We have not tested in that manner because when comparing with the competition product CrowdStrike, Purple AI and CrowdStrike are pretty good and more or less equal in the way of responding to a query. On the technical side, I can compare Purple AI with CrowdStrike's threat intelligence. CrowdStrike was initially a breach investigation company and was in the Indian market well before SentinelOne, acquiring more significant ground. We have used Charlotte AI, which is provided by CrowdStrike, the direct competitor of SentinelOne. These two have key differences. Charlotte AI focuses more on IOAs and IOCs, whereas Purple AI helps us query the logs and hunt threats. As an improvement, if SentinelOne could focus on IOA similar to what CrowdStrike is giving, that would be a good point. They could feed information on IOA, such as based on attackers, what different attack groups are performing the attacks, and provide those insights. Compared to its competition, for doing DFIR (Digital Forensics and Incident Response), not only IOCs are needed but also IOAs. Information about the indication of the attacker, who is attacking, and the attacker group history would be better if Purple AI could incorporate that. We can build some queries and automated responses for any suspicious or malicious conditions. It would be better if there were workflows in place for giving alerts. The way alerts are handled could be improved because when compared to other competing products, I am able to handle the technique of the threat and categorize it based on severity. If it has a major impact on the environment, I can contain the system. I have numerous options to create various kinds of alerts.
