Our use case with SentinelOne Singularity AI SIEM is primarily AI observability for a large part. We are using it for SIEM purposes as well. Prior to the inclusion of Purple AI, it was exclusively SIEM.

The best features of SentinelOne Singularity AI SIEM are 100% Purple AI.

In addition to that, though somewhat tedious, the implementation of any data you want is a feature of SentinelOne Singularity AI SIEM, and also the option to analyze that via Purple AI to some degree. Additionally, the existence of a large catalog of native integrations is valuable.

Overall, I would assess the overall security posture after implementing SentinelOne Singularity AI SIEM as significantly better. We finally have visibility into things that were never visible before. When talking to new customers and onboarding them, it is always apparent that there are so many things in their environment that they never even really knew about and had no visibility into. They previously needed to go through obscure, hard-to-use, and weird tooling to potentially access this information. Having all of that in SentinelOne Singularity AI SIEM makes it so much easier.

In AI SIEM, the areas that have room for improvement are the parsers for third-party integrated data or for third-party data sources that are not native integrations, which could be made a bit easier. I did hear that there is something on the horizon for this, but that is an area that could be made less tedious.

Potentially to some degree, the evaluation of singular events in SentinelOne Singularity AI SIEM could improve. Sometimes they are painting the devil on the wall where there is not really a big issue, just a normal, everyday event. Those are sometimes taken a bit too negatively.

I am still using SentinelOne Singularity AI SIEM presently.

When it comes to stability, I would give SentinelOne Singularity AI SIEM a nine. There are no really noticeable glitches or bugs. There used to be a few availability issues, but those are essentially mitigated by now. SentinelOne has taken those very seriously and in the past months, which might have been almost a year by now, I have not really noticed any availability issues.

I would rate the technical support of SentinelOne Singularity AI SIEM a nine.

As for maintenance required with SentinelOne Singularity AI SIEM, I would say it is even easier than the base product because you do not really onboard new data sources that often. If I put it into times a year, I would say it might be twice a year-ish that you need to do maintenance work essentially. Of course, if you want to add new detections or anything, that can be whenever, but I would not really consider that maintenance.

For others looking to implement SentinelOne Singularity AI SIEM, I would recommend starting with a proof of concept. Of course, with a SIEM that is a bit more effort to fully onboard, you might want to get an in-depth demonstration first and see if it meets your needs. Even before the demonstration, ask yourself what you even expect of a SIEM and what points you want from the solution. Once you are in the presentation, you will realize that those can very easily be met and completed with SentinelOne.

In comparison, I would assess SentinelOne Singularity AI SIEM favorably to other solutions or vendors such as Splunk, Microsoft, Hunters, Anomali, and Graylog. The nice part about it as well is that you can use AI SIEM standalone. However, the big advantage in my opinion comes from using it with the EDR. If you do that, you just have one of the main issues of SIEMs completely taken care of.

That being the data from the endpoints, in modern SIEMs, you have roughly 80 to 90% of the data is endpoint data. In other SIEMs, you have to pay for those and pay for every bit of data that you put in. With SentinelOne, if it is from the endpoint, you natively have that data and you do not have to pay extra for that, and it is just additional data on top of that. Additionally, combining that with the ability to have all the data in a single data lake means you do not need to use multiple data stores. It is using an open source data format, which is awesome.

My impression of the AI-driven threat detection capabilities of SentinelOne Singularity AI SIEM is great. I am really looking forward to the upcoming feature with agentic incident investigation. If that is actually capable of autonomously investigating incidents across multiple data sources, for example, not just from SentinelOne, it will be transformative. The example I heard recently was an employee of the company opening a normal ticket just stating that their VPN connection is not working. That ticket is also made available to SentinelOne and it will then investigate what is going on with that. In the end, it turned out that this was actually an attack and that employee's VPN connection was hijacked. I am really looking forward to that feature, though it is not here yet, but even right now, it is great.

In terms of assessing the efficiency of SentinelOne Singularity AI SIEM in improving response time to sophisticated threats, you very quickly get an overview of all data and data related to the incident. Even if there is no active incident, you can very quickly get all related information due to the Storylines and Purple AI.

SentinelOne's AI-driven analytics have affected our SOC abilities to reduce false positives, and I would say roughly about 80%.

I would rate this solution a 10 overall.