For us, the use case is primarily to analyze security events that are coming in and also events that are kept over a period of time, to track and use it for investigation and maybe analysis, sometimes even forensics.
External reviews
2 reviews
from
External reviews are not included in the AWS star rating for the product.
Advanced AI-driven monitoring has strengthened investigations and now prioritizes critical threats
What is our primary use case?
What is most valuable?
SentinelOne Singularity AI SIEM improves my response time to sophisticated threats in two ways: it helps me to identify which ones I need to act on, which means I am not wasting time on the things I do not need to worry about or can be a lower priority. In that respect, it helps me to prioritize and act on what needs to be acted on first, so it brings it to the surface faster.
Regarding AI-driven threat detection capabilities, I have a positive impression; when it is working very well, I do not really know if it is working, but when it does not work and if I have been hit by something, then I know it did not work. My SOC team seems to be utilizing it fully, and we have been kept secure and without any breach, which I think is probably the only proof we can give. The number of events and logs that it detects is numerous and very high, so it is doing its job. Fingers crossed, we do not have anything to report where we find that we have been broken into.
SentinelOne Singularity AI SIEM's AI-powered analytics does affect our SOC's ability to reduce false positives; that is one of the biggest advantages because the manpower that I have is limited. The tool should be able to do a lot more of the first-level analysis, and what is flagged up for the man in the middle or the man to act on should be things that really need validation, meaning it has been correlated properly and brought up for visibility and action. In this manner, it is actually helping us to protect our security operations very effectively.
It does affect my efficiency in investigating alerts and responding to incidents; we have gone to the point of using SentinelOne Singularity AI SIEM now, and our SOC is mainly dependent on SentinelOne Singularity AI SIEM. That is becoming the foundation on which all these activities and tasks are being run, and when it is all coming together, we are seeing that it is far more effective. I hope it stays that way.
What needs improvement?
I would not say there is anything that could be better in SentinelOne Singularity AI SIEM; I think we have seen something unique in the product. This product has the potential to add more SOC functionality on top of its SIEM, which can automate a few more things because I have the information there. I need to do what I would call security agents or agentic AI to be built on top; it can take care of a lot more analysis and actions. Maybe licensing cost can also be looked at and reduced.
We are still to see the automated feature work a little bit more; we are not really using it to the full extent.
For how long have I used the solution?
With SentinelOne Singularity AI SIEM, I have been dealing with this product for under a year, at seven or eight months now.
What do I think about the stability of the solution?
There has been no issue with stability; it was perfectly fine.
What do I think about the scalability of the solution?
Scaling out, we did not face an issue because we are always looking to see where we are deploying it and what the coverage is, so no challenges are seen there.
How are customer service and support?
I am happy with the technical team of SentinelOne Singularity AI SIEM; they are pretty good. I would rate the technical support as eight to nine.
How was the initial setup?
The deployment process was straightforward; we did not face any challenges in that.
What about the implementation team?
It was largely done by my in-house team; I have a fairly competent in-house team. We did have a partner through whom we procured the product, so they were available on standby, but even more than the partner, I think the SentinelOne Singularity AI SIEM technical team was also available to us. Their guidance was good enough.
What was our ROI?
In terms of ROI, it is hard to justify; the good thing is if there is a cost to an incident, I think we are protected. If we are not having any incidents, then it is doing its job, but I am not able to convince people about it. Overall, my perspective should be about my security budget in this space, how it benchmarks, and from that perspective, how the metrics are showing. If I am spending more compared to my peers in this space and the value that I am getting is the same as what they are getting, then I am probably overpaying. However, if I am in the middle of the park kind of range, then it is probably optimally priced. At the moment, I feel the pricing is a little bit on the higher side, but the tool is positioned in a place where risk is very high, and we do not want to take chances, so we are prepared to pay the premium.
Which other solutions did I evaluate?
We have looked at other XDR products, but the strength of SentinelOne Singularity AI SIEM's SIEM, their logs, the event log capture part, which can also take in logs from other non-SentinelOne entities, stands out as quite unique. The automation that is possible on the AI platform adds to that as well. When your footprint is all on SentinelOne Singularity AI SIEM in terms of VDR, then adding to that the same from the same suite is going to be helpful. At the moment, I see them as leading in their spaces.
What other advice do I have?
I assess the overall security posture of the company after implementation as positive; I see a big impact on that. I would rate this review as an overall eight.
Which deployment model are you using for this solution?
On-premises
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
AI-driven workflows have transformed incident response speed and reduced false positives
What is our primary use case?
I use SentinelOne Singularity AI SIEM for endpoint security, including EDR and SIEM-based monitoring, as well as for XDR. I monitor endpoints for security reasons and receive alerts when suspicious or malicious activity is detected. When I find anything suspicious or malicious, I investigate it further.
What is most valuable?
I particularly appreciate a feature called Purple AI, which is an AI-based tool that allows us to fetch logs and investigate through a single prompt. It is useful for providing a brief summary of what has happened without needing to review logs in detail. Through this AI capability, we can understand exactly what has been occurring.
There is significant automation we can implement through a feature called hyper-automation. We can automate workflows easily using a drag and drop interface, rather than writing scripts. This makes automation in SentinelOne very straightforward.
I would say the quality is top-notch. It provides perfect summaries, has reduced our response time, and helps us reduce false positives. We receive mostly true positive alerts and do not need to write additional detection rules. SentinelOne Singularity AI SIEM can detect new sophisticated threats and zero-day attacks on its own without requiring rules from us. This automated detection capability is something I truly appreciate.
What needs improvement?
SentinelOne Singularity AI SIEM has some performance and reliability issues that need improvement. The interface flickers frequently, and sometimes it does not load properly. When this happens, we have to log out and log back in, or refresh the page before we can see the alerts. Sometimes the interface will be blank. These performance and reliability issues need to be addressed.
For how long have I used the solution?
I have been using SentinelOne Singularity AI SIEM for more than one year.
What do I think about the stability of the solution?
I would rate the stability at six out of ten.
What do I think about the scalability of the solution?
I would rate scalability at seven out of ten. SentinelOne Singularity AI SIEM handles a large environment fairly smoothly and works well. The performance depends on the configuration. If it is properly configured, it works well for large environments as well.
How are customer service and support?
I would rate the technical support at eight out of ten. SentinelOne Singularity AI SIEM has AI-based technical support available. When we have questions or require documentation, we receive it promptly. The support is good.
Which solution did I use previously and why did I switch?
Compared to other tools we have used, such as Sumo Logic, Splunk, and CrowdStrike, those solutions do not have as much AI capability. After using SentinelOne Singularity AI SIEM, it has reduced our incident response time by forty to fifty percent compared to other tools.
What was our ROI?
SentinelOne Singularity AI SIEM has reduced our response time to true positive alerts by approximately forty percent through automation. For false positive reduction, it has decreased our false positive rate by fifty percent.
Which other solutions did I evaluate?
I can appreciate SentinelOne Singularity AI SIEM primarily for its AI capability. For this reason, we switched to SentinelOne Singularity AI SIEM. It has behavioral AI plus machine learning that has been integrated. We chose SentinelOne Singularity AI SIEM mainly because of its AI capability. It is a unified platform that provides a unified view of security alerts without requiring us to look at other data sources or switch between different tools. This has reduced the time required for faster detection and response.
What other advice do I have?
I would recommend SentinelOne Singularity AI SIEM to other users. Most tools do not have the same level of AI capability. SentinelOne Singularity AI SIEM has Purple AI and hyper-automation features that I can suggest to other users based on these capabilities.
SentinelOne Singularity AI SIEM has improved our SOC's efficiency in investigating alerts and responding to incidents through its AI capability. It provides us a unified view of entire alerts. We do not need to go to other data sources to understand what happened. It connects all the dots and gives us a unified alert view without requiring us to navigate to other tabs. We can see what happened from start to end. Cybersecurity and hacker tactics are constantly evolving, and we are seeing many sophisticated attacks nowadays. SentinelOne Singularity AI SIEM detects these attacks by itself without needing predefined rules, using machine learning and behavioral baselines to detect anomalies and trigger alerts. Additionally, Purple AI automatically provides a summary of incidents explaining what has happened in simple terms without requiring deep investigation into alerts or logs. This explanation of what was abused helps us make faster decisions about whether an incident is truly a threat or a false positive alert.
SentinelOne Singularity AI SIEM has significantly impacted our security tasks and reduced manual effort. We have requirements from clients we provide services for regarding particular alerts or unreported data. We can automate notifications to the customer when these conditions occur without manually creating a ticket. SentinelOne Singularity AI SIEM can automatically notify the user. We also use it for responding to alerts. In some cases, we need to disconnect an endpoint from the network to prevent malicious activity from spreading. We use hyper-automation to automatically disconnect endpoints or remove malicious files if they are present on an endpoint.
I give this product an overall rating of eight out of ten.
showing 1 - 2