Sold by: SentinelOne
Deployed on AWS
SentinelOne Singularity AI SIEM revolutionizes your security operations on AWS. Eliminate the skyrocketing ingestion costs and data overloads of legacy SIEMs by utilizing Observo AI to filter data volumes. This provides a deeper, richer dataset, enabling smarter and more accurate detections, accelerated generative AI investigations, and precise responses with Singularity Hyperautomation. AI SIEM is fundamentally shifting the role of security analyst from manual, repetitive tasks to strategic defense. Empower your team to accelerate investigations and mitigate critical risks with a fast, scalable, and intelligent SIEM built for the Autonomous SOC.
4.3
Overview
SentinelOne Singularity AI SIEM is a cloud-native SaaS solution that revolutionizes security operations by unifying cutting-edge generative and agentic AI with advanced hyperautomation. This fundamentally shifts the security analyst's role from repetitive, manual tasks to strategic threat analysis and proactive defense, enabling teams to operate with unprecedented speed and efficiency.
Unlike legacy SIEMs, our platform is built on an open, unified data lake designed for the scale and speed of modern cloud environments. It processes rich, unfiltered data to deliver autonomous threat mitigation, drastically reducing alert fatigue and mean time to resolution (MTTR) for AWS customers.
Key Features & Benefits
Autonomous & Agentic AI: Critical threats are autonomously mitigated by our AI, seamlessly augmenting human analysts for effective threat hunting and investigations.
Hyperautomation Workflows: Streamline security operations with no-code automation to design and deploy workflows that automate triage, investigation, and response processes.
Observo AI for Data Optimization: Our integration gives you an AI-native pipeline that ingests, enriches, and optimizes data before it reaches the SIEM. This reduces ingestion costs by ensuring you only pay for critical security posture data.
Purple AI for Accelerated SecOps: Our generative AI analyst is built into the platform to reduce manual effort. It provides instant summaries and automates threat hunting with natural language to accelerate investigations.
Seamless AWS Integrations
SentinelOne Singularity AI SIEM is designed to integrate seamlessly into your AWS security ecosystem, providing enhanced visibility and simplified operations.
Amazon Security Lake: Ingest high-fidelity security data from SentinelOne and other sources into Amazon Security Lake for a unified view, simplifying compliance and enabling in-depth threat hunting.
AWS Security Hub: Automatically send and receive security findings, allowing for centralized management and a comprehensive security posture assessment across your entire AWS environment.
Amazon GuardDuty: Enhance your threat detection by correlating SentinelOne data with findings from GuardDuty, gaining a deeper understanding of malicious activity in your AWS accounts.
AWS AppFabric: Get a unified, contextualized view of user activity across your SaaS applications and your AWS environment, improving your ability to detect and respond to insider threats and compromised accounts.
NEW - AWS Security Incident Response: Manage security incident response across AWS environments within Hyperautomation's no-code canvas, adding context from both external and internal sources and reducing MTTR.
Experience the Autonomous SOC
Break free from the limitations of legacy SIEMs and empower your security team to focus on what matters most. With SentinelOne Singularity AI SIEM on AWS, you can achieve faster threat detection, more efficient investigations, and a stronger security posture.
Highlights
- 100x faster than legacy SIEM
- 50% lower operational costs and 246% ROI compared to legacy SIEM
- 99% reduction in risk exposure, and 80% faster threat detection compared to AI SIEM
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Access real-time vendor security and compliance information through their Trust Center powered by Drata. Review certifications and security standards before purchase.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Contact us for pricing | Daily ingestion starting from $721 | $125,000.00 |
Vendor refund policy
Contact us for refund questions or concerns.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
Support is available for these solutions via telephone or our customer support portal. Contact: 1-855-868-3733 General Inquiries: sales@sentinelone.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Unlock enterprise-wide security for your AWS environment with SentinelOne Singularity Platform. This AI-powered solution provides real-time threat detection and automated response across your infrastructure, ensuring continuous protection at infinite scale. By autonomously securing endpoints, cloud workloads, and identity, SentinelOne delivers total visibility while eliminating security silos. Integrate seamlessly with AWS and leverage our unified data lake and Purple AI to accelerate investigations and gain deeper insights. Secure your AWS cloud and focus on innovation with the speed and efficiency of AI.
Block attacks and secure your entire cloud with SentinelOne Singularity Cloud Security, an AI-powered CNAPP providing deep visibility and robust, real-time protection to defend your AWS environment from initial access to mission target. It unifies proactive exposure management, and real-time protection to safeguard your AWS infrastructure, workloads (VMs, containers), and data with AI-powered detection and automated response. Try Cloud Security for free!
Purple AI Model Context Protocol (MCP) Server provides secure, seamless integration between the Singularity Platform and any AI framework or large language model. Acting as a universal translator and intelligence hub, it empowers developers and partners to build custom agentic AI experiences powered by the full context and analytics of the SentinelOne platform. The open-source Purple AI MCP Server is available today on GitHub and will also be deployable as an EKS and through Amazon Bedrock, using Agent Core. Users will need to have an active deployment of SentinelOne console and be able to obtain the SentinelOne Singularity Console token and url to be able to deploy and use the Purple AI MCP server.
Empower your organization to safely and securely embrace AI.
Customer reviews
Prince Joseph
Advanced AI-driven monitoring has strengthened investigations and now prioritizes critical threats
Reviewed on Mar 27, 2026
Review from a verified AWS customer
What is our primary use case?
For us, the use case is primarily to analyze security events that are coming in and also events that are kept over a period of time, to track and use it for investigation and maybe analysis, sometimes even forensics.
What is most valuable?
SentinelOne Singularity AI SIEM improves my response time to sophisticated threats in two ways: it helps me to identify which ones I need to act on, which means I am not wasting time on the things I do not need to worry about or can be a lower priority. In that respect, it helps me to prioritize and act on what needs to be acted on first, so it brings it to the surface faster.
Regarding AI-driven threat detection capabilities, I have a positive impression; when it is working very well, I do not really know if it is working, but when it does not work and if I have been hit by something, then I know it did not work. My SOC team seems to be utilizing it fully, and we have been kept secure and without any breach, which I think is probably the only proof we can give. The number of events and logs that it detects is numerous and very high, so it is doing its job. Fingers crossed, we do not have anything to report where we find that we have been broken into.
SentinelOne Singularity AI SIEM 's AI-powered analytics does affect our SOC's ability to reduce false positives; that is one of the biggest advantages because the manpower that I have is limited. The tool should be able to do a lot more of the first-level analysis, and what is flagged up for the man in the middle or the man to act on should be things that really need validation, meaning it has been correlated properly and brought up for visibility and action. In this manner, it is actually helping us to protect our security operations very effectively.
It does affect my efficiency in investigating alerts and responding to incidents; we have gone to the point of using SentinelOne Singularity AI SIEM now, and our SOC is mainly dependent on SentinelOne Singularity AI SIEM . That is becoming the foundation on which all these activities and tasks are being run, and when it is all coming together, we are seeing that it is far more effective. I hope it stays that way.
What needs improvement?
I would not say there is anything that could be better in SentinelOne Singularity AI SIEM; I think we have seen something unique in the product. This product has the potential to add more SOC functionality on top of its SIEM, which can automate a few more things because I have the information there. I need to do what I would call security agents or agentic AI to be built on top; it can take care of a lot more analysis and actions. Maybe licensing cost can also be looked at and reduced.
We are still to see the automated feature work a little bit more; we are not really using it to the full extent.
For how long have I used the solution?
With SentinelOne Singularity AI SIEM, I have been dealing with this product for under a year, at seven or eight months now.
What do I think about the stability of the solution?
There has been no issue with stability; it was perfectly fine.
What do I think about the scalability of the solution?
Scaling out, we did not face an issue because we are always looking to see where we are deploying it and what the coverage is, so no challenges are seen there.
How are customer service and support?
I am happy with the technical team of SentinelOne Singularity AI SIEM; they are pretty good. I would rate the technical support as eight to nine.
How was the initial setup?
The deployment process was straightforward; we did not face any challenges in that.
What about the implementation team?
It was largely done by my in-house team; I have a fairly competent in-house team. We did have a partner through whom we procured the product, so they were available on standby, but even more than the partner, I think the SentinelOne Singularity AI SIEM technical team was also available to us. Their guidance was good enough.
What was our ROI?
In terms of ROI, it is hard to justify; the good thing is if there is a cost to an incident, I think we are protected. If we are not having any incidents, then it is doing its job, but I am not able to convince people about it. Overall, my perspective should be about my security budget in this space, how it benchmarks, and from that perspective, how the metrics are showing. If I am spending more compared to my peers in this space and the value that I am getting is the same as what they are getting, then I am probably overpaying. However, if I am in the middle of the park kind of range, then it is probably optimally priced. At the moment, I feel the pricing is a little bit on the higher side, but the tool is positioned in a place where risk is very high, and we do not want to take chances, so we are prepared to pay the premium.
Which other solutions did I evaluate?
We have looked at other XDR products, but the strength of SentinelOne Singularity AI SIEM's SIEM, their logs, the event log capture part, which can also take in logs from other non-SentinelOne entities, stands out as quite unique. The automation that is possible on the AI platform adds to that as well. When your footprint is all on SentinelOne Singularity AI SIEM in terms of VDR, then adding to that the same from the same suite is going to be helpful. At the moment, I see them as leading in their spaces.
What other advice do I have?
I assess the overall security posture of the company after implementation as positive; I see a big impact on that. I would rate this review as an overall eight.
Which deployment model are you using for this solution?
On-premises
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
reviewer2811069
AI-driven workflows have transformed incident response speed and reduced false positives
Reviewed on Mar 23, 2026
Review from a verified AWS customer
What is our primary use case?
I use SentinelOne Singularity AI SIEM for endpoint security, including EDR and SIEM-based monitoring, as well as for XDR . I monitor endpoints for security reasons and receive alerts when suspicious or malicious activity is detected. When I find anything suspicious or malicious, I investigate it further.
What is most valuable?
I particularly appreciate a feature called Purple AI , which is an AI-based tool that allows us to fetch logs and investigate through a single prompt. It is useful for providing a brief summary of what has happened without needing to review logs in detail. Through this AI capability, we can understand exactly what has been occurring.
There is significant automation we can implement through a feature called hyper-automation. We can automate workflows easily using a drag and drop interface, rather than writing scripts. This makes automation in SentinelOne very straightforward.
I would say the quality is top-notch. It provides perfect summaries, has reduced our response time, and helps us reduce false positives. We receive mostly true positive alerts and do not need to write additional detection rules. SentinelOne Singularity AI SIEM can detect new sophisticated threats and zero-day attacks on its own without requiring rules from us. This automated detection capability is something I truly appreciate.
What needs improvement?
SentinelOne Singularity AI SIEM has some performance and reliability issues that need improvement. The interface flickers frequently, and sometimes it does not load properly. When this happens, we have to log out and log back in, or refresh the page before we can see the alerts. Sometimes the interface will be blank. These performance and reliability issues need to be addressed.
For how long have I used the solution?
I have been using SentinelOne Singularity AI SIEM for more than one year.
What do I think about the stability of the solution?
I would rate the stability at six out of ten.
What do I think about the scalability of the solution?
I would rate scalability at seven out of ten. SentinelOne Singularity AI SIEM handles a large environment fairly smoothly and works well. The performance depends on the configuration. If it is properly configured, it works well for large environments as well.
How are customer service and support?
I would rate the technical support at eight out of ten. SentinelOne Singularity AI SIEM has AI-based technical support available. When we have questions or require documentation, we receive it promptly. The support is good.
Which solution did I use previously and why did I switch?
Compared to other tools we have used, such as Sumo Logic, Splunk, and CrowdStrike, those solutions do not have as much AI capability. After using SentinelOne Singularity AI SIEM, it has reduced our incident response time by forty to fifty percent compared to other tools.
What was our ROI?
SentinelOne Singularity AI SIEM has reduced our response time to true positive alerts by approximately forty percent through automation. For false positive reduction, it has decreased our false positive rate by fifty percent.
Which other solutions did I evaluate?
I can appreciate SentinelOne Singularity AI SIEM primarily for its AI capability. For this reason, we switched to SentinelOne Singularity AI SIEM. It has behavioral AI plus machine learning that has been integrated. We chose SentinelOne Singularity AI SIEM mainly because of its AI capability. It is a unified platform that provides a unified view of security alerts without requiring us to look at other data sources or switch between different tools. This has reduced the time required for faster detection and response.
What other advice do I have?
I would recommend SentinelOne Singularity AI SIEM to other users. Most tools do not have the same level of AI capability. SentinelOne Singularity AI SIEM has Purple AI and hyper-automation features that I can suggest to other users based on these capabilities.
SentinelOne Singularity AI SIEM has improved our SOC's efficiency in investigating alerts and responding to incidents through its AI capability. It provides us a unified view of entire alerts. We do not need to go to other data sources to understand what happened. It connects all the dots and gives us a unified alert view without requiring us to navigate to other tabs. We can see what happened from start to end. Cybersecurity and hacker tactics are constantly evolving, and we are seeing many sophisticated attacks nowadays. SentinelOne Singularity AI SIEM detects these attacks by itself without needing predefined rules, using machine learning and behavioral baselines to detect anomalies and trigger alerts. Additionally, Purple AI automatically provides a summary of incidents explaining what has happened in simple terms without requiring deep investigation into alerts or logs. This explanation of what was abused helps us make faster decisions about whether an incident is truly a threat or a false positive alert.
SentinelOne Singularity AI SIEM has significantly impacted our security tasks and reduced manual effort. We have requirements from clients we provide services for regarding particular alerts or unreported data. We can automate notifications to the customer when these conditions occur without manually creating a ticket. SentinelOne Singularity AI SIEM can automatically notify the user. We also use it for responding to alerts. In some cases, we need to disconnect an endpoint from the network to prevent malicious activity from spreading. We use hyper-automation to automatically disconnect endpoints or remove malicious files if they are present on an endpoint.
I give this product an overall rating of eight out of ten.
Mohan Janarthanan
AI-driven monitoring has improved real-time threat detection but still needs better automation
Reviewed on Mar 20, 2026
Review provided by PeerSpot
What is our primary use case?
I am using SentinelOne Singularity AI SIEM as a customer only, and I have taken it very recently. I am using it to get visibility of investigating my alerts based on the alert events received from my endpoints. For AI-driven applications, I want to have end-to-end visibility, which is where the observability piece comes in. I am using it primarily for the AI part, as this product will cover my real-time data detections. I am planning on implementing it for my AI-driven applications.
What is most valuable?
AI-driven capabilities will give me real-time detection and will protect my autonomous AI interruption. We are using NLP language where my prompt engineer will upload some sensitive data. This can be detected and can protect my sensitive data from exfiltration. The AI-driven threat detection capabilities improve our overall security posture. By enabling the power of these capabilities, I can allocate my engineers or analysts in a more effective manner instead of allocating them on a day-to-day basis, which plays the major role.
What needs improvement?
I could see some workflows, but I am unable to do automated workflows. For example, some repetitive jobs or repetitive tasks I am doing, but I am trying to have less manual intervention on the front. I am raising some issues that should be resolvable. The SentinelOne team has told me that this can be resolved within a couple of months, but they are saying that it is in future for enhancement and it may take some time. So far, the numbers are great.
Regarding disadvantages or areas for improvement, I could say that 35 percent of my manual effort can be detected since I implemented it very recently. I could be able to say my current data talks about only 35 percent, and it may improve further, as I am expecting. But I can only comment based on my alerts and events. The adoption rate will be less compared to other products, as this can be a time-taken process because all my data needs to be offloaded and the system needs to understand my existing alerts, logs, and other things. This will take some more time, probably another month.
Another area for improvement is that the product is somewhat expensive. Pricing could be improved as well.
What do I think about the stability of the solution?
I have not experienced any incidents as of now. Regarding downtime, performance, and stability in general, my experience with the system downtime has been good.
What do I think about the scalability of the solution?
SentinelOne Singularity AI SIEM is scalable in general. However, I carefully take the governance piece because it is an AI adoption and not a simple one. Protecting guardrails and getting visibility is a little challenging. I will carefully design our governance piece because with any AI adoption, the end goal should be more governance and data security and safety.
How are customer service and support?
As of now, I have not faced many issues with technical support from SentinelOne. They are good. I would give eight out of ten for technical support because I am not sure how other solutions work, so I will take some time to fully evaluate.
How would you rate customer service and support?
Positive
What about the implementation team?
My deployment was done with a partner and not in-house.
What was our ROI?
I have checked with Check Point and CrowdStrike when comparing competitors. This particular new AI era is new, and people are more focused on the AI part, but the outcome discussions are what matter. Because it is new technology, I do not have that much clarity on the costing front. However, this is not too expensive and it is not a white elephant. It is somewhere in the middle. If I take this trio of Check Point, SentinelOne, and CrowdStrike, SentinelOne is the most expensive among them.
Which other solutions did I evaluate?
All other products are having the same limitations. After every quarter or every release, they are also evolving. It is not only with SentinelOne. I have also checked with Fortinet and other products from Cisco.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
reviewer2805261
Advanced AI detection has reduced false positives and currently protects endpoints from new threats
Reviewed on Mar 06, 2026
Review provided by PeerSpot
What is our primary use case?
The main use cases for SentinelOne Singularity AI SIEM are endpoint protection and EDRs. When you compare the EDRs with Trend Micro and others, you will find many false positives, but SentinelOne gives you the best protection. It uses its AI to scan and find new malware, how new attackers are behaving, and addresses zero-day attacks as well. It is quite good, but the only downside is that it is costly.
What is most valuable?
The best features in SentinelOne Singularity AI SIEM include AI capabilities; they have two types of AI. First, AI is on the dashboard, which you can interact with, such as asking for logs of the last ten days, and it will provide them to you. This is one type of AI, similar to a chatbot. The other AI operates in the back end to find malware. It employs a combination of AI and ML to check for viruses or any other malicious processes, including fileless attacks.
The impression I have of the AI-driven threat detection capabilities of SentinelOne Singularity AI SIEM is that it is good and working fine, and I have never found any complaints from any customer. The dashboard is also quite simple.
What needs improvement?
When it comes to room for improvement, I would say the analysis page can be improved.
In terms of improvement, you can add more detection features.
For how long have I used the solution?
I have been working with SentinelOne Singularity AI SIEM for almost six months.
What do I think about the stability of the solution?
I have not seen any stability or scalability issues with it; it is usually license-based, so when you are buying, you typically know how much you need.
In terms of performance stability, I have never had any crashes, downtimes, or performance issues.
What do I think about the scalability of the solution?
The scalability of SentinelOne Singularity AI SIEM in adapting to an organization's growing data or complex IT structures is good, but it actually depends on the person who is managing it and how they make the policies; it totally depends on the policies they are making.
How are customer service and support?
My thoughts on the tech support of SentinelOne Singularity AI SIEM are that it is good and AI-based, and the documentation is also good compared to other solutions I have seen.
Which solution did I use previously and why did I switch?
The benefits of SentinelOne Singularity AI SIEM include that most of the customers who use it upgrade from their existing endpoint solutions. Many are using Trend Micro endpoints, Check Point endpoints, or others, and they are unhappy, especially with solutions such as Kaspersky. When they face attacks such as ransomware and are dissatisfied with their existing solutions, they switch to SentinelOne Singularity AI SIEM, which is quite good in detecting unknown threats, cleaning the system, and handling ransomware.
How was the initial setup?
Regarding the initial setup of SentinelOne Singularity AI SIEM, I can walk you through the deployment process: you can sync your AD, and the agent installation can also be automated. You can push it directly from your Microsoft Active Directory using GPO, which makes it easy. The agent installation can be automated, so I do not think it takes much time. However, since it is an endpoint tool, you have to consider policies for different departments, including allow lists and block lists, so deploying any endpoint does take some time.
What about the implementation team?
We are not directly system integrators of the product, but we sell through Lenovo.
Which other solutions did I evaluate?
Apart from the Harmony, I work with various CloudGuard Check Point products, and I also have a certification for SOCRADAR. I work with SOCRADAR and still have hands-on experience doing POCs and demos with SOCRADAR. I have recently done POCs or demos with SOCRADAR. We are working with an alternate solution for that, and it is a new solution.
What other advice do I have?
SentinelOne Singularity AI SIEM has many features, and my recommendation is to utilize all of them, but people often do not use them all. It would be helpful to automate it or use playbooks to take full advantage of the features. I rate this product a nine out of ten.
Fabian Brandt
AI-driven observability has transformed threat detection and now provides full incident visibility
Reviewed on Feb 26, 2026
Review from a verified AWS customer
What is our primary use case?
Our use case with SentinelOne Singularity AI SIEM is primarily AI observability for a large part. We are using it for SIEM purposes as well. Prior to the inclusion of Purple AI , it was exclusively SIEM .
What is most valuable?
The best features of SentinelOne Singularity AI SIEM are 100% Purple AI .
In addition to that, though somewhat tedious, the implementation of any data you want is a feature of SentinelOne Singularity AI SIEM, and also the option to analyze that via Purple AI to some degree. Additionally, the existence of a large catalog of native integrations is valuable.
Overall, I would assess the overall security posture after implementing SentinelOne Singularity AI SIEM as significantly improved. We finally have visibility into things that were never visible before. When talking to new customers and onboarding them, it is always apparent that there are so many things in their environment that they never even really knew about and had no visibility into. They previously needed to go through obscure, hard-to-use, and weird tooling to potentially access this information. Having all of that in SentinelOne Singularity AI SIEM makes it so much easier.
What needs improvement?
In AI SIEM, the areas that have room for improvement are the parsers for third-party integrated data or for third-party data sources that are not native integrations, which could be made a bit easier. I did hear that there is something on the horizon for this, but that is an area that could be made less tedious.
Potentially to some degree, the evaluation of singular events in SentinelOne Singularity AI SIEM could improve. Sometimes they are painting the devil on the wall where there is not really a big issue, just a normal, everyday event. Those are sometimes taken a bit too negatively.
For how long have I used the solution?
I am still using SentinelOne Singularity AI SIEM presently.
What do I think about the stability of the solution?
When it comes to stability, I would give SentinelOne Singularity AI SIEM a nine. There are no really noticeable glitches or bugs. There used to be a few availability issues, but those are essentially mitigated by now. SentinelOne has taken those very seriously and in the past months, which might have been almost a year by now, I have not really noticed any availability issues.
How are customer service and support?
I would rate the technical support of SentinelOne Singularity AI SIEM a nine.
How was the initial setup?
As for maintenance required with SentinelOne Singularity AI SIEM, I would say it is even easier than the base product because you do not really onboard new data sources that often. If I put it into times a year, I would say it might be twice a year-ish that you need to do maintenance work essentially. Of course, if you want to add new detections or anything, that can be whenever, but I would not really consider that maintenance.
For others looking to implement SentinelOne Singularity AI SIEM, I would recommend starting with a proof of concept. Of course, with a SIEM that is a bit more effort to fully onboard, you might want to get an in-depth demonstration first and see if it meets your needs. Even before the demonstration, ask yourself what you even expect of a SIEM and what points you want from the solution. Once you are in the presentation, you will realize that those can very easily be met and completed with SentinelOne.
Which other solutions did I evaluate?
In comparison, I would assess SentinelOne Singularity AI SIEM favorably to other solutions or vendors such as Splunk, Microsoft, Hunters , Anomali , and Graylog. The nice part about it as well is that you can use AI SIEM standalone. However, the big advantage in my opinion comes from using it with the EDR. If you do that, you just have one of the main issues of SIEMs completely taken care of.
That being the data from the endpoints, in modern SIEMs, you have roughly 80 to 90% of the data is endpoint data. In other SIEMs, you have to pay for those and pay for every bit of data that you put in. With SentinelOne, if it is from the endpoint, you natively have that data and you do not have to pay extra for that, and it is just additional data on top of that. Additionally, combining that with the ability to have all the data in a single data lake means you do not need to use multiple data stores. It is using an open source data format, which is awesome.
What other advice do I have?
My impression of the AI-driven threat detection capabilities of SentinelOne Singularity AI SIEM is great. I am really looking forward to the upcoming feature with agentic incident investigation. If that is actually capable of autonomously investigating incidents across multiple data sources, for example, not just from SentinelOne, it will be transformative. The example I heard recently was an employee of the company opening a normal ticket just stating that their VPN connection is not working. That ticket is also made available to SentinelOne and it will then investigate what is going on with that. In the end, it turned out that this was actually an attack and that employee's VPN connection was hijacked. I am really looking forward to that feature, though it is not here yet, but even right now, it is great.
In terms of assessing the efficiency of SentinelOne Singularity AI SIEM in improving response time to sophisticated threats, you very quickly get an overview of all data and data related to the incident. Even if there is no active incident, you can very quickly get all related information due to the Storylines and Purple AI.
SentinelOne's AI-driven analytics have affected our SOC abilities to reduce false positives, and I would say roughly about 80%.
I would rate this solution a 10 overall.