Purple AI addresses queries and analysis on threats. If you have a threat incident while using the SentinelOne Singularity platform, Next-Gen SIEM, or any SentinelOne product, Purple AI allows you to automate responses and conduct in-depth analysis on how the threat attack occurred. Purple AI offers excellent services and is majorly used by the identity part of SentinelOne, where it helps in managing authentications. For a threat incident use case, Purple AI helps us to mitigate and eradicate the threat within a reduced time, much more than expected. We were able to analyze threat trends and proactively create automation policies on the console. Purple AI helps in identifying weaknesses and vulnerabilities in the environment. This is especially useful for SOC Analyst people who monitor the security posture of the infrastructure. There is no need to learn a querying language to do correlations. If you are using Purple AI, you can provide the query as plain text and it will automatically query the logs stored in the SIEM or XDR. We are able to easily correlate the logs for any threat incident. As a reseller, we not only sell products but also provide support in case of any attack. When a threat attack occurs, we are the support person for the end users, and we use all available tools in the market to help them mitigate the attack, eradicate it, and find the root cause of the analysis if possible. By using Purple AI, we are able to track what was happening in the end user machine and create new automated rules to prevent those kinds of attacks from happening in the future. I would say that 50 to 60 percent of time was saved. Usually, in an environment without SIEM, XDR, or AI engines used for analyzing logs, I took around three to four hours just to find the source of the attack. In this case, the time reduction is actually 70 to 80 percent. Even if there was no detection in SentinelOne, I was able to analyze the logs and log patterns using simple queries and identify the root cause of an attack within half an hour. If you want to become a SOC expert for other tools, there are numerous tools available in the market such as Splunk, LogRhythm, and X-axis. You need to know shell scripting or querying language to drill down the data and get the information required. With SentinelOne, there is no need for such things. If you know what you want, such as a process name, source process, or parent process name, these terminologies are easy for us to track down, and we can use these terms in the query and get our required results.
Purple AI addresses queries and analysis on threats. If you have a threat incident while using the SentinelOne Singularity platform, Next-Gen SIEM, or any SentinelOne product, Purple AI allows you to automate responses and conduct in-depth analysis on how the threat attack occurred. Purple AI offers excellent services and is majorly used by the identity part of SentinelOne, where it helps in managing authentications. For a threat incident use case, Purple AI helps us to mitigate and eradicate the threat within a reduced time, much more than expected. We were able to analyze threat trends and proactively create automation policies on the console. Purple AI helps in identifying weaknesses and vulnerabilities in the environment. This is especially useful for SOC Analyst people who monitor the security posture of the infrastructure. There is no need to learn a querying language to do correlations. If you are using Purple AI, you can provide the query as plain text and it will automatically query the logs stored in the SIEM or XDR. We are able to easily correlate the logs for any threat incident. As a reseller, we not only sell products but also provide support in case of any attack. When a threat attack occurs, we are the support person for the end users, and we use all available tools in the market to help them mitigate the attack, eradicate it, and find the root cause of the analysis if possible. By using Purple AI, we are able to track what was happening in the end user machine and create new automated rules to prevent those kinds of attacks from happening in the future. I would say that 50 to 60 percent of time was saved. Usually, in an environment without SIEM, XDR, or AI engines used for analyzing logs, I took around three to four hours just to find the source of the attack. In this case, the time reduction is actually 70 to 80 percent. Even if there was no detection in SentinelOne, I was able to analyze the logs and log patterns using simple queries and identify the root cause of an attack within half an hour. If you want to become a SOC expert for other tools, there are numerous tools available in the market such as Splunk, LogRhythm, and X-axis. You need to know shell scripting or querying language to drill down the data and get the information required. With SentinelOne, there is no need for such things. If you know what you want, such as a process name, source process, or parent process name, these terminologies are easy for us to track down, and we can use these terms in the query and get our required results.