My usual use cases for SentinelOne Singularity AI SIEM involve deploying this SIEM solution to our clients. SentinelOne Singularity AI SIEM includes MDR and EDR capabilities with their own set of rules and automated actions that would be taken by the MDR team. It is an excellent SIEM solution used to triage alerts and mainly identify any malicious activity. It provides real-time monitoring, so we could know what is happening and what the user is doing.

SentinelOne Singularity AI SIEM has many features including Asset Discovery and inventory capabilities where we can find information about what is occurring with each individual asset. We have inventory and HyperAutomation features with deep visibility. There are numerous features and numerous use cases. Mainly it is used to provide security and SIEM solutions.

SentinelOne Singularity AI SIEM has indeed affected my SOC's efficiency in investigating alerts and responding to incidents. The STAR feature, Purple AI, and HyperAutomation are all excellent capabilities. Going forward, we could automate many alerts and create numerous workflows. When we have that kind of arsenal in our hands, it is very easy for us. As an analyst, I could tell it is the best tool. Whenever I go to work, I spin up the tool and I am ready to work because it is so easy and the UI is good. It does have problems, and I am not telling it is a problem-free SIEM. However, it has good features that help an analyst understand a problem in minutes rather than hours.

SentinelOne Singularity AI SIEM's AI-driven analytics has indeed affected my SOC's ability to reduce false positives in particular. SentinelOne Singularity AI SIEM has something called MDR with predefined rules. Many alerts do not require our attention because they would be handled by automated workflows and automated actions from the MDR team, which is the SentinelOne team. They would be taking care of those alerts because they are the ones who created the rules. We could create custom rules that should be taken care of by us. It has helped significantly. I would rate it eight to nine out of ten for the AI usage and how efficient it has made a SOC analyst, or how it has improved SOC efficiency by having SentinelOne Singularity AI SIEM in our organization.

The features or capabilities of SentinelOne Singularity AI SIEM that I have found most valuable so far include Purple AI, which is very useful because if I get any low severity alert or anything that does not require much analysis, I could just read the synopsis. This tells me what has happened and what activity the user has done, and I could get a roadmap.

Purple AI describes the overall alert scenario. If we have any doubts regarding that, we could ask Purple AI, which would provide insight. Purple AI is built specifically for SentinelOne Singularity AI SIEM and will have an overview with very deep knowledge of the tool. That is also one helpful feature. HyperAutomation allows us to create workflows on our own. I have created a workflow in that, and it is very flexible. As per my experience, I have been continuously using it for approximately six months or more. It is a very good tool. As I mentioned, it has numerous features including HyperAutomation, deep visibility, asset discovery, and endpoint detection.

Regarding the areas of SentinelOne Singularity AI SIEM that I think could be improved or enhanced, I have many things to mention, but the server goes down very often. The tool does not work when it has to work because it has some latency issues and UI issues. When I try to apply filters in the alert section, for example when I am only working on what is assigned to me, I try to filter out what is assigned to me by putting a filter from assigned to Darshan. The filter fails often and it does not refresh on time.

Maybe due to the authentication issue, it locks out or logs out very often. I have faced this issue many times. I will be trying to log in maybe five to ten times in the last thirty minutes because it needs an MFA. I would open up my mobile and always put in an MFA. It is good to have an MFA, but that takes time and that is very irritating.

If they work on their product UI and provide a better feature with less latency, it would be better. The lack of latency is something an analyst could correlate with comparing a laggy Android phone and an Apple phone. Even though you take an older version of Apple phones, the latency is less. That is the issue with SentinelOne Singularity AI SIEM. I have found EngineX errors and other errors such as server 404 errors sometimes. That is very irritating because SIEM solutions should always be up twenty-four hours a day, seven days a week because attacks can happen anytime. The reliability part is my only concern with SentinelOne Singularity AI SIEM.

I have been continuously using SentinelOne Singularity AI SIEM for approximately six months or more.

In terms of stability and reliability, I would give SentinelOne Singularity AI SIEM a rating of six for reliability. As I mentioned, it has very low reliability as a tool to use. It has many features, but it is not efficient to use the tool. You do not love using it for the user experience. It is having a high spec supercar that does not work properly every time.

Regarding how scalable SentinelOne Singularity AI SIEM is in terms of adapting to our organization's growing data and complex IT structure, for scalability I would give it a seven because it is very difficult to implement SentinelOne Singularity AI SIEM. If it is implemented, it is a great tool to use, but it is difficult to implement when thinking about scalability and the complexity of the solution and how difficult it is to implement.

For a moderate or average person, it takes time to understand, and for a skilled person, they would do it in lesser time. Being an analyst and engineer, I could tell it is a moderate to high level difficulty of a task to implement and deploy SentinelOne Singularity AI SIEM. It has the capability to do that.

I often communicate with the technical support of SentinelOne Singularity AI SIEM. We would be communicating, and they even visit our office. I have never been a part of that meeting to be precise, but I join the online calls. When we raise a query with SentinelOne Singularity AI SIEM team regarding any issues we found, such as parser or technical issues, we stay in touch with the SentinelOne Singularity AI SIEM team.

I would rate the SentinelOne Singularity AI SIEM support team eight or nine out of ten. I will give an eight for the support.

After implementing SentinelOne Singularity AI SIEM in our organization, it was already implemented when I joined. When I joined the organization, we had integration for one more client recently. I could explain that. For the client we are integrating, the project is still ongoing. We are in phase two now. The implementation of up to twenty-two data sources has been done. There are many more data sources to be integrated. Integration was moderate because it took time and it is a SIEM, which takes time to implement and understand, build the parsers to determine where the logs are coming from depending on the data sources.

I am a technical person and not a financial person, so I am not the right person to answer financial questions. I would rate SentinelOne Singularity AI SIEM an eight overall.

The main use cases for SentinelOne Singularity AI SIEM are endpoint protection and EDRs. When you compare the EDRs with Trend Micro and others, you will find many false positives, but SentinelOne gives you the best protection. It uses its AI to scan and find new malware, how new attackers are behaving, and addresses zero-day attacks as well. It is quite good, but the only downside is that it is costly.

The best features in SentinelOne Singularity AI SIEM include AI capabilities; they have two types of AI. First, AI is on the dashboard, which you can interact with, such as asking for logs of the last ten days, and it will provide them to you. This is one type of AI, similar to a chatbot. The other AI operates in the back end to find malware. It employs a combination of AI and ML to check for viruses or any other malicious processes, including fileless attacks.

The impression I have of the AI-driven threat detection capabilities of SentinelOne Singularity AI SIEM is that it is good and working fine, and I have never found any complaints from any customer. The dashboard is also quite simple.

When it comes to room for improvement, I would say the analysis page can be improved.

In terms of improvement, you can add more detection features.

I have been working with SentinelOne Singularity AI SIEM for almost six months.

I have not seen any stability or scalability issues with it; it is usually license-based, so when you are buying, you typically know how much you need.

In terms of performance stability, I have never had any crashes, downtimes, or performance issues.

The scalability of SentinelOne Singularity AI SIEM in adapting to an organization's growing data or complex IT structures is good, but it actually depends on the person who is managing it and how they make the policies; it totally depends on the policies they are making.

My thoughts on the tech support of SentinelOne Singularity AI SIEM are that it is good and AI-based, and the documentation is also good compared to other solutions I have seen.

The benefits of SentinelOne Singularity AI SIEM include that most of the customers who use it upgrade from their existing endpoint solutions. Many are using Trend Micro endpoints, Check Point endpoints, or others, and they are unhappy, especially with solutions such as Kaspersky. When they face attacks such as ransomware and are dissatisfied with their existing solutions, they switch to SentinelOne Singularity AI SIEM, which is quite good in detecting unknown threats, cleaning the system, and handling ransomware.

Regarding the initial setup of SentinelOne Singularity AI SIEM, I can walk you through the deployment process: you can sync your AD, and the agent installation can also be automated. You can push it directly from your Microsoft Active Directory using GPO, which makes it easy. The agent installation can be automated, so I do not think it takes much time. However, since it is an endpoint tool, you have to consider policies for different departments, including allow lists and block lists, so deploying any endpoint does take some time.

We are not directly system integrators of the product, but we sell through Lenovo.

Apart from the Harmony, I work with various CloudGuard Check Point products, and I also have a certification for SOCRADAR. I work with SOCRADAR and still have hands-on experience doing POCs and demos with SOCRADAR. I have recently done POCs or demos with SOCRADAR. We are working with an alternate solution for that, and it is a new solution.

SentinelOne Singularity AI SIEM has many features, and my recommendation is to utilize all of them, but people often do not use them all. It would be helpful to automate it or use playbooks to take full advantage of the features. I rate this product a nine out of ten.

Our use case with SentinelOne Singularity AI SIEM is primarily AI observability for a large part. We are using it for SIEM purposes as well. Prior to the inclusion of Purple AI, it was exclusively SIEM.

The best features of SentinelOne Singularity AI SIEM are 100% Purple AI.

In addition to that, though somewhat tedious, the implementation of any data you want is a feature of SentinelOne Singularity AI SIEM, and also the option to analyze that via Purple AI to some degree. Additionally, the existence of a large catalog of native integrations is valuable.

Overall, I would assess the overall security posture after implementing SentinelOne Singularity AI SIEM as significantly improved. We finally have visibility into things that were never visible before. When talking to new customers and onboarding them, it is always apparent that there are so many things in their environment that they never even really knew about and had no visibility into. They previously needed to go through obscure, hard-to-use, and weird tooling to potentially access this information. Having all of that in SentinelOne Singularity AI SIEM makes it so much easier.

In AI SIEM, the areas that have room for improvement are the parsers for third-party integrated data or for third-party data sources that are not native integrations, which could be made a bit easier. I did hear that there is something on the horizon for this, but that is an area that could be made less tedious.

Potentially to some degree, the evaluation of singular events in SentinelOne Singularity AI SIEM could improve. Sometimes they are painting the devil on the wall where there is not really a big issue, just a normal, everyday event. Those are sometimes taken a bit too negatively.

I am still using SentinelOne Singularity AI SIEM presently.

When it comes to stability, I would give SentinelOne Singularity AI SIEM a nine. There are no really noticeable glitches or bugs. There used to be a few availability issues, but those are essentially mitigated by now. SentinelOne has taken those very seriously and in the past months, which might have been almost a year by now, I have not really noticed any availability issues.

I would rate the technical support of SentinelOne Singularity AI SIEM a nine.

As for maintenance required with SentinelOne Singularity AI SIEM, I would say it is even easier than the base product because you do not really onboard new data sources that often. If I put it into times a year, I would say it might be twice a year-ish that you need to do maintenance work essentially. Of course, if you want to add new detections or anything, that can be whenever, but I would not really consider that maintenance.

For others looking to implement SentinelOne Singularity AI SIEM, I would recommend starting with a proof of concept. Of course, with a SIEM that is a bit more effort to fully onboard, you might want to get an in-depth demonstration first and see if it meets your needs. Even before the demonstration, ask yourself what you even expect of a SIEM and what points you want from the solution. Once you are in the presentation, you will realize that those can very easily be met and completed with SentinelOne.

In comparison, I would assess SentinelOne Singularity AI SIEM favorably to other solutions or vendors such as Splunk, Microsoft, Hunters, Anomali, and Graylog. The nice part about it as well is that you can use AI SIEM standalone. However, the big advantage in my opinion comes from using it with the EDR. If you do that, you just have one of the main issues of SIEMs completely taken care of.

That being the data from the endpoints, in modern SIEMs, you have roughly 80 to 90% of the data is endpoint data. In other SIEMs, you have to pay for those and pay for every bit of data that you put in. With SentinelOne, if it is from the endpoint, you natively have that data and you do not have to pay extra for that, and it is just additional data on top of that. Additionally, combining that with the ability to have all the data in a single data lake means you do not need to use multiple data stores. It is using an open source data format, which is awesome.

My impression of the AI-driven threat detection capabilities of SentinelOne Singularity AI SIEM is great. I am really looking forward to the upcoming feature with agentic incident investigation. If that is actually capable of autonomously investigating incidents across multiple data sources, for example, not just from SentinelOne, it will be transformative. The example I heard recently was an employee of the company opening a normal ticket just stating that their VPN connection is not working. That ticket is also made available to SentinelOne and it will then investigate what is going on with that. In the end, it turned out that this was actually an attack and that employee's VPN connection was hijacked. I am really looking forward to that feature, though it is not here yet, but even right now, it is great.

In terms of assessing the efficiency of SentinelOne Singularity AI SIEM in improving response time to sophisticated threats, you very quickly get an overview of all data and data related to the incident. Even if there is no active incident, you can very quickly get all related information due to the Storylines and Purple AI.

SentinelOne's AI-driven analytics have affected our SOC abilities to reduce false positives, and I would say roughly about 80%.

I would rate this solution a 10 overall.