAPP providing deep visibility and robust, real-time protection to defend your AWS environment from initial access to mission target. It unifies proactive exposure management, and real-time protection to safeguard your AWS infrastructure, workloads (VMs, containers), and data with AI-powered detection and automated response. Try Cloud Security for free!
Purple AI Model Context Protocol (MCP) Server provides secure, seamless integration between the Singularity Platform and any AI framework or large language model. Acting as a universal translator and intelligence hub, it empowers developers and partners to build custom agentic AI experiences powered by the full context and analytics of the SentinelOne platform. The open-source Purple AI MCP Server is available today on GitHub and will also be deployable as an EKS and through Amazon Bedrock, using Agent Core. Users will need to have an active deployment of SentinelOne console and be able to obtain the SentinelOne Singularity Console token and url to be able to deploy and use the Purple AI MCP server.
Empower your organization to safely and securely embrace AI.
Customer reviews
reviewer2805261
Advanced AI detection has reduced false positives and currently protects endpoints from new threats
Reviewed on Mar 06, 2026
Review provided by PeerSpot
What is our primary use case?
The main use cases for SentinelOne Singularity AI SIEM are endpoint protection and EDRs. When you compare the EDRs with Trend Micro and others, you will find many false positives, but SentinelOne gives you the best protection. It uses its AI to scan and find new malware, how new attackers are behaving, and addresses zero-day attacks as well. It is quite good, but the only downside is that it is costly.
What is most valuable?
The best features in SentinelOne Singularity AI SIEM include AI capabilities; they have two types of AI. First, AI is on the dashboard, which you can interact with, such as asking for logs of the last ten days, and it will provide them to you. This is one type of AI, similar to a chatbot. The other AI operates in the back end to find malware. It employs a combination of AI and ML to check for viruses or any other malicious processes, including fileless attacks.
The impression I have of the AI-driven threat detection capabilities of SentinelOne Singularity AI SIEM is that it is good and working fine, and I have never found any complaints from any customer. The dashboard is also quite simple.
What needs improvement?
When it comes to room for improvement, I would say the analysis page can be improved.
In terms of improvement, you can add more detection features.
For how long have I used the solution?
I have been working with SentinelOne Singularity AI SIEM for almost six months.
What do I think about the stability of the solution?
I have not seen any stability or scalability issues with it; it is usually license-based, so when you are buying, you typically know how much you need.
In terms of performance stability, I have never had any crashes, downtimes, or performance issues.
What do I think about the scalability of the solution?
The scalability of SentinelOne Singularity AI SIEM in adapting to an organization's growing data or complex IT structures is good, but it actually depends on the person who is managing it and how they make the policies; it totally depends on the policies they are making.
How are customer service and support?
My thoughts on the tech support of SentinelOne Singularity AI SIEM are that it is good and AI-based, and the documentation is also good compared to other solutions I have seen.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
The benefits of SentinelOne Singularity AI SIEM include that most of the customers who use it upgrade from their existing endpoint solutions. Many are using Trend Micro endpoints, Check Point endpoints, or others, and they are unhappy, especially with solutions such as Kaspersky. When they face attacks such as ransomware and are dissatisfied with their existing solutions, they switch to SentinelOne Singularity AI SIEM, which is quite good in detecting unknown threats, cleaning the system, and handling ransomware.
How was the initial setup?
Regarding the initial setup of SentinelOne Singularity AI SIEM, I can walk you through the deployment process: you can sync your AD, and the agent installation can also be automated. You can push it directly from your Microsoft Active Directory using GPO, which makes it easy. The agent installation can be automated, so I do not think it takes much time. However, since it is an endpoint tool, you have to consider policies for different departments, including allow lists and block lists, so deploying any endpoint does take some time.
What about the implementation team?
We are not directly system integrators of the product, but we sell through Lenovo.
Which other solutions did I evaluate?
Apart from the Harmony, I work with various CloudGuard Check Point products, and I also have a certification for SOCRADAR. I work with SOCRADAR and still have hands-on experience doing POCs and demos with SOCRADAR. I have recently done POCs or demos with SOCRADAR. We are working with an alternate solution for that, and it is a new solution.
What other advice do I have?
SentinelOne Singularity AI SIEM has many features, and my recommendation is to utilize all of them, but people often do not use them all. It would be helpful to automate it or use playbooks to take full advantage of the features. I rate this product a nine out of ten.
Fabian Brandt
AI-driven observability has transformed threat detection and now provides full incident visibility
Reviewed on Feb 26, 2026
Review from a verified AWS customer
What is our primary use case?
Our use case with SentinelOne Singularity AI SIEM is primarily AI observability for a large part. We are using it for SIEM purposes as well. Prior to the inclusion of Purple AI , it was exclusively SIEM .
What is most valuable?
The best features of SentinelOne Singularity AI SIEM are 100% Purple AI .
In addition to that, though somewhat tedious, the implementation of any data you want is a feature of SentinelOne Singularity AI SIEM, and also the option to analyze that via Purple AI to some degree. Additionally, the existence of a large catalog of native integrations is valuable.
Overall, I would assess the overall security posture after implementing SentinelOne Singularity AI SIEM as significantly improved. We finally have visibility into things that were never visible before. When talking to new customers and onboarding them, it is always apparent that there are so many things in their environment that they never even really knew about and had no visibility into. They previously needed to go through obscure, hard-to-use, and weird tooling to potentially access this information. Having all of that in SentinelOne Singularity AI SIEM makes it so much easier.
What needs improvement?
In AI SIEM, the areas that have room for improvement are the parsers for third-party integrated data or for third-party data sources that are not native integrations, which could be made a bit easier. I did hear that there is something on the horizon for this, but that is an area that could be made less tedious.
Potentially to some degree, the evaluation of singular events in SentinelOne Singularity AI SIEM could improve. Sometimes they are painting the devil on the wall where there is not really a big issue, just a normal, everyday event. Those are sometimes taken a bit too negatively.
For how long have I used the solution?
I am still using SentinelOne Singularity AI SIEM presently.
What do I think about the stability of the solution?
When it comes to stability, I would give SentinelOne Singularity AI SIEM a nine. There are no really noticeable glitches or bugs. There used to be a few availability issues, but those are essentially mitigated by now. SentinelOne has taken those very seriously and in the past months, which might have been almost a year by now, I have not really noticed any availability issues.
How are customer service and support?
I would rate the technical support of SentinelOne Singularity AI SIEM a nine.
How would you rate customer service and support?
Positive
How was the initial setup?
As for maintenance required with SentinelOne Singularity AI SIEM, I would say it is even easier than the base product because you do not really onboard new data sources that often. If I put it into times a year, I would say it might be twice a year-ish that you need to do maintenance work essentially. Of course, if you want to add new detections or anything, that can be whenever, but I would not really consider that maintenance.
For others looking to implement SentinelOne Singularity AI SIEM, I would recommend starting with a proof of concept. Of course, with a SIEM that is a bit more effort to fully onboard, you might want to get an in-depth demonstration first and see if it meets your needs. Even before the demonstration, ask yourself what you even expect of a SIEM and what points you want from the solution. Once you are in the presentation, you will realize that those can very easily be met and completed with SentinelOne.
Which other solutions did I evaluate?
In comparison, I would assess SentinelOne Singularity AI SIEM favorably to other solutions or vendors such as Splunk, Microsoft, Hunters , Anomali , and Graylog. The nice part about it as well is that you can use AI SIEM standalone. However, the big advantage in my opinion comes from using it with the EDR. If you do that, you just have one of the main issues of SIEMs completely taken care of.
That being the data from the endpoints, in modern SIEMs, you have roughly 80 to 90% of the data is endpoint data. In other SIEMs, you have to pay for those and pay for every bit of data that you put in. With SentinelOne, if it is from the endpoint, you natively have that data and you do not have to pay extra for that, and it is just additional data on top of that. Additionally, combining that with the ability to have all the data in a single data lake means you do not need to use multiple data stores. It is using an open source data format, which is awesome.
What other advice do I have?
My impression of the AI-driven threat detection capabilities of SentinelOne Singularity AI SIEM is great. I am really looking forward to the upcoming feature with agentic incident investigation. If that is actually capable of autonomously investigating incidents across multiple data sources, for example, not just from SentinelOne, it will be transformative. The example I heard recently was an employee of the company opening a normal ticket just stating that their VPN connection is not working. That ticket is also made available to SentinelOne and it will then investigate what is going on with that. In the end, it turned out that this was actually an attack and that employee's VPN connection was hijacked. I am really looking forward to that feature, though it is not here yet, but even right now, it is great.
In terms of assessing the efficiency of SentinelOne Singularity AI SIEM in improving response time to sophisticated threats, you very quickly get an overview of all data and data related to the incident. Even if there is no active incident, you can very quickly get all related information due to the Storylines and Purple AI.
SentinelOne's AI-driven analytics have affected our SOC abilities to reduce false positives, and I would say roughly about 80%.
I would rate this solution a 10 overall.