Agent Mode
English

SentinelOne Singularity Platform

SentinelOne

Reviews from AWS customer

31 AWS reviews

External reviews

329 reviews
from and

External reviews are not included in the AWS star rating for the product.

    Kristina Davis

Automated protection has reduced our cyber risk and now supports our cyber insurance coverage

  • May 10, 2026
  • Review provided by PeerSpot

What is our primary use case?

We use SentinelOne Singularity because we didn't have a strong cybersecurity platform, and I wanted to make sure that my company wasn't going to be vulnerable to cyber-attacks. I also wanted to make sure that it was user-friendly, so it didn't have to have an end user that was managing everything. I saw that AI actually manages everything for you, so it's super user-friendly.

SentinelOne Singularity's interoperability with other solutions or third-party applications seems to flow nicely.

SentinelOne Singularity handles ingesting and correlating across the security solutions without me having any problems.

What is most valuable?

The most valuable feature of SentinelOne Singularity is that it's automated. The AI is constantly working in the background, tracking and blocking cybercriminals or bad actors.

SentinelOne Singularity saves me time every day that I use it, as it is easy to manage and easy to install.

SentinelOne Singularity has improved my organization overall by allowing us to get cybersecurity insurance, which I think is very hard to get. We have coupled SentinelOne Singularity with some other cyber platform, and now we are insured as well.

SentinelOne Singularity is super easy for scalability; we are constantly adding more computers and users, and it's compatible with everything else that we're using.

What needs improvement?

When sending out new updates, you have to figure out which one is the right one, so it would be easier if they committed to that, because when you're sitting out updates, there are different names and something different, making it tricky to figure out which one is compatible with your program or company.

For how long have I used the solution?

I have been using SentinelOne Singularity for probably three years now.

What do I think about the stability of the solution?

I haven't had any issues with SentinelOne Singularity regarding stability, such as lagging, crashing, or downtime.

How are customer service and support?

Their technical support is very responsive, helpful, and knowledgeable.

On a scale of one to ten, I would give their support a ten.

Which solution did I use previously and why did I switch?

I have a very positive impression of SentinelOne Singularity as a strategic security partner, and I'm very happy with the product. I plan on keeping it because we had another product that wasn't easy or user-friendly, and we ended up not renewing that, while we plan on renewing SentinelOne Singularity every year.

How was the initial setup?

In my opinion, it was super easy and straightforward.

We did the deployment all by ourselves in-house.

What about the implementation team?

I was involved in the deployment.

What was our ROI?

The return on investment I've seen from SentinelOne Singularity is huge because we now have cyber insurance, and our workload is less. We don't have to pay the price we were paying for a whole IT company for computers and malware solutions since we are saving money ultimately.

What other advice do I have?

I have never tried using Ranger.

My mean time to detect is eighty percent.

The meantime to respond is the same story.

My organizational risk has been reduced.

I am having a really good experience with SentinelOne Singularity, so I can't say there's anything they can improve because I'm not having any problems. Even if I have an issue, they're super responsive.

I think SentinelOne Singularity's pricing or licensing is very comparable and competitive.

SentinelOne Singularity requires maintenance on my end, such as making sure to send out any new agent updates quickly.

On a scale of one to ten, I would give SentinelOne Singularity an overall score of ten.

I would advise others evaluating SentinelOne Singularity that if they're looking for something simple, user-friendly, and that stays up to date with what's happening, this is the product for you.

    Vedant Shetty

Automated endpoint protection has improved real-time threat detection and simplified compliance

  • May 05, 2026
  • Review provided by PeerSpot

What is our primary use case?

In my previous office, we used SentinelOne Singularity Endpoint for endpoint detection and response purposes. We deployed the SentinelOne Singularity Endpoint agent on our clients, client servers, desktops, laptops, and all other endpoints. We deployed those for monitoring and compliance purposes to secure those endpoints for security purposes.

What is most valuable?

In SentinelOne Singularity Endpoint, the fast response and detection it offers are what I appreciate the most. The biggest benefit I feel as a customer is that it is fully automated with threat detection capabilities. We just have to deploy the agents and we are good to go. There are already default use cases included with the product, so we do not have to customize the use cases every time in SentinelOne Singularity Endpoint. We just deploy the agent and as it is fully automated, we are good to go for threat detection.

Although it is a disadvantage, the false positive alerts generated by SentinelOne Singularity Endpoint is substantial, but if it is handled properly and the use cases are properly mapped with MITRE techniques and tactics, then I feel that the false positive alerts can be reduced to more true positive alerts.

SentinelOne Singularity Endpoint detects alerts in real-time. It has both static and dynamic types of detection. We do not have to wait for detection. It is much more secure because it is detecting alerts in real-time scenarios and does not take any extra time so that the SLA of our client can remain valid. Because it detects in real-time, it is much more secure.

What needs improvement?

As a user, I personally feel that in SentinelOne Singularity Endpoint, the customized dashboard could be improved. We were not able to create a customized dashboard in it. The default dashboards were only present and we were not able to customize anything. I think that could be improved. The resource consumption, such as high CPU and disk usage, can also be a downward factor.

Ranger functionality was present for SentinelOne Singularity Endpoint, but in our organization, that Ranger functionality was disabled.

What do I think about the stability of the solution?

I have never seen any downtime in SentinelOne Singularity Endpoint.

What do I think about the scalability of the solution?

SentinelOne Singularity Endpoint is scalable. We can scale up and scale down the number of endpoints we need depending upon the requirement. It is very scalable-friendly.

How are customer service and support?

For SentinelOne Singularity Endpoint, we get in touch with technical support because there have been multiple scenarios when we have to stay connected when we have no clue what we need to do. As the client has multiple requests, there are times when we just raise the query to customer support and they respond to us very quickly. There have been no issues, I feel. We have always been in touch with customer support and they reply to us on the same day. I have noticed this multiple times. Whenever we feel we do not know what to do, what to respond to the client, or how to do a particular thing, then customer support does help us multiple times.

The support of SentinelOne Singularity Endpoint deserves a rating of ten out of ten.

Which solution did I use previously and why did I switch?

We have used multiple alternatives. We have used CrowdStrike as well for XDR. Let me talk about other environments. We have used the same platforms and other platforms such as Splunk as well. For XDR, I have used CrowdStrike and SentinelOne Singularity Endpoint.

How was the initial setup?

I have not worked on integration, but I do know that the initial setup of SentinelOne Singularity Endpoint is very straightforward and very easy to do. All we need to do is set up the tenant, create the page file, and once we install it, it automatically connects within an hour. We just have to deploy the agent on whatever the server, desktop, laptop, or whatever the endpoint is.

What about the implementation team?

We worked as an MSSP, so we worked as a service provider. We provide services to multiple clients. Clients come and they go. The integration part happens, then we have to decommission it. There are several factors related to whether SentinelOne Singularity Endpoint was already deployed or when it was deployed.

What was our ROI?

For maintenance in SentinelOne Singularity Endpoint, we have to stay connected with the OEM in perspective of the version upgrade to stay up to date. The only thing is version updates. If there is any new update, then we have to stay updated.

What's my experience with pricing, setup cost, and licensing?

I cannot say exactly, but I can guess the pricing model for SentinelOne Singularity Endpoint. We have heard about the pricing model. While we were working on a client, our manager sent a proposed email to the client at that time. We saw how they were costing. They were costing on a per-device basis. Based on how many endpoints the client needs, they were charging per endpoint.

What other advice do I have?

Comparing SentinelOne Singularty Endpoint with other XDR solutions, the first thing is that it is easier to understand with a user-friendly interface. When we log in as a user, it is very user-friendly with sections for Threat, Incident, and Admin. The UI is very user-friendly. SentinelOne Singularity Endpoint is reliable and can be relied upon for security purposes to secure our systems. That would be a major factor comparing it with other products.

I have used the Purple AI feature in SentinelOne Singularity Endpoint for quite some time.

I feel data security is a very big factor when we talk about reliability and trust issues in terms of Purple AI. Nowadays, there are different LLMs such as Claude and ChatGPT, but reliability is the most competing factor. The Purple AI feature in SentinelOne Singularity Endpoint makes it reliable because we do not have to search for IOCs outside our environment by going to other large language models. Through Purple AI only, we can get recent IOCs and vulnerabilities circulating around. Purple AI does help us for reliability and integrity of our data.

I would rate this product nine out of ten overall.

    Chetan Gaonkar

Endpoint protection has cut alerts and detection time while streamlining ransomware response

  • April 30, 2026
  • Review provided by PeerSpot

What is our primary use case?

SentinelOne Singularity Endpoint's main use case is that it includes EDR, XDR, and NGSM. SentinelOne Singularity Complete has the ability to ingest and correlate across security solutions extensively. It functions as an EDR, XDR, and MDR mix with Purple AI and NGSM real-time monitoring tools.

Ranger functionality is a network discovery and control feature. Its primary role is to identify and manage unmanaged devices on the network. It detects devices in our network, ingests logs from network sources, and captures threat metrics, including IOCs. Ranger functionality is effective for identifying rogue devices in our network.

What is most valuable?

What I appreciate most about SentinelOne Singularity Endpoint is the fastest response of EDR and the rollback VSS capability. The rollback feature is my top preference, followed by the fastest response from the EDR side.

SentinelOne has helped reduce alerts for us by almost 50%. Before implementing SentinelOne Singularity, my colleague told me that we were using an AV, but I do not have knowledge about which AV we were using. After using SentinelOne Singularity platform, the time has reduced by 50%.

There is up to 30 to 40% mean time reduction in MTTD.

For mean time to resolve, whenever we get the alert from the console, we integrate SentinelOne Singularity with a sub-console, so it raises the alert within five minutes.

What needs improvement?

For SentinelOne Singularity Endpoint, the first issue I dislike is the high CPU utilization, and the second is a very high number of false positive alerts from the EDR.

Data security is very important in today's organizations when using Purple AI with endpoints in the SentinelOne Singularity network and applications everywhere. However, SentinelOne Singularity does not have strong features for data security. Purple AI is used to find IOCs, hashes, zero-day vulnerabilities, or CVEs found in the network. We use it for that purpose only. From a data security perspective, SentinelOne Singularity does not have a major role. With Purple AI, we ask questions about an IOC or provide a query and receive answers from Purple AI, but that is the extent of its functionality.

For how long have I used the solution?

I have been working with this solution for eight months.

What do I think about the stability of the solution?

SentinelOne Singularity Endpoint protection runs continuously. I heard news about one or two years ago that CrowdStrike had a blue screen issue, but I have not heard any news about SentinelOne lagging or crashing. I have been using it for the last eight months with no issues from the Singularity application.

What do I think about the scalability of the solution?

Scalability with SentinelOne depends on your organization and how many licenses you have. I am a co-worker of Softcell, and we have a license for 7,000 to 8,000 endpoints. Currently, we have only 6,000 endpoints implemented for our customers and for our use only. Scalability-wise, it is very scalable and depends on how many licenses your organization has purchased from SentinelOne.

How are customer service and support?

Support is very important for SentinelOne Singularity Endpoint. Because it is a SaaS product, whenever we get stuck, we require a TAC team or support team. For instance, two days ago, one of our customers was hit by a ransomware attack. We required the support team to help us with root cause analysis to find out why the ransomware entered our client's organization. The support team helped us all night, standing with our customer while providing support to us. Support is very important for SentinelOne, and the TAC team is essential.

If I were to rate the support on a scale from one to ten, I would give it a nine. Support is important for us.

Which solution did I use previously and why did I switch?

Before SentinelOne Singularity Endpoint, I used an AV, but I do not have knowledge about which AV it was.

How was the initial setup?

SentinelOne Singularity Endpoint's initial deployment is very easy. I have eight months of experience with it and take on some admin responsibilities. We have to set up the tenant, though I do not have access to do so. I am downloading the packages during our initial deployment. Downloading the packages and installing them is very easy. We just require the site token from the management console. For our organization's pilot deployment, I downloaded some SentinelOne Singularity Endpoint packages on laptops. With eight months of experience as a fresher, I can install the endpoints on laptops. The initial setup is very straightforward.

Which other solutions did I evaluate?

I have not used any alternatives to SentinelOne Singularity Endpoint. I have knowledge of other solutions, but I am using SentinelOne for the first time. Before this company, I was a college student, so this is my first company and my first tool.

What other advice do I have?

SentinelOne Singularity Endpoint has helped reduce alerts for us by almost 50%. Before implementing it, my colleague told me that we were using an AV, but I do not have knowledge about which AV it was. After using SentinelOne Singularity platform, the time has reduced by 50%.

There is up to 30 to 40% mean time reduction in MTTD.

For mean time to resolve, whenever we get the alert from the console, we integrate SentinelOne Singularity with a sub-console, so it raises the alert within five minutes.

I would rate this solution a 9 out of 10 overall.

    SameerJadhav

Automated defenses have reduced alert noise and enable rapid rollback from ransomware attacks

  • April 30, 2026
  • Review from a verified AWS customer

What is our primary use case?

My use case for SentinelOne Singularity Endpoint is endpoint security to detect, prevent, and respond to cyber threats in real time using AI, which includes Purple AI, behavior analysis, and additionally, NG-SIEM, EDR, and XDR, which is a combination of EDR and XDR.

What is most valuable?

The best feature of SentinelOne Singularity Endpoint that I appreciate the most is the rollback feature, because just yesterday, we had a ransomware incident for one customer, and we were able to protect our customer through the rollback feature.

Another aspect of SentinelOne Singularity Endpoint that I appreciate is the automation; they have added Purple AI and created a new dashboard for XDR that works very well with Purple AI and NG-SIEM. SentinelOne Singularity Endpoint consolidates security features effectively through the rollback feature.

SentinelOne Singularity Endpoint helps reduce alerts by approximately 40%, as it streamlines the analysis process for alerts we receive. It helps free up about 70 to 80% of our time when managing alerts.

The mean time to respond with SentinelOne Singularity Endpoint is reduced by about 30%. When we receive alerts, we can raise them within 10 minutes, and the SLA from our side is one hour.

Purple AI helps with data privacy and security by efficiently retrieving IOCs in our organization and network, allowing us to quickly query and identify vulnerabilities. Regarding threat investigations, Purple AI significantly aids in our forensic processes; for instance, it recently helped us track down a ransomware attack to its source in a customer's network.

What needs improvement?

In terms of improvements for SentinelOne Singularity Endpoint, the dashboard is complex for new users, and there are a lot of false positive alerts, particularly from genuine EXE files.

For how long have I used the solution?

I have been using SentinelOne Singularity Endpoint for 2.6 years.

What do I think about the stability of the solution?

The stability of SentinelOne Singularity Endpoint is very high; I would rate it 9 to 10 for EDR.

What do I think about the scalability of the solution?

The scalability of SentinelOne Singularity Endpoint can be substantial, allowing for up to 15,000 to 20,000 endpoints for one management console, depending on the organization's relationship with customers. I rate the scalability of SentinelOne Singularity Endpoint as 9 out of 10.

How are customer service and support?

I rate the technical support for SentinelOne Singularity Endpoint as 8 out of 10.

Which solution did I use previously and why did I switch?

We work with SentinelOne and PingPlotter.

How was the initial setup?

The deployment of SentinelOne Singularity Endpoint is very easy, as we only need to create a tenant in our management console and can deploy endpoints to numerous devices within two to three days.

What about the implementation team?

We have about 30 to 40 people working with SentinelOne Singularity Endpoint in our SOC and MDR teams.

What was our ROI?

SentinelOne Singularity Endpoint helps reduce alerts by approximately 40%, as it streamlines the analysis process for alerts we receive. It helps free up about 70 to 80% of our time when managing alerts.

What's my experience with pricing, setup cost, and licensing?

Regarding pricing, I find SentinelOne Singularity Endpoint to be very affordable, at around $12 to $15, as indicated by my manager.

Which other solutions did I evaluate?

SentinelOne Singularity Endpoint seamlessly ingests logs from various other technologies besides SentinelOne EDR platform, integrating with server firewalls. As a SOAR analyst, I have integrated SentinelOne with Shuffle SOAR technology and Wazuh into Level 40's NG-SIEM.

What other advice do I have?

I do not have access to the Ranger functionality because our organization did not purchase it from SentinelOne, but we are planning to buy it next financial year.

I work with Purple AI for our internal use, not for customer use, as we have an NFR set up.

I do not have much knowledge about comparing SentinelOne Singularity Endpoint with other products or vendors since we have primarily used SentinelOne along with PingPlotter.

SentinelOne Singularity Endpoint does not require much maintenance; we just need to upgrade the agent to ensure we receive support from the TAC team.

I will definitely recommend SentinelOne Singularity Endpoint to other organizations, emphasizing the importance of training the SOC team and potential integrations for maximum effectiveness. Our clients using SentinelOne Singularity Endpoint are medium and enterprise businesses. I rate this review overall as a 9.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)

    Viral S.

Autonomous Protection, Robust Security for Energy-Critical Systems

  • April 28, 2026
  • Review provided by G2

What do you like best about the product?
I really appreciate how autonomous and intuitive SentinelOne Singularity Endpoint is. It excels at detecting and responding to threats in real-time without the need for constant tuning or manual intervention. The storyline feature is fantastic, making investigations clear by showing exactly how events unfolded across an endpoint. The combination with MDR services feels like having an always-on extension of our security team that catches issues early, provides high-quality analysis, and gives us confidence that our critical energy sector systems are protected without adding unnecessary operational overhead. I also love how lightweight and stable the agent is across our environment. Even with a large number of endpoints, SentinelOne runs quietly in the background without causing performance issues.
What do you dislike about the product?
One area that could be improved with SentinelOne Singularity Endpoint is the overall usability and responsiveness of the management console, which can feel slow or occasionally unintuitive when navigating large data sets or drilling into detailed event timelines. Reporting is another place where there's room for enhancement. None of these are deal-breakers, but smoothing them out would make an already strong platform even more efficient for day to day operations.
What problems is the product solving and how is that benefiting you?
I depend on SentinelOne Singularity Endpoint for real-time, autonomous protection against threats. It streamlines investigations and reduces manual workload, helping secure systems without slowing day-to-day operations.

    Marcelo Simoes

Unified security platform has improved threat visibility and supports swift incident response

  • April 27, 2026
  • Review provided by PeerSpot

What is our primary use case?

My main use case for SentinelOne Singularity Endpoint is the implementation inside of IT Brazil for around 100 users.

I use SentinelOne Singularity Endpoint day-to-day by having a team look at its platform to monitor our equipment and environment, and we also use it to block USB ports, which are the main uses here in Brazil.

Our team relies on SentinelOne Singularity Endpoint for both threat detection and response, though it does not happen very frequently. We keep our eyes on the application within the platform, and when it occurs, we connect SentinelOne Singularity Endpoint with our ITSM in the cloud.

SentinelOne Singularity Endpoint supports our operations as we are using the platform for control.

What is most valuable?

The best features that SentinelOne Singularity Endpoint offers include the ability to see the path of how malware contaminates equipment, allowing me to follow the entire path to mitigate problems.

This visibility helps my team by being very useful when we talk about threats; we can see the complete path from the start of a malware attempt, and we can run a remote search tool, making it very useful.

The API integration is very helpful for our platforms, including the ITSM I mentioned earlier, and I believe the API connection between platforms is very useful.

SentinelOne Singularity Endpoint has positively impacted my organization through the ease of use of the tool and the protection that it provides.

When I mention the protection that comes with using SentinelOne Singularity Endpoint, I find that the ease of detection is very fast in our platform, especially in our ITSM. We enter the SentinelOne Singularity Endpoint platform and search for anything related to malware directly on the computers, ensuring that nothing passes through SentinelOne Singularity Endpoint EDR.

What needs improvement?

Currently, I have nothing to suggest for improvements to SentinelOne Singularity Endpoint; we are very happy with the tool.

If I had to imagine one thing that could enhance my experience with SSentinelOne Singularity Endpoint, I would pick an easier way to view or follow the XDR platform, as I had some difficulties with it in the past.

I think that training would be beneficial for using the XDR, as we have a lot of information available there.

For how long have I used the solution?

I have been using SentinelOne Singularity Endpoint for two years.

What do I think about the stability of the solution?

SentinelOne Singularity Endpoint is stable.

What do I think about the scalability of the solution?

Scaling within SentinelOne Singularity Endpoint is very easy; if we acquire more licenses, the platform automatically distributes them to our equipment.

How are customer service and support?

Customer support is very good; we opened a few tickets in the last month and received everything we needed from the support team.

Which solution did I use previously and why did I switch?

We previously used Microsoft Defender and switched because it is not an advanced EDR, leading us to change to SentinelOne Singularity Endpoint.

Before selecting SentinelOne Singularity Endpoint, we evaluated other options such as Sophos and CrowdStrike, finding CrowdStrike to be very expensive and Sophos not meeting our requirements.

What was our ROI?

I believe we have seen a return on investment, particularly in terms of money saved compared to another tool.

What's my experience with pricing, setup cost, and licensing?

My experience with pricing, setup cost, and licensing is good; the setup is very easy, and the license is per equipment, so it feels fair.

One noticeable benefit is that SentinelOne Singularity Endpoint is cheaper than other tools available in the market.

What other advice do I have?

I do not have anything else to add about my main use case or how SentinelOne Singularity Endpoint fits into my workflow.

The unified platform experience certainly helps streamline our security operations, making things easier for my team.

In terms of adaptability to new and unknown threats, I believe SentinelOne Singularity Endpoint is the tool I have used the most, and while I cannot compare right now since I have only used CrowdStrike once, I find SentinelOne Singularity Endpoint easier to use than CrowdStrike.

I was not aware of the possibility to use an Offensive Security Engine, but I will seek more information on it.

Having built-in integrations that unify various aspects of cloud security is very significant for my team, as it makes everything easier to manage.

I advise others looking into SentinelOne Singularity Endpoint to check the ease of usage of the tool, as the platform is very helpful and the protection it provides is truly exceptional. I have given this review a rating of 10.

    Shubham Tiwari

Automation has cut alert fatigue and response time while AI-driven analysis finds threats faster

  • April 27, 2026
  • Review from a verified AWS customer

What is our primary use case?

The main use case for SentinelOne Singularity Endpoint includes EDR, XDR, and ingest SIM, which means SentinelOne Singularity Endpoint has the ability to ingest and correlate across security solutions extensively. It is a real-time, AI-based behavior analysis tool.

How has it helped my organization?

SentinelOne Singularity Endpoint has been reducing the alerts from our side, basically reducing our time to raise the alert to the client because we are an MSSP provider. We are Softcell technology, an MSSP provider. We have integrated SentinelOne Singularity Endpoint with SOAR technology, and whenever an alert comes, the alert is raised directly through SOAR technology within five seconds. The SLA is within five minutes for raising the alerts.

The time saved is around 30%. For the mean time to detect, it is around 20%. For the mean time to respond, it is around 50%.

What is most valuable?

The first best feature is the fast response and automated response, and the second one is the rollback capability that VSS in Windows. Those are the two best features I can say I like.

SentinelOne Singularity Endpoint seamlessly ingests the logs from various other technologies besides the SentinelOne Singularity Endpoint EDR platform. We have integrated various firewalls, and we also integrate with AWS and GCP, which is seamless. There are other solutions we can integrate with SentinelOne Singularity Endpoint, including Shuffle SOAR technology, Wazir Sentinel and FortiSIEM.

I cannot confirm because I do not have that access as I am an L1 analyst with only read-only access. However, Ranger in SentinelOne Singularity Endpoint is the network discovery and control feature, and its primary role is to identify and manage unmanaged devices, such as identifying the rogue devices in our network. It ingests the logs from network sources and captures any threat metrics, including IOC.

What needs improvement?

The first improvement is the dashboard because it is very complex. As a beginner-friendly SOC analyst or MDR analyst, the dashboard is a bit complex, so the dashboard needs to be more user-friendly. The second improvement is the VSS rollback feature, which is useful only for Windows laptops and servers, not for macOS and Linux. The third improvement is the policy management complexity; the policy is very complex in SentinelOne Singularity Endpoint, and we have to apply each and every policy for each endpoint. We have to create different groups for different policies, such as USB-based and Bluetooth-based.

For how long have I used the solution?

I have been using SentinelOne Singularity Endpoint for one year.

What do I think about the stability of the solution?

SentinelOne Singularity Endpoint is continuously running whenever our laptop is on or the server is on. It is continuously working, and I do not find any disturbance while using SentinelOne Singularity Endpoint. Unlike in CrowdStrike, we see blue screen issues, but I do not see any such issues in SentinelOne Singularity Endpoint. Stability-wise, it is good for us. I would give it 10 out of 10 for stability.

What do I think about the scalability of the solution?

SentinelOne Singularity Endpoint can be scalable up to 10,000 or 15,000 endpoints, depending on your organization. We have already scaled to over 6,000 endpoints in one management console, so it depends on your organization how much you want to scale.

How are customer service and support?

My rating for technical support is 9 out of 10.

Which solution did I use previously and why did I switch?

We have been using CrowdStrike for the last month. Compared to CrowdStrike, Charter AI, and the Purple AI, SentinelOne Singularity Endpoint is very easy. I just have to put the question in SentinelOne Singularity Endpoint; I want that IOC or that event ID. I can input the event ID and search for any Windows issue or find any malicious file using Purple AI compared to CrowdStrike. For someone who is a beginner, I would recommend SentinelOne Singularity Endpoint over CrowdStrike.

Compared to other vendors, SentinelOne Singularity Endpoint is not very expensive and it is good. I do not have extensive knowledge about other vendors, but just a month ago we were using CrowdStrike also. After comparing both CrowdStrike and SentinelOne Singularity Endpoint, SentinelOne Singularity Endpoint is better because the UI and dashboard in CrowdStrike are very complex. For a beginner, SentinelOne Singularity Endpoint is very beneficial.

How was the initial setup?

We actually deploy it on the cloud; we deploy on public cloud because we have a partnership with Amazon Web Service, AWS, so we have implemented it on the public cloud. The deployment is very easy. We just have to create a tenant, create, and download the package file. The setup is straightforward, and I can also do that setup because I can handle admin tasks.

What about the implementation team?

Two weeks is enough for deployment because we have over 6,000 endpoints as an MSSP provider. Two weeks is sufficient for deploying to every customer. It is very easy.

What was our ROI?

We do not have to calculate the investment because the major factor is to save our organization and our customer organization. I can say just go for SentinelOne Singularity Endpoint, it is the best investment, so do not look at the price and go for it.

What's my experience with pricing, setup cost, and licensing?

It will be moderate, compared to CrowdStrike. Based on my knowledge about our organization, it is costing around 11 to 12 dollars per endpoint for our customers, so compared to CrowdStrike, it is moderate or cheap for us.

What other advice do I have?

Purple AI is a tool I have used because we have the analyst access. I had limited access to Purple AI, but I have used it for finding the IOC in our networks and our customers' networks. It is a co-pilot feature where I can use a pull-down menu to identify based on the present IOC. The retrieve time is very fast, and we get the answer within five to ten seconds. We have IOC, zero-day vulnerability, or any other hashes present in our network.

Because I am an L1 analyst, we have a forensic analyst team also, and they are using Purple AI. This tool is very helpful for our forensic team.

SentinelOne Singularity Endpoint is reducing our time because we do not have that access to Purple AI. SentinelOne Singularity Endpoint is reducing our time to find the IOC in the organization. I gave this review an overall rating of 10 out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)

    PriyanshuSingh

Deep visibility and AI-driven rules have strengthened endpoint threat detection and response

  • April 27, 2026
  • Review from a verified AWS customer

What is our primary use case?

My use case is for EDR purposes.

What is most valuable?

According to me, the best feature of SentinelOne Singularity Endpoint is the Deep Visibility. I think it is easy to check what a user is doing and what command is run. You can track this with the help of Deep Visibility.

SentinelOne Singularity Endpoint's ability to ingest and correlate across my security solutions is interesting. First is the Deep Visibility. The second one is a real-time threat you can detect in SentinelOne Singularity Endpoint. Then you can raise the alert to the client within a short period. Another one is Purple AI, which is the best, according to me.

Purple AI helps with my data privacy and security by providing a feature called Star Custom Rules. You can create a Star Custom Rule, and Purple AI is similar to ChatGPT, but it only gives answers specific to SentinelOne Singularity Endpoint. For example, you can create any rule and ask Purple AI, 'Please give me this type of alert query.' Then Purple AI will create a query according to your needs. There are many types of use cases already stored in Purple AI that you can use for your monitoring, and it is better for both your client's environment and our environment as well.

Purple AI plays a crucial role in my team's knowledge by allowing us to create rules that are not created in SentinelOne Singularity Endpoint by default, and it helps to create many types of alerts. For example, you can block any RDP tool such as Anydesk, and you can create such types of rules with the help of Purple AI.

Regarding how much SentinelOne Singularity Endpoint has reduced my alerts, we can say that on a daily basis, we have 8,000 to 9,000 endpoints from multiple clients, and we have triggered 10 to 15 alerts. When you start a full disk scan, the Sentinel scan runs on your machine, and during that time, alerts that are usually not triggered in SentinelOne Singularity Endpoint can be triggered.

The time to detect in SentinelOne Singularity Endpoint is around 15 to 20 minutes, which is when we raise an alert to the client and get confirmation. These alerts involve various EXE types, and we inform the client about these alerts triggered in their machines, allowing them to confirm if it is genuine or not.

What needs improvement?

One area that has room for improvement in SentinelOne Singularity Endpoint is the inability to create a custom dashboard. You cannot create any dashboard according to your needs, which limits alert triggers across different countries. If they improve this feature to allow for custom dashboards, it would greatly benefit our customers.

For how long have I used the solution?

I have been using SentinelOne Singularity Endpoint for the last two years and one month.

What do I think about the stability of the solution?

I rate the stability of SentinelOne Singularity Endpoint as 10 out of 10.

What do I think about the scalability of the solution?

I rate the scalability of SentinelOne Singularity Endpoint as 10 out of 10.

How are customer service and support?

I give SentinelOne technical support a 10 out of 10 because it is the best EDR tool.

Which solution did I use previously and why did I switch?

I have not used any other EDR, but according to me, SentinelOne Singularity Endpoint is the best. We have used CrowdStrike, but only for one and a half months. While CrowdStrike has more functions, it cannot provide visibility the way SentinelOne Singularity Endpoint does. SentinelOne Singularity Endpoint offers many options in a compact format, and its use is better than other EDR tools.

What other advice do I have?

I would recommend SentinelOne Singularity Endpoint to other users because its threat detection and alerting are very quick. We have used CrowdStrike for one and a half months, but SentinelOne Singularity Endpoint triggers alerts much faster. Its compact features allow us to check seven to eight features effectively, and its pricing is lower than other EDR products.

SentinelOne Singularity Endpoint has better pricing compared to other endpoints. CrowdStrike has a high value, but SentinelOne Singularity Endpoint's pricing is easier for any organization to handle.

Regarding maintenance, there is no need for maintenance according to me.

I give this product an overall rating of 10 out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)

    Viral Shaa

Modern endpoint protection has strengthened our security posture and reduces manual workloads

  • April 26, 2026
  • Review provided by PeerSpot

What is our primary use case?

From my IT experience, I have been working with multiple endpoints for about eight to ten years, and specifically with SentinelOne Singularity Endpoint for over four years.

I am a current administrator of SentinelOne Singularity Endpoint, and I have been involved in decision-making from vendor assessment to purchasing and deploying the product to end-users.

For SentinelOne Singularity Endpoint, our main use cases include endpoint patching and updating, whereby we roll out the agent to different operating systems. Overall, our experience with SentinelOne Singularity Endpoint has been very positive; the combination of MDR and endpoint protection significantly strengthens our security posture, especially as we grow as a small to medium business in the energy sector and battery manufacturing. I come from the US Energy sector, which manufactures zinc batteries in the United States and globally, with our headquarters in Pittsburgh, Pennsylvania.

What is most valuable?

The most valuable features of SentinelOne Singularity Endpoint include robust MDR support, autonomous EDR capabilities, real-time detection, rollback, and automatic remediation, which reduce manual workload. The lightweight agent that runs on any endpoint is crucial, and it provides clear visibility in the event of an incident, including a detailed storyline with guidelines for analysts. SentinelOne Singularity Endpoint works with all platforms—Windows, Linux, Mac, and even ARM devices—making it compatible across our devices.

The cross-platform support and ease of deployment make it a great fit for the energy sector, providing scaling from SMB to enterprise-level protection.

Regarding SentinelOne Singularity Endpoint's ability to ingest and correlate across our security solutions, we approach security as a defense-in-depth layer; if one tool misses a detection, others will pick it up. So far, we have not missed any detections, and we have a positive outlook on strengthening our overall security posture with the help of SentinelOne Singularity Endpoint, which reduces manual workload while providing enterprise-level protection, especially since we are a small to medium business with limited resources.

In terms of consolidating our security solutions, I would rate SentinelOne Singularity Endpoint a 9 out of 10 because it meets all our use cases effectively. It provides granular insights into endpoints and comes with feature roadmaps, including AI security analysis that helps us understand the usage of shadow AI in our environment, vulnerabilities, and overall system alerts. This functionality allows us to monitor how many threats were remediated and triggered, significantly enhancing our security posture.

We assessed the Ranger functionality a couple of months ago; we turned it on for a trial and subsequently turned it off. When we activated it, it scanned our network for shadow endpoints without SentinelOne Singularity Endpoint, identifying devices such as printers or scanners. It provided insight into unknown devices on our network and scanned for vulnerabilities, giving us valuable reports through the Singularity dashboard.

For reducing alerts, we need to collaborate with the MDR team to manage false positive alerts. The support from MDR is frequent; once an alert is triggered, they respond within 48 to 72 hours based on criticality. We are pleased with their support, which helps us address false positives. Although we receive more than one hundred alerts, we mark them as false positives to reduce noise. SentinelOne Singularity Endpoint interface is user-friendly, allowing us to manage daily tasks efficiently while maintaining high security without a large team.

Currently, we are managing about 10 to 20 different tasks or projects simultaneously, requiring minimum input from analysts. SentinelOne Singularity Endpoint MDR team provides guidance on handling alerts, helping us maintain a small security team while effectively minimizing the noise created by alerts.

The mean time to detect has significantly improved since implementing SentinelOne Singularity Endpoint from the previous technology we used, which lacked MDR functionality. With higher priority alerts, the response time is swift, enhancing our overall security and asset protection.

The mean time to respond has significantly decreased thanks to the features available, such as isolating compromised servers directly through the UI, which helps prevent the spread of threats on our network effectively.

We have not activated Purple AI yet, but when alerts occur, the guidance provided is helpful, summarizing what triggered the alert and offering steps for analysis. It aids our small team by providing high-level overviews of alerts.

What needs improvement?

To improve SentinelOne Singularity Endpoint, I suggest enhancing the dashboard and reporting functionalities for better customization, making it easier for management to access tailored reports. Also, deeper integration with other tools would streamline daily operations, especially as it currently does not support mobile devices—though I know this feature is on their roadmap.

For how long have I used the solution?

From my IT experience, I have been working with multiple endpoints for about eight to ten years, and specifically with SentinelOne Singularity Endpoint for over four years.

What do I think about the stability of the solution?

So far, I find the stability and reliability of the service to be excellent, estimating 99.95% uptime.

What do I think about the scalability of the solution?

The scalability of SentinelOne Singularity Endpoint has been impressive; as we have grown from 200 employees to where we are now, SentinelOne Singularity Endpoint has scaled alongside us, ensuring effective threat management and security.

How are customer service and support?

My experience with SentinelOne's customer service has been positive; I would rate them four out of five. Although there were times communication was delayed by one or two days, they provided solutions reliably.

Which solution did I use previously and why did I switch?

Before adopting SentinelOne Singularity Endpoint, we used McAfee.

We decided to switch from McAfee due to limited visibility on threats, manual remediation taking too long, a lack of centralized incident storylines, and difficulty managing alerts, particularly with their legacy AV missing modern threat detection.

How was the initial setup?

The initial setup was straightforward, with SentinelOne Singularity Endpoint's dedicated team managing the backend script running migration for any online endpoints, ensuring a seamless onboarding process.

What about the implementation team?

I participated in the initial setup of SentinelOne Singularity Endpoint as part of the migration project.

Which other solutions did I evaluate?

Prior to choosing SentinelOne Singularity Endpoint, we evaluated a few other vendors through POCs, and ultimately, everyone agreed to proceed with SentinelOne Singularity Endpoint.

During the POC, we tested a couple of endpoints in our environment, confirming that SentinelOne Singularity Endpoint is a good fit for our executive membership side, leading us to choose SentinelOne Singularity Endpoint.

What other advice do I have?

In terms of consolidating our security solutions, I would rate SentinelOne Singularity Endpoint a 9 out of 10 because it meets all our use cases effectively. It provides granular insights into endpoints and comes with feature roadmaps, including AI security analysis that helps us understand the usage of shadow AI in our environment, vulnerabilities, and overall system alerts. This functionality allows us to monitor how many threats were remediated and triggered, significantly enhancing our security posture.

We assessed the Ranger functionality a few months ago; we activated it for a trial and subsequently turned it off. During activation, it scanned our network for shadow endpoints without SentinelOne Singularity Endpoint, identifying devices such as printers or scanners, and provided insights into unknown devices on our network, offering valuable reports through the Singularity dashboard. Although we have not yet activated Purple AI, the guidance provided when alerts occur is helpful, summarizing what triggered the alerts and offering analysis steps for our small team, providing high-level alert overviews.

I rate this review a 10 out of 10.

    Subodh Desai

Automated endpoint protection has reduced threats and enables rapid real-time remediation

  • April 23, 2026
  • Review from a verified AWS customer

What is our primary use case?

We are using SentinelOne Singularity Endpoint as we are currently working with it in our MSsp. We have been using SentinelOne Singularity Endpoint for threat detection in endpoints, and we have created multiple use cases to detect malware or any other suspicious activity that has been identified in any endpoint of our clients. We are using it for mitigating those threats.

What is most valuable?

What I appreciate about SentinelOne Singularity Endpoint is that it has a very fast response and a rollback capability, which I feel is a very big benefit for our customers in many ways where mostly everything is automated and the threat detection as well. The auto-remediation rules and setup are quite impressive compared to other CrowdStrike or any other EDR.

For correlation, SentinelOne Singularity Endpoint plays a very initial role when it comes to correlating with different devices. When we have to create use cases based on multiple rules, then creating a correlation between different use cases plays a very major role. We have deployed it for our client as well, but most of the time, we use our client's perspective while creating those correlation rules based on their recommendations and what they prefer to create. That is the time we create those customized correlated rules.

SentinelOne Singularity Endpoint has benefited us because it has a very fast response. It has helped our clients secure their endpoints so that no exploits can easily access their system. From a security perspective, it has helped our clients majorly.

What needs improvement?

Regarding mean time to respond, if I talk about improvement, it does need a few improvements, such as the limited deep visibility feature in SentinelOne Singularity Endpoint, policy management complexity, and also in the Mac OS and Linux feature. There are a few gaps in no VSS, so I could recommend several improvements that would be best to implement. One basic improvement is that in SentinelOne Singularity Endpoint, we cannot create a customized dashboard, which would have been better for visibility regarding managing threats and alerts.

Initially, I felt that it produced very high false positive alerts, which led to a resource consumption issue being a major setback for us, such as high CPU and disk utilization. Sometimes, SentinelOne Singularity Endpoint Complete tasks take time to reflect on some machines, possibly due to poor network connectivity. Additionally, we encounter problems with creating the star custom rule in SentinelOne Singularity Endpoint. Those are some cons or disadvantages I feel.

There are a few improvements, such as missing features that could be implemented appropriately. The limited deep visibility feature compared to other SIEM or XDR tools is limited, so that aspect could have been much better.

For how long have I used the solution?

I have been using SentinelOne Singularity Endpoint for more than two years.

What do I think about the stability of the solution?

The main benefits that SentinelOne Singularity Endpoint brings to our table are stability and its ability to run continuously 24/7. The threat engine continuously works, and while we are scanning, the scanning feature in SentinelOne Singularity Endpoint allows us to scan any endpoints or servers. If any malicious threat is identified directly, I do not have to search for any breaches manually. I feel it is very stable.

What do I think about the scalability of the solution?

SentinelOne Singularity Endpoint is scalable; we can scale up or scale down as per our requirement. If we want a higher number of endpoints to be deployed, we can easily scale up our requirements or scale down if there is no need for certain endpoints.

How are customer service and support?

I feel the customer service and technical support of SentinelOne Singularity Endpoint are very good because whenever we need help, customer support gives us an immediate response. In day-to-day operations, we encounter scenarios where we have to connect with customer support for various questions from the client. Most of the time, we are not aware of how to resolve those questions, and SentinelOne Singularity Endpoint's customer support helps us significantly with a prompt response.

Which solution did I use previously and why did I switch?

We are working with SentinelOne Singularity Endpoint only, as we have just started MDR services recently. We currently have SentinelOne Singularity Endpoint only.

How was the initial setup?

I personally have not managed the initial setup; we have a different team for integration purposes. I feel it was very easy; we just have to install it on those laptops or endpoints, simply dropping the SentinelOne Singularity Endpoint agents.

What about the implementation team?

I do not have proper knowledge of that, but I believe we do have a partnership.

What was our ROI?

Regarding return on investment, from a security perspective, SentinelOne Singularity Endpoint covers your endpoint security effectively. It is very cost-effective, and while we provide services to our customers, the ROI is very great because we are getting returns from what we earn by selling the product. In that perspective, I feel the ROI is very positive.

What's my experience with pricing, setup cost, and licensing?

SentinelOne Singularity Endpoint Complete is not that expensive; they are very aggressive when it comes to price points compared to Microsoft and other competing solutions. SentinelOne Singularity Endpoint Complete is very competitive price-wise, with the cost depending on the device per device basis as per the client's needs. The full-fledged platform should be around seven to ten dollars per month, which is just a random estimate.

Which other solutions did I evaluate?

We are working with CrowdStrike as an alternate solution.

What other advice do I have?

Comparing SentinelOne Singularity Endpoint with other technology, the basic thing that stands out is the user interface, which is very understandable and user-friendly. We do not have to rack our brains to think about how it works; it is very user-friendly and easier to manage admin tasks while whitelisting specific endpoints or users compared to other vendors.

SentinelOne Singularity Endpoint identifies threats in real-time. Anytime a client or user opens any malicious file and accesses it, if SentinelOne Singularity Endpoint marks it as a threat, then immediately the alert is raised. If the alert is a true positive based on the search engine of SentinelOne Singularity Endpoint, then it takes action on it and kills and quarantines the alert in real-time. It does reduce many manual efforts as the automation takes care of the major part itself.

For mean time to detect, it does identify the threat in real-time, so it does affect the overall time it takes to identify a threat.

Although it generates a lot of false positive alerts, if we create customized alerts for our clients, then it creates those alerts that are only useful for our clients. It depends on what the client is requiring from us. If we use the best capabilities of SentinelOne Singularity Endpoint, it does reduce false positive alerts.

SentinelOne Singularity Endpoint Complete is not that expensive; they are very aggressive when it comes to price points compared to Microsoft and other competing solutions. SentinelOne Singularity Endpoint Complete is very competitive price-wise, with the cost depending on the device per device basis as per the client's needs. The full-fledged platform should be around seven to ten dollars per month, which is just a random estimate.

Although I have very limited experience with Purple AI, we have used it while creating and managing security advisories for our clients to clear the gaps across the ongoing vulnerabilities in the market. While creating security advisories, Purple AI has greatly helped me in my day-to-day work.

We have used Purple AI. If we consider data privacy, Purple AI has an inbuilt feature in SentinelOne Singularity Endpoint that helps in data privacy because there are different LLMs in the market such as ChatGPT and Claude. While they are good as well, we cannot trust giving our personal data and sharing it with them. For Purple AI, we can rely much more on that because we know that our data is in good hands, making Purple AI much more reliable from a data privacy perspective.

I can use the pull-down menu in Purple AI to identify based on the IOCs present in the market. The retrieval time is very fast, so I frame certain queries on the dropdown menu and immediately see whether those telemetry matches present in my system. Using that feature, Purple AI has helped me a great deal.

Purple AI does help us find the IOCs, which makes it very useful. There are a few instances where we get confused while creating use cases, and during those times, Purple AI has helped us clear our process much more reliably.

SentinelOne Singularity Endpoint has benefited us because it has a very fast response. It has helped our clients secure their endpoints so that no exploits can easily access their system. From a security perspective, it has helped our clients majorly.

I am aware of the Ranger functionality; it is the network discovery control feature. However, in our environment, we have blocked the Ranger functionality currently, but I am a bit aware of what it does.

SentinelOne Singularity Endpoint has benefited us because it has a very fast response. It has helped our clients secure their endpoints so that no exploits can easily access their system. From a security perspective, it has helped our clients majorly.

While we provide services to our customers, the ROI is very great because we are getting returns from what we earn by selling the product. In that perspective, I feel the ROI is very positive.

Regarding data security, it is very important because in today's organizations, we have endpoints, networks, and applications everywhere on the internet. Data privacy is very important, and with SentinelOne Singularity Endpoint offering XDR solutions, Purple AI plays a major role.

On a scale of ten, I rate SentinelOne Singularity Endpoint an eight.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)

showing 1 - 10