SentinelOne Singularity AI SIEM Reviews

The primary use cases for SentinelOne Singularity AI SIEM are that we are using it as a replacement for Secureworks. We migrated to and switched to SentinelOne.

SentinelOne Singularity AI SIEM has positively affected my SOC's efficiency in investigating alerts and responding to incidents. Most of the functionality between Secureworks and SentinelOne Singularity AI SIEM is comparable, as both work in the same space.

We primarily switched to SentinelOne Singularity AI SIEM because of its native integration capabilities. We did not need to integrate with other tools because Secureworks was working with SentinelOne agents and they stopped that support. We were required to install a separate XDR client because Secureworks recently joined with Sophos and now wants us to install Sophos endpoint agents on our endpoints. That was a significant undertaking for us. From a financial perspective, SentinelOne was much more suitable for our organization. They offered us a very competitive proposal because we are among the top five SentinelOne customers in Saudi Arabia, and we are actually the first customer in Saudi Arabia. The POC was successful, so we proceeded with the implementation.

The most valuable aspect of SentinelOne Singularity AI SIEM is not actually the features themselves, but rather the integration capabilities with SentinelOne EDR. Previously, we were integrated with Secureworks, but now we are directly integrating with SentinelOne itself for AI SIEM, EDR, and NDR services. We have consolidated everything into one platform.

My impression of the AI-driven threat detection capabilities of SentinelOne Singularity AI SIEM is that it encompasses more than just AI-driven threat detection. We are integrating it with many devices and forwarding logs from multiple sources to SentinelOne Singularity AI SIEM. We are ingesting logs from Fortinet, other firewalls, other security products, and even from the cloud including Microsoft Office 365 and other security products.

SentinelOne Singularity AI SIEM has also been very stable.

There is room for improvement when it comes to the technical support quality and expertise of SentinelOne. Sometimes, the technical support team does not know how to resolve certain issues and takes time to respond, often requiring follow-up interactions within 24 hours.

SentinelOne Singularity AI SIEM can be improved in terms of support capabilities. Some logs from the server side need to be ingested. Secureworks was integrating with domain controllers and other systems, but SentinelOne still has some gaps. Some vendors cannot be integrated directly. For example, we are using Cisco Umbrella for DNS security, and we have to integrate it through an Amazon S3 bucket where we dump the logs and SentinelOne reads them from that location. For some Microsoft integrations, we must enable certain storage components and pay Microsoft directly to retrieve logs. There is no direct integration, so we must access the logs through that workaround. Previously with Secureworks, we had direct integration with Microsoft. Direct integration with Microsoft is not available now. SentinelOne needs to work on many product integrations to enable direct connectivity.

We implemented SentinelOne Singularity AI SIEM in February, and we have been using it for almost eight months now.

SentinelOne Singularity AI SIEM has been very stable.

SentinelOne Singularity AI SIEM's scalability in adapting to our organization's growing data and complex IT structures is flexible. We have not faced any scalability issues so far. Perhaps after one or two years we can discuss challenges we may have encountered, but as of now we have not faced anything related to scalability.

I would rate the technical support from SentinelOne as 8.5 out of ten.

We were using Secureworks before migrating to SentinelOne Singularity AI SIEM. My impression of the AI-driven threat detection capabilities is that SentinelOne Singularity AI SIEM encompasses more than just AI-driven threat detection. We are integrating it with many devices and forwarding logs from multiple sources to SentinelOne Singularity AI SIEM. We are ingesting logs from Fortinet, other firewalls, other security products, and even from the cloud including Microsoft Office 365 and other security products.

SentinelOne Singularity AI SIEM is deployed using a cloud-based SaaS model.

SentinelOne Singularity AI SIEM is used in our company.

When we took the service from SentinelOne, they provided an onboarding process with a dedicated engineer who helped us with all aspects of the implementation. A dedicated engineer from SentinelOne regularly contacts us, assists with configuration, and works with us on implementation details.

I find SentinelOne's pricing to be reasonable and competitive. We have taken SentinelOne Singularity AI SIEM along with the MDR service and also included ITDR (Identity Detection and Response) and EDR. They bundled all these services together and provided them to us as a single package.

SentinelOne offers a SOC service that handles our SOC operations. My impression of the AI-driven threat detection capabilities of SentinelOne Singularity AI SIEM is that it encompasses more than just AI-driven threat detection. We are integrating it with many devices and forwarding logs from multiple sources to SentinelOne Singularity AI SIEM. We are ingesting logs from Fortinet, other firewalls, other security products, and even from the cloud including Microsoft Office 365 and other security products.

We have used the automated workflow feature of SentinelOne Singularity AI SIEM and are still working on it. We started implementing automated workflows almost three months ago. The automated configuration is not a one-time setup, as we are continuously making changes and modifications over time.

I assess the overall security posture of our organization after implementing SentinelOne Singularity AI SIEM as significantly improved. We have developed a security posture that has definitely reached the benchmark. Previously, we were using Secureworks XDR, which is also a very good solution. We ran both solutions in parallel and discovered that Secureworks had almost a ten minute gap in identifying issues compared to SentinelOne, with a five to eight minute difference between the two platforms. The issue with Secureworks XDR is that it was not taking action because their playbooks were not efficient enough, partially because they were integrating with SentinelOne. In contrast, SentinelOne has local integration, so it immediately takes action and responds on the endpoint with automation. If any threat or suspicious activity is detected on any endpoint or server, SentinelOne immediately takes action at the same time. We have definitely increased our security posture.

I would rate SentinelOne Singularity AI SIEM overall as 8.5 out of ten. There are still certain things we are evaluating, so we maintain the rating of 8.5. I am basing this rating on three main factors: the quality of support, the frequency and quality of updates, and the integration and update capabilities. In terms of threat detection, response, and log collection, SentinelOne Singularity AI SIEM is excellent. We do not have any issues with those areas.

SentinelOne Singularity AI SIEM's AI-driven analytics have positively affected our SOC's ability to reduce false positives. We initially encountered false positives, but after configuration and adjustment, it performed much better for us. We now experience very low rates of false positives.

Consolidating multiple tools into SentinelOne Singularity AI SIEM has positively impacted our SOC's operational costs. We now manage our EDR, MDR, view logs, and handle automation all from one consolidated console from SentinelOne Singularity AI SIEM.

The consolidation has also reduced our SOC's operational costs and staffing needs. We are also taking SOC services from SentinelOne itself. SentinelOne has a dedicated SOC service that handles our SOC operations.

SentinelOne Singularity AI SIEM's scalability in adapting to our organization's growing data and complex IT structures is flexible. We have not faced any scalability issues so far. Perhaps after one or two years we can discuss challenges we may have encountered, but as of now we have not faced anything related to scalability.

We currently have five administrators managing this product, each with different roles and responsibilities. Within our structure, we have multiple entities, and we can create entity-wise administrators, which works very well for us.

More than 2,500 users in our company are using this product.

One issue we are facing is that SentinelOne's support team, as part of Amazon, works on updates on Sundays at the weekend. However, Sunday is the first working day for the Middle East region, particularly in Saudi Arabia. We have requested them to address tenant-related issues during our working hours. They are considering this request, and once Amazon establishes operations in Saudi Arabia, our tenant will be shifted to the kingdom and this issue will be resolved.

I would also like to mention the maintenance window for upgrades, which is an area that could be improved. My overall rating for SentinelOne Singularity AI SIEM is 8.5 out of ten.

I am using SentinelOne Singularity AI SIEM as a customer only, and I have taken it very recently. I am using it to get visibility of investigating my alerts based on the alert events received from my endpoints. For AI-driven applications, I want to have end-to-end visibility, which is where the observability piece comes in. I am using it primarily for the AI part, as this product will cover my real-time data detections. I am planning on implementing it for my AI-driven applications.

AI-driven capabilities will give me real-time detection and will protect my autonomous AI interruption. We are using NLP language where my prompt engineer will upload some sensitive data. This can be detected and can protect my sensitive data from exfiltration. The AI-driven threat detection capabilities improve our overall security posture. By enabling the power of these capabilities, I can allocate my engineers or analysts in a more effective manner instead of allocating them on a day-to-day basis, which plays the major role.

I could see some workflows, but I am unable to do automated workflows. For example, some repetitive jobs or repetitive tasks I am doing, but I am trying to have less manual intervention on the front. I am raising some issues that should be resolvable. The SentinelOne team has told me that this can be resolved within a couple of months, but they are saying that it is in future for enhancement and it may take some time. So far, the numbers are great.

Regarding disadvantages or areas for improvement, I could say that 35 percent of my manual effort can be detected since I implemented it very recently. I could be able to say my current data talks about only 35 percent, and it may improve further, as I am expecting. But I can only comment based on my alerts and events. The adoption rate will be less compared to other products, as this can be a time-taken process because all my data needs to be offloaded and the system needs to understand my existing alerts, logs, and other things. This will take some more time, probably another month.

Another area for improvement is that the product is somewhat expensive. Pricing could be improved as well.

I have not experienced any incidents as of now. Regarding downtime, performance, and stability in general, my experience with the system downtime has been good.

SentinelOne Singularity AI SIEM is scalable in general. However, I carefully take the governance piece because it is an AI adoption and not a simple one. Protecting guardrails and getting visibility is a little challenging. I will carefully design our governance piece because with any AI adoption, the end goal should be more governance and data security and safety.

As of now, I have not faced many issues with technical support from SentinelOne. They are good. I would give eight out of ten for technical support because I am not sure how other solutions work, so I will take some time to fully evaluate.

Positive

My deployment was done with a partner and not in-house.

I have checked with Check Point and CrowdStrike when comparing competitors. This particular new AI era is new, and people are more focused on the AI part, but the outcome discussions are what matter. Because it is new technology, I do not have that much clarity on the costing front. However, this is not too expensive and it is not a white elephant. It is somewhere in the middle. If I take this trio of Check Point, SentinelOne, and CrowdStrike, SentinelOne is the most expensive among them.

All other products are having the same limitations. After every quarter or every release, they are also evolving. It is not only with SentinelOne. I have also checked with Fortinet and other products from Cisco.

After a CrowdStrike issue, we began using their cloud security offering. SentinelOne Singularity AI SIEM is more of an integration to their existing cloud security solution. We have been using this particular solution for more than a year, though slightly less than that range.

I am an observability engineer, and this solution is very helpful for security-related needs. When working in a company that handles a lot of data, particularly infrastructure data, you encounter numerous security alerts due to dependencies and security vulnerabilities on infrastructure machines. When we receive this data from different machines, these are signals. When you get this kind of data, it is almost impossible to do it manually in any way or form. What we need is a sampler that samples consistent data. With the AI SIEM on top of SentinelOne Singularity AI SIEM Observability Cloud security solution, we can filter out many things in terms of telemetry data that we receive. The endpoint telemetry is something we actually focus on with this particular solution, followed by the cloud infrastructure logs. We have used Splunk in the past. After a certain time, if you are not on their cloud offering on a very high tier, they will charge you money excessively or they will throttle your application. This is not the case with SentinelOne Singularity AI SIEM. That is a better approach. We also manage Kubernetes containers and environments through this solution. All the pods used to send a lot of telemetry data, and we can easily identify that. The dashboard, though it has some limited functionalities, works extremely well with what they offer. We use it day in and day out.

As we have the enterprise solution for this, we have used it extensively for Kubernetes pods where we have attached certain authentication systems. We have also used it for a lot of network security events when we have to do a compliance report. We have complete automation around it which provides us the reporting and everything at the end of the day. We have integrated it with our data pipelines also, and it helps us there as well.

The log segregation is my favorite feature. When you want to search over a very high or extremely long range of logs, it helps you tremendously because it becomes very easy to identify vulnerabilities and issues on the ongoing system. Otherwise, what happens with ELK is it becomes very expensive. With Splunk, though it has a data lake on its own, it requires you a good amount of investment. Though their system is more mature than SentinelOne Singularity AI SIEM, the best part about SentinelOne Singularity AI SIEM is the searching capability they have. It is extremely one of the best in the market right now, from what I remember, because their AI also provides you insights. It tells you what is happening in the system and asks you to check that part or check this part. This provides you with an edge when you are looking for vulnerabilities. In my role as a lead engineer in SRE, my domain is observability. There we have a lot of telemetry data. Telemetry data are metrics, logs, and a lot of other alerts. To identify those parts on the security layer, it is extremely good.

I can talk about the amount of tokens we can use. These are limited, though the searches are very extensive. The actual pricing model is something that is handled by the FinOps team, as I have already mentioned before on one of the products, Cribl. We do not have full visibility and observability and telemetry information, but I can provide you engineering insights. Costing is something that every company has their own FinOps team manage everything. If you want to purchase it, you go through that team. I do not know the enterprise costing for that, but I know that cost for an individual purchase. I think it is justified compared to other peers in the market.

What I dislike is that the dashboard is very old, so they do not have much capability to be honest. Dashboard customization is almost nonexistent. What they have is something they offer as standard. They do not have a DataDog style plug and play model where you can add a lot of metrics and it will provide you with them. They basically have pre-built compliance report templates that they just send you, but you do not have a way to customize it further. Currently, as the system is not that mature right now because it has been a very limited offering at the moment for SentinelOne Singularity AI SIEM. Third party integrations are something they lack a lot. I cannot connect it to Grafana or directly to a system which can help me identify things. This is something they lack right now at the moment.

We have been using this particular solution for more than a year, though slightly less than that range.

We have had no issues to be honest. It was compliant and reliable. I have not even seen much AI hallucinating on top of this. It has provided proper patterns and I do not have any complaints.

These things are properly managed and I do not see a problem to be honest. Though data volumes are really high for logs and other things, it worked well. I will say that even the data lake feature they have, in terms of keeping all the logs intact, those log searches are extremely fast on SentinelOne Singularity AI SIEM, even though the data is very high. Whatever you need, you get it fast as simple as that.

We were using something similar before. We were using CrowdStrike extensively for this, but the SIEM approach they have, not the AI feature, is more mature than this. However, due to that outage, our company moved towards SentinelOne Singularity AI SIEM because we had compliance and client issues. Clients specifically asked us to remove CrowdStrike permanently from whatever Windows machines we have for security issues. Something came very strong from one of the companies which we took into account and we changed it across whatever customer we have. We moved with a better alternative. SentinelOne Singularity AI SIEM was relatively a good choice as of now.

The AI integration was pretty straightforward. I did not face any problem. We created some policies and based on those policies, we were able to identify how to integrate it via this. I do not remember the exact steps. I have a document written on it somewhere that I need to pull out. It was a pretty standard thing. You just have to go to some consoles and integrate it based on this. You have to provide the endpoint details and it got integrated very smoothly.

I do not maintain it. My work was just the integration aspect. Maintenance and other aspects are something that one of the other teams manages. These are the security engineers that we have. They actually provide all this information. If you need, I can connect you with them. I can send you their name or information so you can reach out to them.

Definitely, that is what I told you. It has given good ROI on that part where our investigation time has reduced to a certain degree. I will say the gains we get are more than fifty percent to be honest. We have reduced almost fifty percent of the dev's time, or not dev, the security engineer's time, SDs, whatever SECs we had. Even my VP of engineering who manages me is one of the guys who manages security. He is very happy with all this investigation time that we have reduced. We have a metric that we track in the company. This actually shows us a good amount of time. Previously it was a continuous problem for us where we had to manage all these things. An engineer had to be there for one of those problems. Now that is gone. We have a little bit more breathing room. It is not completely gone, but it is manageable now.

The sampling happens based on a single line of code. You do not need this one or a similar kind of logs, or some system should not go and sit in the data lakes. The best part about analytics is you do not have to look into anything. Threat hunting, how it works, the experience of the overall threat hunting aspect has actually improved a lot with AI because you do not want to read telemetry data. Who wants to do that? Who has time to do that? Telemetry data are raw data of signals where metrics and logs are coming in. No one wants to read them. The AI helps on top of it and helps you to make sense out of it or provides patterns. You are seeing that pattern or not. These kind of things matter. The best part is it is relatively faster than its peers because even though the data is more, it is relatively faster. I do not know what kind of algorithm they are using in the back end, but it is extremely good to be honest.

I will strongly recommend this. After SentinelOne Singularity AI SIEM, we have reduced our engineering time to a certain degree as it has helped us to do investigations fast. We get actual alerts that matter, and we can prioritize it properly. The monitoring capability is now completely in one single platform. We do not have to go here and there. This actually has given us good ROI in total.

I am an observability engineer, and my current domain is that. SentinelOne Singularity AI SIEM is very helpful for security-related needs. When working in a company that handles a lot of data, particularly infrastructure data, you encounter numerous security alerts due to dependencies and security vulnerabilities on infrastructure machines. When we receive this data from different machines, these are signals. When you get this kind of data, it is almost impossible to do it manually in any way or form. What we need is a sampler that samples consistent data. With the AI SIEM on top of SentinelOne Singularity AI SIEM Observability Cloud security solution, we can filter out many things in terms of telemetry data that we receive. The endpoint telemetry is something we actually focus on with this particular solution, followed by the cloud infrastructure logs. We have used Splunk in the past. After a certain time, if you are not on their cloud offering on a very high tier, they will charge you money excessively or they will throttle your application. This is not the case with SentinelOne Singularity AI SIEM. That is a better approach. We also manage Kubernetes containers and environments through this solution. All the pods used to send a lot of telemetry data, and we can easily identify that. The dashboard, though it has some limited functionalities, works extremely well with what they offer. We use it day in and day out.

I can talk about the amount of tokens we can use. These are limited, though the searches are very extensive. The actual pricing model is something that is handled by the FinOps team, as I have already mentioned before on one of the products, Cribl. We do not have full visibility and observability and telemetry information, but I can provide you engineering insights. Costing is something that every company has their own FinOps team manage everything. If you want to purchase it, you go through that team. I do not know the enterprise costing for that, but I know that cost for an individual purchase. I think it is justified compared to other peers in the market. I would rate this solution a nine out of ten.

We discuss with customers whether they want to go on a cloud or on-premises for the usual use cases of SentinelOne Singularity AI SIEM that I work with mostly. If a customer has a SentinelOne EDR, the EPS we do not count. The rest of the things we can integrate on a cloud.

Correlation, alerting, reporting, and helping with the AI-based alerts generated by the AI are the usual use cases. The parsing is already built into SentinelOne Singularity AI SIEM.

Detect undetected is a method for SentinelOne Singularity AI SIEM that I have found the most valuable so far. It can improve the true and reduce the false alerts and give a more granular report with a custom dashboard. Whatever the customer wants to see and however the customer wants to see it on the cloud-based SIEM. We can have the S3 bucket where we can manage the data retention from the customer side.

The automated workflow feature of SentinelOne Singularity AI SIEM is very good, which is not in the traditional SIEM. The next-gen is helping customers create multiple workflows, either automatically taking action in a SOAR kind of concept, and then you can create a playbook and multiple runbooks. The beauty of the integration is that it integrates very smoothly with third-party tools, so we do not need to think about the parsers, coding, depending on the codes, or the software developers. That is a good addition to SentinelOne Singularity AI SIEM.

I would want the false positive ratio to be lower and would want to improve that aspect so the true will be more, and the false will be lesser.

Other than false positives, the true will be increased and more focus should be on the OT security operations center. Now everything is on the cloud. Whenever OT security comes into the picture, the customers do not allow us to integrate their OT devices on a cloud. It should be available on-premises because the OT SIEM market, in the India market for instance, is something around a four to eight billion dollar market. Due to limitations on the cloud, we will not be able to configure with the OT SOC or the OT AI SOC.

I want SentinelOne to offer more on-premises integrations to focus on the OT SOC. It is one market which is an untouched market by the SentinelOne team. They have a very good SIEM, but it should be the target industry, the automobile, automotive, and then definitely IT is one of them. Everything is there with IT. The very good controls, integration, no parser requirements. But OT should also be the focus of the SentinelOne team.

I have been working with SentinelOne Singularity AI SIEM for about one and a half years.

I can rate SentinelOne Singularity AI SIEM a four out of five in terms of scalability in adapting to customer growing data and complex IT structures.

Four is because the product is beautiful, and the one reason why it is not a five out of five is because the capability of the SentinelOne pieces is not up to the mark.

It is scalable, and we can increase the compute size. It can scale. There are no challenges. It is good because it is on a cloud, so there is no problem with the scalability.

There are no challenges in handling growing data and complex IT structures because we create a log collector that is on AI. We build the VPN tunnel from all the locations. We pull in the logs. It is a pull and push mechanism. Things work fine. There is nothing critical these days.

The technical support of SentinelOne Singularity AI SIEM is very good, and we are getting support from them. Sometimes, whenever customization is required, they ask for PS. The team sometimes asks for professional services, which the customer does not agree to pay for.

Based on my experience with the technical support of SentinelOne Singularity AI SIEM, I would rate them a ten.

For one year they have been safely managing because they have replaced some of the competition with SentinelOne Singularity AI SIEM, including CrowdStrike.

We do participate in the initial setup of SentinelOne Singularity AI SIEM.

The usual setup process involves the log collectors and the cloud-based device. We create the VPN tunnel from the customer locations, and then we analyze the logs, create the alert, identify the incident, exposure management, and event search. It also works as a data lake, which is very good in SentinelOne Singularity AI SIEM. We have very good vulnerability management, which shows the beauty of the product.

There are no challenges with the initial setup because we have done multiple successful deployments.

The effect of SentinelOne Singularity AI SIEM on our customers' SOC efficiency in investigating alerts and responding to incidents is significant. We align our people, including L1, L2, and L3 engineers, for post-implementation, migration, reporting, alerting, correlations, and the behavior-based SIEM alerts. We align the people and discuss the ROI with the customers on SentinelOne Singularity AI SIEM.

For one year they have been safely managing because they have replaced some of the competition with SentinelOne Singularity AI SIEM, including CrowdStrike.

We do the red teaming to assess the real-time monitoring feature of SentinelOne Singularity AI SIEM. We check whether the real-time alerts are coming or not from the SIEM.

For one year they have been safely managing because they have replaced some of the competition with SentinelOne Singularity AI SIEM, including CrowdStrike.

Correlation, alerting, reporting, and helping with the AI-based alerts generated by the AI are the usual use cases. The parsing is already built into SentinelOne Singularity AI SIEM.

There is no challenge with operations because there are very good training portals where the people learn and perform the operation actively, and there is super training available on the SentinelOne portal through the SentinelOne Training University.

I provide this review with an overall rating of ten out of ten.

For us, the use case is primarily to analyze security events that are coming in and also events that are kept over a period of time, to track and use it for investigation and maybe analysis, sometimes even forensics.

SentinelOne Singularity AI SIEM improves my response time to sophisticated threats in two ways: it helps me to identify which ones I need to act on, which means I am not wasting time on the things I do not need to worry about or can be a lower priority. In that respect, it helps me to prioritize and act on what needs to be acted on first, so it brings it to the surface faster.

Regarding AI-driven threat detection capabilities, I have a positive impression; when it is working very well, I do not really know if it is working, but when it does not work and if I have been hit by something, then I know it did not work. My SOC team seems to be utilizing it fully, and we have been kept secure and without any breach, which I think is probably the only proof we can give. The number of events and logs that it detects is numerous and very high, so it is doing its job. Fingers crossed, we do not have anything to report where we find that we have been broken into.

SentinelOne Singularity AI SIEM's AI-powered analytics does affect our SOC's ability to reduce false positives; that is one of the biggest advantages because the manpower that I have is limited. The tool should be able to do a lot more of the first-level analysis, and what is flagged up for the man in the middle or the man to act on should be things that really need validation, meaning it has been correlated properly and brought up for visibility and action. In this manner, it is actually helping us to protect our security operations very effectively.

It does affect my efficiency in investigating alerts and responding to incidents; we have gone to the point of using SentinelOne Singularity AI SIEM now, and our SOC is mainly dependent on SentinelOne Singularity AI SIEM. That is becoming the foundation on which all these activities and tasks are being run, and when it is all coming together, we are seeing that it is far more effective. I hope it stays that way.

I would not say there is anything that could be better in SentinelOne Singularity AI SIEM; I think we have seen something unique in the product. This product has the potential to add more SOC functionality on top of its SIEM, which can automate a few more things because I have the information there. I need to do what I would call security agents or agentic AI to be built on top; it can take care of a lot more analysis and actions. Maybe licensing cost can also be looked at and reduced.

We are still to see the automated feature work a little bit more; we are not really using it to the full extent.

With SentinelOne Singularity AI SIEM, I have been dealing with this product for under a year, at seven or eight months now.

There has been no issue with stability; it was perfectly fine.

Scaling out, we did not face an issue because we are always looking to see where we are deploying it and what the coverage is, so no challenges are seen there.

I am happy with the technical team of SentinelOne Singularity AI SIEM; they are pretty good. I would rate the technical support as eight to nine.

The deployment process was straightforward; we did not face any challenges in that.

It was largely done by my in-house team; I have a fairly competent in-house team. We did have a partner through whom we procured the product, so they were available on standby, but even more than the partner, I think the SentinelOne Singularity AI SIEM technical team was also available to us. Their guidance was good enough.

In terms of ROI, it is hard to justify; the good thing is if there is a cost to an incident, I think we are protected. If we are not having any incidents, then it is doing its job, but I am not able to convince people about it. Overall, my perspective should be about my security budget in this space, how it benchmarks, and from that perspective, how the metrics are showing. If I am spending more compared to my peers in this space and the value that I am getting is the same as what they are getting, then I am probably overpaying. However, if I am in the middle of the park kind of range, then it is probably optimally priced. At the moment, I feel the pricing is a little bit on the higher side, but the tool is positioned in a place where risk is very high, and we do not want to take chances, so we are prepared to pay the premium.

We have looked at other XDR products, but the strength of SentinelOne Singularity AI SIEM's SIEM, their logs, the event log capture part, which can also take in logs from other non-SentinelOne entities, stands out as quite unique. The automation that is possible on the AI platform adds to that as well. When your footprint is all on SentinelOne Singularity AI SIEM in terms of VDR, then adding to that the same from the same suite is going to be helpful. At the moment, I see them as leading in their spaces.

I assess the overall security posture of the company after implementation as positive; I see a big impact on that. I would rate this review as an overall eight.

I use SentinelOne Singularity AI SIEM for endpoint security, including EDR and SIEM-based monitoring, as well as for XDR. I monitor endpoints for security reasons and receive alerts when suspicious or malicious activity is detected. When I find anything suspicious or malicious, I investigate it further.

I particularly appreciate a feature called Purple AI, which is an AI-based tool that allows us to fetch logs and investigate through a single prompt. It is useful for providing a brief summary of what has happened without needing to review logs in detail. Through this AI capability, we can understand exactly what has been occurring.

There is significant automation we can implement through a feature called hyper-automation. We can automate workflows easily using a drag and drop interface, rather than writing scripts. This makes automation in SentinelOne very straightforward.

I would say the quality is top-notch. It provides perfect summaries, has reduced our response time, and helps us reduce false positives. We receive mostly true positive alerts and do not need to write additional detection rules. SentinelOne Singularity AI SIEM can detect new sophisticated threats and zero-day attacks on its own without requiring rules from us. This automated detection capability is something I truly appreciate.

SentinelOne Singularity AI SIEM has some performance and reliability issues that need improvement. The interface flickers frequently, and sometimes it does not load properly. When this happens, we have to log out and log back in, or refresh the page before we can see the alerts. Sometimes the interface will be blank. These performance and reliability issues need to be addressed.

I have been using SentinelOne Singularity AI SIEM for more than one year.

I would rate the stability at six out of ten.

I would rate scalability at seven out of ten. SentinelOne Singularity AI SIEM handles a large environment fairly smoothly and works well. The performance depends on the configuration. If it is properly configured, it works well for large environments as well.

I would rate the technical support at eight out of ten. SentinelOne Singularity AI SIEM has AI-based technical support available. When we have questions or require documentation, we receive it promptly. The support is good.

Compared to other tools we have used, such as Sumo Logic, Splunk, and CrowdStrike, those solutions do not have as much AI capability. After using SentinelOne Singularity AI SIEM, it has reduced our incident response time by forty to fifty percent compared to other tools.

SentinelOne Singularity AI SIEM has reduced our response time to true positive alerts by approximately forty percent through automation. For false positive reduction, it has decreased our false positive rate by fifty percent.

I can appreciate SentinelOne Singularity AI SIEM primarily for its AI capability. For this reason, we switched to SentinelOne Singularity AI SIEM. It has behavioral AI plus machine learning that has been integrated. We chose SentinelOne Singularity AI SIEM mainly because of its AI capability. It is a unified platform that provides a unified view of security alerts without requiring us to look at other data sources or switch between different tools. This has reduced the time required for faster detection and response.

I would recommend SentinelOne Singularity AI SIEM to other users. Most tools do not have the same level of AI capability. SentinelOne Singularity AI SIEM has Purple AI and hyper-automation features that I can suggest to other users based on these capabilities.

SentinelOne Singularity AI SIEM has improved our SOC's efficiency in investigating alerts and responding to incidents through its AI capability. It provides us a unified view of entire alerts. We do not need to go to other data sources to understand what happened. It connects all the dots and gives us a unified alert view without requiring us to navigate to other tabs. We can see what happened from start to end. Cybersecurity and hacker tactics are constantly evolving, and we are seeing many sophisticated attacks nowadays. SentinelOne Singularity AI SIEM detects these attacks by itself without needing predefined rules, using machine learning and behavioral baselines to detect anomalies and trigger alerts. Additionally, Purple AI automatically provides a summary of incidents explaining what has happened in simple terms without requiring deep investigation into alerts or logs. This explanation of what was abused helps us make faster decisions about whether an incident is truly a threat or a false positive alert.

SentinelOne Singularity AI SIEM has significantly impacted our security tasks and reduced manual effort. We have requirements from clients we provide services for regarding particular alerts or unreported data. We can automate notifications to the customer when these conditions occur without manually creating a ticket. SentinelOne Singularity AI SIEM can automatically notify the user. We also use it for responding to alerts. In some cases, we need to disconnect an endpoint from the network to prevent malicious activity from spreading. We use hyper-automation to automatically disconnect endpoints or remove malicious files if they are present on an endpoint.

I give this product an overall rating of eight out of ten.

Our use case with SentinelOne Singularity AI SIEM is primarily AI observability for a large part. We are using it for SIEM purposes as well. Prior to the inclusion of Purple AI, it was exclusively SIEM.

The best features of SentinelOne Singularity AI SIEM are 100% Purple AI.

In addition to that, though somewhat tedious, the implementation of any data you want is a feature of SentinelOne Singularity AI SIEM, and also the option to analyze that via Purple AI to some degree. Additionally, the existence of a large catalog of native integrations is valuable.

Overall, I would assess the overall security posture after implementing SentinelOne Singularity AI SIEM as significantly improved. We finally have visibility into things that were never visible before. When talking to new customers and onboarding them, it is always apparent that there are so many things in their environment that they never even really knew about and had no visibility into. They previously needed to go through obscure, hard-to-use, and weird tooling to potentially access this information. Having all of that in SentinelOne Singularity AI SIEM makes it so much easier.

In AI SIEM, the areas that have room for improvement are the parsers for third-party integrated data or for third-party data sources that are not native integrations, which could be made a bit easier. I did hear that there is something on the horizon for this, but that is an area that could be made less tedious.

Potentially to some degree, the evaluation of singular events in SentinelOne Singularity AI SIEM could improve. Sometimes they are painting the devil on the wall where there is not really a big issue, just a normal, everyday event. Those are sometimes taken a bit too negatively.

I am still using SentinelOne Singularity AI SIEM presently.

When it comes to stability, I would give SentinelOne Singularity AI SIEM a nine. There are no really noticeable glitches or bugs. There used to be a few availability issues, but those are essentially mitigated by now. SentinelOne has taken those very seriously and in the past months, which might have been almost a year by now, I have not really noticed any availability issues.

I would rate the technical support of SentinelOne Singularity AI SIEM a nine.

Positive

As for maintenance required with SentinelOne Singularity AI SIEM, I would say it is even easier than the base product because you do not really onboard new data sources that often. If I put it into times a year, I would say it might be twice a year-ish that you need to do maintenance work essentially. Of course, if you want to add new detections or anything, that can be whenever, but I would not really consider that maintenance.

For others looking to implement SentinelOne Singularity AI SIEM, I would recommend starting with a proof of concept. Of course, with a SIEM that is a bit more effort to fully onboard, you might want to get an in-depth demonstration first and see if it meets your needs. Even before the demonstration, ask yourself what you even expect of a SIEM and what points you want from the solution. Once you are in the presentation, you will realize that those can very easily be met and completed with SentinelOne.

In comparison, I would assess SentinelOne Singularity AI SIEM favorably to other solutions or vendors such as Splunk, Microsoft, Hunters, Anomali, and Graylog. The nice part about it as well is that you can use AI SIEM standalone. However, the big advantage in my opinion comes from using it with the EDR. If you do that, you just have one of the main issues of SIEMs completely taken care of.

That being the data from the endpoints, in modern SIEMs, you have roughly 80 to 90% of the data is endpoint data. In other SIEMs, you have to pay for those and pay for every bit of data that you put in. With SentinelOne, if it is from the endpoint, you natively have that data and you do not have to pay extra for that, and it is just additional data on top of that. Additionally, combining that with the ability to have all the data in a single data lake means you do not need to use multiple data stores. It is using an open source data format, which is awesome.

My impression of the AI-driven threat detection capabilities of SentinelOne Singularity AI SIEM is great. I am really looking forward to the upcoming feature with agentic incident investigation. If that is actually capable of autonomously investigating incidents across multiple data sources, for example, not just from SentinelOne, it will be transformative. The example I heard recently was an employee of the company opening a normal ticket just stating that their VPN connection is not working. That ticket is also made available to SentinelOne and it will then investigate what is going on with that. In the end, it turned out that this was actually an attack and that employee's VPN connection was hijacked. I am really looking forward to that feature, though it is not here yet, but even right now, it is great.

In terms of assessing the efficiency of SentinelOne Singularity AI SIEM in improving response time to sophisticated threats, you very quickly get an overview of all data and data related to the incident. Even if there is no active incident, you can very quickly get all related information due to the Storylines and Purple AI.

SentinelOne's AI-driven analytics have affected our SOC abilities to reduce false positives, and I would say roughly about 80%.

I would rate this solution a 10 overall.

The main use cases for SentinelOne Singularity AI SIEM are endpoint protection and EDRs. When you compare the EDRs with Trend Micro and others, you will find many false positives, but SentinelOne gives you the best protection. It uses its AI to scan and find new malware, how new attackers are behaving, and addresses zero-day attacks as well. It is quite good, but the only downside is that it is costly.

The best features in SentinelOne Singularity AI SIEM include AI capabilities; they have two types of AI. First, AI is on the dashboard, which you can interact with, such as asking for logs of the last ten days, and it will provide them to you. This is one type of AI, similar to a chatbot. The other AI operates in the back end to find malware. It employs a combination of AI and ML to check for viruses or any other malicious processes, including fileless attacks.

The impression I have of the AI-driven threat detection capabilities of SentinelOne Singularity AI SIEM is that it is good and working fine, and I have never found any complaints from any customer. The dashboard is also quite simple.

When it comes to room for improvement, I would say the analysis page can be improved.

In terms of improvement, you can add more detection features.

I have been working with SentinelOne Singularity AI SIEM for almost six months.

I have not seen any stability or scalability issues with it; it is usually license-based, so when you are buying, you typically know how much you need.

In terms of performance stability, I have never had any crashes, downtimes, or performance issues.

The scalability of SentinelOne Singularity AI SIEM in adapting to an organization's growing data or complex IT structures is good, but it actually depends on the person who is managing it and how they make the policies; it totally depends on the policies they are making.

My thoughts on the tech support of SentinelOne Singularity AI SIEM are that it is good and AI-based, and the documentation is also good compared to other solutions I have seen.

Positive

The benefits of SentinelOne Singularity AI SIEM include that most of the customers who use it upgrade from their existing endpoint solutions. Many are using Trend Micro endpoints, Check Point endpoints, or others, and they are unhappy, especially with solutions such as Kaspersky. When they face attacks such as ransomware and are dissatisfied with their existing solutions, they switch to SentinelOne Singularity AI SIEM, which is quite good in detecting unknown threats, cleaning the system, and handling ransomware.

Regarding the initial setup of SentinelOne Singularity AI SIEM, I can walk you through the deployment process: you can sync your AD, and the agent installation can also be automated. You can push it directly from your Microsoft Active Directory using GPO, which makes it easy. The agent installation can be automated, so I do not think it takes much time. However, since it is an endpoint tool, you have to consider policies for different departments, including allow lists and block lists, so deploying any endpoint does take some time.

We are not directly system integrators of the product, but we sell through Lenovo.

Apart from the Harmony, I work with various CloudGuard Check Point products, and I also have a certification for SOCRADAR. I work with SOCRADAR and still have hands-on experience doing POCs and demos with SOCRADAR. I have recently done POCs or demos with SOCRADAR. We are working with an alternate solution for that, and it is a new solution.

SentinelOne Singularity AI SIEM has many features, and my recommendation is to utilize all of them, but people often do not use them all. It would be helpful to automate it or use playbooks to take full advantage of the features. I rate this product a nine out of ten.