Sold by: SentinelOne
Deployed on AWS
SentinelOne Singularity AI SIEM revolutionizes your security operations on AWS. Eliminate the skyrocketing ingestion costs and data overloads of legacy SIEMs by utilizing Observo AI to filter data volumes. This provides a deeper, richer dataset, enabling smarter and more accurate detections, accelerated generative AI investigations, and precise responses with Singularity Hyperautomation. AI SIEM is fundamentally shifting the role of security analyst from manual, repetitive tasks to strategic defense. Empower your team to accelerate investigations and mitigate critical risks with a fast, scalable, and intelligent SIEM built for the Autonomous SOC.
4.4
Overview
SentinelOne Singularity AI SIEM is a cloud-native SaaS solution that revolutionizes security operations by unifying cutting-edge generative and agentic AI with advanced hyperautomation. This fundamentally shifts the security analyst's role from repetitive, manual tasks to strategic threat analysis and proactive defense, enabling teams to operate with unprecedented speed and efficiency.
Unlike legacy SIEMs, our platform is built on an open, unified data lake designed for the scale and speed of modern cloud environments. It processes rich, unfiltered data to deliver autonomous threat mitigation, drastically reducing alert fatigue and mean time to resolution (MTTR) for AWS customers.
Key Features & Benefits
Autonomous & Agentic AI: Critical threats are autonomously mitigated by our AI, seamlessly augmenting human analysts for effective threat hunting and investigations.
Hyperautomation Workflows: Streamline security operations with no-code automation to design and deploy workflows that automate triage, investigation, and response processes.
Observo AI for Data Optimization: Our integration gives you an AI-native pipeline that ingests, enriches, and optimizes data before it reaches the SIEM. This reduces ingestion costs by ensuring you only pay for critical security posture data.
Purple AI for Accelerated SecOps: Our generative AI analyst is built into the platform to reduce manual effort. It provides instant summaries and automates threat hunting with natural language to accelerate investigations.
Seamless AWS Integrations
SentinelOne Singularity AI SIEM is designed to integrate seamlessly into your AWS security ecosystem, providing enhanced visibility and simplified operations.
Amazon Security Lake: Ingest high-fidelity security data from SentinelOne and other sources into Amazon Security Lake for a unified view, simplifying compliance and enabling in-depth threat hunting.
AWS Security Hub: Automatically send and receive security findings, allowing for centralized management and a comprehensive security posture assessment across your entire AWS environment.
Amazon GuardDuty: Enhance your threat detection by correlating SentinelOne data with findings from GuardDuty, gaining a deeper understanding of malicious activity in your AWS accounts.
AWS AppFabric: Get a unified, contextualized view of user activity across your SaaS applications and your AWS environment, improving your ability to detect and respond to insider threats and compromised accounts.
NEW - AWS Security Incident Response: Manage security incident response across AWS environments within Hyperautomation's no-code canvas, adding context from both external and internal sources and reducing MTTR.
Experience the Autonomous SOC
Break free from the limitations of legacy SIEMs and empower your security team to focus on what matters most. With SentinelOne Singularity AI SIEM on AWS, you can achieve faster threat detection, more efficient investigations, and a stronger security posture.
Highlights
- 100x faster than legacy SIEM
- 50% lower operational costs and 246% ROI compared to legacy SIEM
- 99% reduction in risk exposure, and 80% faster threat detection compared to AI SIEM
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Access real-time vendor security and compliance information through their Trust Center powered by Drata or Vanta. Review certifications and security standards before purchase.
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Contact us for pricing | Daily ingestion starting from $721 | $125,000.00 |
Vendor refund policy
Contact us for refund questions or concerns.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
Support is available for these solutions via telephone or our customer support portal. Contact: 1-855-868-3733 General Inquiries: sales@sentinelone.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Unlock enterprise-wide security for your AWS environment with SentinelOne Singularity Platform. This AI-powered solution provides real-time threat detection and automated response across your infrastructure, ensuring continuous protection at infinite scale. By autonomously securing endpoints, cloud workloads, and identity, SentinelOne delivers total visibility while eliminating security silos. Integrate seamlessly with AWS and leverage our unified data lake and Purple AI to accelerate investigations and gain deeper insights. Secure your AWS cloud and focus on innovation with the speed and efficiency of AI.
Purple AI Model Context Protocol (MCP) Server provides secure, seamless integration between the Singularity Platform and any AI framework or large language model. Acting as a universal translator and intelligence hub, it empowers developers and partners to build custom agentic AI experiences powered by the full context and analytics of the SentinelOne platform. The open-source Purple AI MCP Server is available today on GitHub and will also be deployable as an EKS and through Amazon Bedrock, using Agent Core. Users will need to have an active deployment of SentinelOne console and be able to obtain the SentinelOne Singularity Console token and url to be able to deploy and use the Purple AI MCP server.
Block attacks and secure your entire cloud with SentinelOne Singularity Cloud Security, an AI-powered CNAPP providing deep visibility and robust, real-time protection to defend your AWS environment from initial access to mission target. It unifies proactive exposure management, and real-time protection to safeguard your AWS infrastructure, workloads (VMs, containers), and data with AI-powered detection and automated response. Try Cloud Security for free!
Secure endpoints, servers and cloud workloads with SentinelOne Singularity, an AI-powered platform for autonomous prevention, detection, and response. SentinelOne sets the standard for how AI and automation transform security operations, stopping novel and evolving threats at machine speed, scaling under-resourced teams, and simplifying data to outpace adversaries. This pay-as-you-go (PAYGO) listing provides a unified platform defense against the most sophisticated attacks.
Customer reviews
Hardik Murdia
AI-driven log searches have reduced investigation time and now prioritize critical security alerts
Reviewed on Jun 08, 2026
Review provided by PeerSpot
What is our primary use case?
After a CrowdStrike issue, we began using their cloud security offering. SentinelOne Singularity AI SIEM is more of an integration to their existing cloud security solution. We have been using this particular solution for more than a year, though slightly less than that range.
I am an observability engineer, and this solution is very helpful for security-related needs. When working in a company that handles a lot of data, particularly infrastructure data, you encounter numerous security alerts due to dependencies and security vulnerabilities on infrastructure machines. When we receive this data from different machines, these are signals. When you get this kind of data, it is almost impossible to do it manually in any way or form. What we need is a sampler that samples consistent data. With the AI SIEM on top of SentinelOne Singularity AI SIEM Observability Cloud security solution, we can filter out many things in terms of telemetry data that we receive. The endpoint telemetry is something we actually focus on with this particular solution, followed by the cloud infrastructure logs. We have used Splunk in the past. After a certain time, if you are not on their cloud offering on a very high tier, they will charge you money excessively or they will throttle your application. This is not the case with SentinelOne Singularity AI SIEM . That is a better approach. We also manage Kubernetes containers and environments through this solution. All the pods used to send a lot of telemetry data, and we can easily identify that. The dashboard, though it has some limited functionalities, works extremely well with what they offer. We use it day in and day out.
As we have the enterprise solution for this, we have used it extensively for Kubernetes pods where we have attached certain authentication systems. We have also used it for a lot of network security events when we have to do a compliance report. We have complete automation around it which provides us the reporting and everything at the end of the day. We have integrated it with our data pipelines also, and it helps us there as well.
What is most valuable?
The log segregation is my favorite feature. When you want to search over a very high or extremely long range of logs, it helps you tremendously because it becomes very easy to identify vulnerabilities and issues on the ongoing system. Otherwise, what happens with ELK is it becomes very expensive. With Splunk, though it has a data lake on its own, it requires you a good amount of investment. Though their system is more mature than SentinelOne Singularity AI SIEM, the best part about SentinelOne Singularity AI SIEM is the searching capability they have. It is extremely one of the best in the market right now, from what I remember, because their AI also provides you insights. It tells you what is happening in the system and asks you to check that part or check this part. This provides you with an edge when you are looking for vulnerabilities. In my role as a lead engineer in SRE, my domain is observability. There we have a lot of telemetry data. Telemetry data are metrics, logs, and a lot of other alerts. To identify those parts on the security layer, it is extremely good.
I can talk about the amount of tokens we can use. These are limited, though the searches are very extensive. The actual pricing model is something that is handled by the FinOps team, as I have already mentioned before on one of the products, Cribl . We do not have full visibility and observability and telemetry information, but I can provide you engineering insights. Costing is something that every company has their own FinOps team manage everything. If you want to purchase it, you go through that team. I do not know the enterprise costing for that, but I know that cost for an individual purchase. I think it is justified compared to other peers in the market.
What needs improvement?
What I dislike is that the dashboard is very old, so they do not have much capability to be honest. Dashboard customization is almost nonexistent. What they have is something they offer as standard. They do not have a DataDog style plug and play model where you can add a lot of metrics and it will provide you with them. They basically have pre-built compliance report templates that they just send you, but you do not have a way to customize it further. Currently, as the system is not that mature right now because it has been a very limited offering at the moment for SentinelOne Singularity AI SIEM. Third party integrations are something they lack a lot. I cannot connect it to Grafana or directly to a system which can help me identify things. This is something they lack right now at the moment.
For how long have I used the solution?
We have been using this particular solution for more than a year, though slightly less than that range.
What do I think about the stability of the solution?
We have had no issues to be honest. It was compliant and reliable. I have not even seen much AI hallucinating on top of this. It has provided proper patterns and I do not have any complaints.
These things are properly managed and I do not see a problem to be honest. Though data volumes are really high for logs and other things, it worked well. I will say that even the data lake feature they have, in terms of keeping all the logs intact, those log searches are extremely fast on SentinelOne Singularity AI SIEM, even though the data is very high. Whatever you need, you get it fast as simple as that.
Which solution did I use previously and why did I switch?
We were using something similar before. We were using CrowdStrike extensively for this, but the SIEM approach they have, not the AI feature, is more mature than this. However, due to that outage, our company moved towards SentinelOne Singularity AI SIEM because we had compliance and client issues. Clients specifically asked us to remove CrowdStrike permanently from whatever Windows machines we have for security issues. Something came very strong from one of the companies which we took into account and we changed it across whatever customer we have. We moved with a better alternative. SentinelOne Singularity AI SIEM was relatively a good choice as of now.
How was the initial setup?
The AI integration was pretty straightforward. I did not face any problem. We created some policies and based on those policies, we were able to identify how to integrate it via this. I do not remember the exact steps. I have a document written on it somewhere that I need to pull out. It was a pretty standard thing. You just have to go to some consoles and integrate it based on this. You have to provide the endpoint details and it got integrated very smoothly.
What about the implementation team?
I do not maintain it. My work was just the integration aspect. Maintenance and other aspects are something that one of the other teams manages. These are the security engineers that we have. They actually provide all this information. If you need, I can connect you with them. I can send you their name or information so you can reach out to them.
What was our ROI?
Definitely, that is what I told you. It has given good ROI on that part where our investigation time has reduced to a certain degree. I will say the gains we get are more than fifty percent to be honest. We have reduced almost fifty percent of the dev's time, or not dev, the security engineer's time, SDs, whatever SECs we had. Even my VP of engineering who manages me is one of the guys who manages security. He is very happy with all this investigation time that we have reduced. We have a metric that we track in the company. This actually shows us a good amount of time. Previously it was a continuous problem for us where we had to manage all these things. An engineer had to be there for one of those problems. Now that is gone. We have a little bit more breathing room. It is not completely gone, but it is manageable now.
The sampling happens based on a single line of code. You do not need this one or a similar kind of logs, or some system should not go and sit in the data lakes. The best part about analytics is you do not have to look into anything. Threat hunting, how it works, the experience of the overall threat hunting aspect has actually improved a lot with AI because you do not want to read telemetry data. Who wants to do that? Who has time to do that? Telemetry data are raw data of signals where metrics and logs are coming in. No one wants to read them. The AI helps on top of it and helps you to make sense out of it or provides patterns. You are seeing that pattern or not. These kind of things matter. The best part is it is relatively faster than its peers because even though the data is more, it is relatively faster. I do not know what kind of algorithm they are using in the back end, but it is extremely good to be honest.
I will strongly recommend this. After SentinelOne Singularity AI SIEM, we have reduced our engineering time to a certain degree as it has helped us to do investigations fast. We get actual alerts that matter, and we can prioritize it properly. The monitoring capability is now completely in one single platform. We do not have to go here and there. This actually has given us good ROI in total.
What other advice do I have?
I am an observability engineer, and my current domain is that. SentinelOne Singularity AI SIEM is very helpful for security-related needs. When working in a company that handles a lot of data, particularly infrastructure data, you encounter numerous security alerts due to dependencies and security vulnerabilities on infrastructure machines. When we receive this data from different machines, these are signals. When you get this kind of data, it is almost impossible to do it manually in any way or form. What we need is a sampler that samples consistent data. With the AI SIEM on top of SentinelOne Singularity AI SIEM Observability Cloud security solution, we can filter out many things in terms of telemetry data that we receive. The endpoint telemetry is something we actually focus on with this particular solution, followed by the cloud infrastructure logs. We have used Splunk in the past. After a certain time, if you are not on their cloud offering on a very high tier, they will charge you money excessively or they will throttle your application. This is not the case with SentinelOne Singularity AI SIEM. That is a better approach. We also manage Kubernetes containers and environments through this solution. All the pods used to send a lot of telemetry data, and we can easily identify that. The dashboard, though it has some limited functionalities, works extremely well with what they offer. We use it day in and day out.
I can talk about the amount of tokens we can use. These are limited, though the searches are very extensive. The actual pricing model is something that is handled by the FinOps team, as I have already mentioned before on one of the products, Cribl . We do not have full visibility and observability and telemetry information, but I can provide you engineering insights. Costing is something that every company has their own FinOps team manage everything. If you want to purchase it, you go through that team. I do not know the enterprise costing for that, but I know that cost for an individual purchase. I think it is justified compared to other peers in the market. I would rate this solution a nine out of ten.
Sanjay Kaushal
Ai-driven security workflows have transformed investigations and automated incident response
Reviewed on May 28, 2026
Review from a verified AWS customer
What is our primary use case?
We discuss with customers whether they want to go on a cloud or on-premises for the usual use cases of SentinelOne Singularity AI SIEM that I work with mostly. If a customer has a SentinelOne EDR, the EPS we do not count. The rest of the things we can integrate on a cloud.
Correlation, alerting, reporting, and helping with the AI-based alerts generated by the AI are the usual use cases. The parsing is already built into SentinelOne Singularity AI SIEM .
What is most valuable?
Detect undetected is a method for SentinelOne Singularity AI SIEM that I have found the most valuable so far. It can improve the true and reduce the false alerts and give a more granular report with a custom dashboard. Whatever the customer wants to see and however the customer wants to see it on the cloud-based SIEM . We can have the S3 bucket where we can manage the data retention from the customer side.
The automated workflow feature of SentinelOne Singularity AI SIEM is very good, which is not in the traditional SIEM. The next-gen is helping customers create multiple workflows, either automatically taking action in a SOAR kind of concept, and then you can create a playbook and multiple runbooks. The beauty of the integration is that it integrates very smoothly with third-party tools, so we do not need to think about the parsers, coding, depending on the codes, or the software developers. That is a good addition to SentinelOne Singularity AI SIEM.
What needs improvement?
I would want the false positive ratio to be lower and would want to improve that aspect so the true will be more, and the false will be lesser.
Other than false positives, the true will be increased and more focus should be on the OT security operations center. Now everything is on the cloud. Whenever OT security comes into the picture, the customers do not allow us to integrate their OT devices on a cloud. It should be available on-premises because the OT SIEM market, in the India market for instance, is something around a four to eight billion dollar market. Due to limitations on the cloud, we will not be able to configure with the OT SOC or the OT AI SOC.
I want SentinelOne to offer more on-premises integrations to focus on the OT SOC. It is one market which is an untouched market by the SentinelOne team. They have a very good SIEM, but it should be the target industry, the automobile, automotive, and then definitely IT is one of them. Everything is there with IT. The very good controls, integration, no parser requirements. But OT should also be the focus of the SentinelOne team.
For how long have I used the solution?
I have been working with SentinelOne Singularity AI SIEM for about one and a half years.
What do I think about the scalability of the solution?
I can rate SentinelOne Singularity AI SIEM a four out of five in terms of scalability in adapting to customer growing data and complex IT structures.
Four is because the product is beautiful, and the one reason why it is not a five out of five is because the capability of the SentinelOne pieces is not up to the mark.
It is scalable, and we can increase the compute size. It can scale. There are no challenges. It is good because it is on a cloud, so there is no problem with the scalability.
There are no challenges in handling growing data and complex IT structures because we create a log collector that is on AI. We build the VPN tunnel from all the locations. We pull in the logs. It is a pull and push mechanism. Things work fine. There is nothing critical these days.
How are customer service and support?
The technical support of SentinelOne Singularity AI SIEM is very good, and we are getting support from them. Sometimes, whenever customization is required, they ask for PS. The team sometimes asks for professional services, which the customer does not agree to pay for.
Based on my experience with the technical support of SentinelOne Singularity AI SIEM, I would rate them a ten.
Which solution did I use previously and why did I switch?
For one year they have been safely managing because they have replaced some of the competition with SentinelOne Singularity AI SIEM, including CrowdStrike.
How was the initial setup?
We do participate in the initial setup of SentinelOne Singularity AI SIEM.
The usual setup process involves the log collectors and the cloud-based device. We create the VPN tunnel from the customer locations, and then we analyze the logs, create the alert, identify the incident, exposure management, and event search. It also works as a data lake, which is very good in SentinelOne Singularity AI SIEM. We have very good vulnerability management, which shows the beauty of the product.
There are no challenges with the initial setup because we have done multiple successful deployments.
What was our ROI?
The effect of SentinelOne Singularity AI SIEM on our customers' SOC efficiency in investigating alerts and responding to incidents is significant. We align our people, including L1, L2, and L3 engineers, for post-implementation, migration, reporting, alerting, correlations, and the behavior-based SIEM alerts. We align the people and discuss the ROI with the customers on SentinelOne Singularity AI SIEM.
For one year they have been safely managing because they have replaced some of the competition with SentinelOne Singularity AI SIEM, including CrowdStrike.
Which other solutions did I evaluate?
We do the red teaming to assess the real-time monitoring feature of SentinelOne Singularity AI SIEM. We check whether the real-time alerts are coming or not from the SIEM.
For one year they have been safely managing because they have replaced some of the competition with SentinelOne Singularity AI SIEM, including CrowdStrike.
What other advice do I have?
Correlation, alerting, reporting, and helping with the AI-based alerts generated by the AI are the usual use cases. The parsing is already built into SentinelOne Singularity AI SIEM.
There is no challenge with operations because there are very good training portals where the people learn and perform the operation actively, and there is super training available on the SentinelOne portal through the SentinelOne Training University.
I provide this review with an overall rating of ten out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Prince Joseph
Advanced AI-driven monitoring has strengthened investigations and now prioritizes critical threats
Reviewed on Mar 27, 2026
Review from a verified AWS customer
What is our primary use case?
For us, the use case is primarily to analyze security events that are coming in and also events that are kept over a period of time, to track and use it for investigation and maybe analysis, sometimes even forensics.
What is most valuable?
SentinelOne Singularity AI SIEM improves my response time to sophisticated threats in two ways: it helps me to identify which ones I need to act on, which means I am not wasting time on the things I do not need to worry about or can be a lower priority. In that respect, it helps me to prioritize and act on what needs to be acted on first, so it brings it to the surface faster.
Regarding AI-driven threat detection capabilities, I have a positive impression; when it is working very well, I do not really know if it is working, but when it does not work and if I have been hit by something, then I know it did not work. My SOC team seems to be utilizing it fully, and we have been kept secure and without any breach, which I think is probably the only proof we can give. The number of events and logs that it detects is numerous and very high, so it is doing its job. Fingers crossed, we do not have anything to report where we find that we have been broken into.
SentinelOne Singularity AI SIEM 's AI-powered analytics does affect our SOC's ability to reduce false positives; that is one of the biggest advantages because the manpower that I have is limited. The tool should be able to do a lot more of the first-level analysis, and what is flagged up for the man in the middle or the man to act on should be things that really need validation, meaning it has been correlated properly and brought up for visibility and action. In this manner, it is actually helping us to protect our security operations very effectively.
It does affect my efficiency in investigating alerts and responding to incidents; we have gone to the point of using SentinelOne Singularity AI SIEM now, and our SOC is mainly dependent on SentinelOne Singularity AI SIEM . That is becoming the foundation on which all these activities and tasks are being run, and when it is all coming together, we are seeing that it is far more effective. I hope it stays that way.
What needs improvement?
I would not say there is anything that could be better in SentinelOne Singularity AI SIEM; I think we have seen something unique in the product. This product has the potential to add more SOC functionality on top of its SIEM, which can automate a few more things because I have the information there. I need to do what I would call security agents or agentic AI to be built on top; it can take care of a lot more analysis and actions. Maybe licensing cost can also be looked at and reduced.
We are still to see the automated feature work a little bit more; we are not really using it to the full extent.
For how long have I used the solution?
With SentinelOne Singularity AI SIEM, I have been dealing with this product for under a year, at seven or eight months now.
What do I think about the stability of the solution?
There has been no issue with stability; it was perfectly fine.
What do I think about the scalability of the solution?
Scaling out, we did not face an issue because we are always looking to see where we are deploying it and what the coverage is, so no challenges are seen there.
How are customer service and support?
I am happy with the technical team of SentinelOne Singularity AI SIEM; they are pretty good. I would rate the technical support as eight to nine.
How was the initial setup?
The deployment process was straightforward; we did not face any challenges in that.
What about the implementation team?
It was largely done by my in-house team; I have a fairly competent in-house team. We did have a partner through whom we procured the product, so they were available on standby, but even more than the partner, I think the SentinelOne Singularity AI SIEM technical team was also available to us. Their guidance was good enough.
What was our ROI?
In terms of ROI, it is hard to justify; the good thing is if there is a cost to an incident, I think we are protected. If we are not having any incidents, then it is doing its job, but I am not able to convince people about it. Overall, my perspective should be about my security budget in this space, how it benchmarks, and from that perspective, how the metrics are showing. If I am spending more compared to my peers in this space and the value that I am getting is the same as what they are getting, then I am probably overpaying. However, if I am in the middle of the park kind of range, then it is probably optimally priced. At the moment, I feel the pricing is a little bit on the higher side, but the tool is positioned in a place where risk is very high, and we do not want to take chances, so we are prepared to pay the premium.
Which other solutions did I evaluate?
We have looked at other XDR products, but the strength of SentinelOne Singularity AI SIEM's SIEM, their logs, the event log capture part, which can also take in logs from other non-SentinelOne entities, stands out as quite unique. The automation that is possible on the AI platform adds to that as well. When your footprint is all on SentinelOne Singularity AI SIEM in terms of VDR, then adding to that the same from the same suite is going to be helpful. At the moment, I see them as leading in their spaces.
What other advice do I have?
I assess the overall security posture of the company after implementation as positive; I see a big impact on that. I would rate this review as an overall eight.
Which deployment model are you using for this solution?
On-premises
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
reviewer2811069
AI-driven workflows have transformed incident response speed and reduced false positives
Reviewed on Mar 23, 2026
Review from a verified AWS customer
What is our primary use case?
I use SentinelOne Singularity AI SIEM for endpoint security, including EDR and SIEM-based monitoring, as well as for XDR . I monitor endpoints for security reasons and receive alerts when suspicious or malicious activity is detected. When I find anything suspicious or malicious, I investigate it further.
What is most valuable?
I particularly appreciate a feature called Purple AI , which is an AI-based tool that allows us to fetch logs and investigate through a single prompt. It is useful for providing a brief summary of what has happened without needing to review logs in detail. Through this AI capability, we can understand exactly what has been occurring.
There is significant automation we can implement through a feature called hyper-automation. We can automate workflows easily using a drag and drop interface, rather than writing scripts. This makes automation in SentinelOne very straightforward.
I would say the quality is top-notch. It provides perfect summaries, has reduced our response time, and helps us reduce false positives. We receive mostly true positive alerts and do not need to write additional detection rules. SentinelOne Singularity AI SIEM can detect new sophisticated threats and zero-day attacks on its own without requiring rules from us. This automated detection capability is something I truly appreciate.
What needs improvement?
SentinelOne Singularity AI SIEM has some performance and reliability issues that need improvement. The interface flickers frequently, and sometimes it does not load properly. When this happens, we have to log out and log back in, or refresh the page before we can see the alerts. Sometimes the interface will be blank. These performance and reliability issues need to be addressed.
For how long have I used the solution?
I have been using SentinelOne Singularity AI SIEM for more than one year.
What do I think about the stability of the solution?
I would rate the stability at six out of ten.
What do I think about the scalability of the solution?
I would rate scalability at seven out of ten. SentinelOne Singularity AI SIEM handles a large environment fairly smoothly and works well. The performance depends on the configuration. If it is properly configured, it works well for large environments as well.
How are customer service and support?
I would rate the technical support at eight out of ten. SentinelOne Singularity AI SIEM has AI-based technical support available. When we have questions or require documentation, we receive it promptly. The support is good.
Which solution did I use previously and why did I switch?
Compared to other tools we have used, such as Sumo Logic, Splunk, and CrowdStrike, those solutions do not have as much AI capability. After using SentinelOne Singularity AI SIEM, it has reduced our incident response time by forty to fifty percent compared to other tools.
What was our ROI?
SentinelOne Singularity AI SIEM has reduced our response time to true positive alerts by approximately forty percent through automation. For false positive reduction, it has decreased our false positive rate by fifty percent.
Which other solutions did I evaluate?
I can appreciate SentinelOne Singularity AI SIEM primarily for its AI capability. For this reason, we switched to SentinelOne Singularity AI SIEM. It has behavioral AI plus machine learning that has been integrated. We chose SentinelOne Singularity AI SIEM mainly because of its AI capability. It is a unified platform that provides a unified view of security alerts without requiring us to look at other data sources or switch between different tools. This has reduced the time required for faster detection and response.
What other advice do I have?
I would recommend SentinelOne Singularity AI SIEM to other users. Most tools do not have the same level of AI capability. SentinelOne Singularity AI SIEM has Purple AI and hyper-automation features that I can suggest to other users based on these capabilities.
SentinelOne Singularity AI SIEM has improved our SOC's efficiency in investigating alerts and responding to incidents through its AI capability. It provides us a unified view of entire alerts. We do not need to go to other data sources to understand what happened. It connects all the dots and gives us a unified alert view without requiring us to navigate to other tabs. We can see what happened from start to end. Cybersecurity and hacker tactics are constantly evolving, and we are seeing many sophisticated attacks nowadays. SentinelOne Singularity AI SIEM detects these attacks by itself without needing predefined rules, using machine learning and behavioral baselines to detect anomalies and trigger alerts. Additionally, Purple AI automatically provides a summary of incidents explaining what has happened in simple terms without requiring deep investigation into alerts or logs. This explanation of what was abused helps us make faster decisions about whether an incident is truly a threat or a false positive alert.
SentinelOne Singularity AI SIEM has significantly impacted our security tasks and reduced manual effort. We have requirements from clients we provide services for regarding particular alerts or unreported data. We can automate notifications to the customer when these conditions occur without manually creating a ticket. SentinelOne Singularity AI SIEM can automatically notify the user. We also use it for responding to alerts. In some cases, we need to disconnect an endpoint from the network to prevent malicious activity from spreading. We use hyper-automation to automatically disconnect endpoints or remove malicious files if they are present on an endpoint.
I give this product an overall rating of eight out of ten.
Mohan Janarthanan
AI-driven monitoring has improved real-time threat detection but still needs better automation
Reviewed on Mar 20, 2026
Review provided by PeerSpot
What is our primary use case?
I am using SentinelOne Singularity AI SIEM as a customer only, and I have taken it very recently. I am using it to get visibility of investigating my alerts based on the alert events received from my endpoints. For AI-driven applications, I want to have end-to-end visibility, which is where the observability piece comes in. I am using it primarily for the AI part, as this product will cover my real-time data detections. I am planning on implementing it for my AI-driven applications.
What is most valuable?
AI-driven capabilities will give me real-time detection and will protect my autonomous AI interruption. We are using NLP language where my prompt engineer will upload some sensitive data. This can be detected and can protect my sensitive data from exfiltration. The AI-driven threat detection capabilities improve our overall security posture. By enabling the power of these capabilities, I can allocate my engineers or analysts in a more effective manner instead of allocating them on a day-to-day basis, which plays the major role.
What needs improvement?
I could see some workflows, but I am unable to do automated workflows. For example, some repetitive jobs or repetitive tasks I am doing, but I am trying to have less manual intervention on the front. I am raising some issues that should be resolvable. The SentinelOne team has told me that this can be resolved within a couple of months, but they are saying that it is in future for enhancement and it may take some time. So far, the numbers are great.
Regarding disadvantages or areas for improvement, I could say that 35 percent of my manual effort can be detected since I implemented it very recently. I could be able to say my current data talks about only 35 percent, and it may improve further, as I am expecting. But I can only comment based on my alerts and events. The adoption rate will be less compared to other products, as this can be a time-taken process because all my data needs to be offloaded and the system needs to understand my existing alerts, logs, and other things. This will take some more time, probably another month.
Another area for improvement is that the product is somewhat expensive. Pricing could be improved as well.
What do I think about the stability of the solution?
I have not experienced any incidents as of now. Regarding downtime, performance, and stability in general, my experience with the system downtime has been good.
What do I think about the scalability of the solution?
SentinelOne Singularity AI SIEM is scalable in general. However, I carefully take the governance piece because it is an AI adoption and not a simple one. Protecting guardrails and getting visibility is a little challenging. I will carefully design our governance piece because with any AI adoption, the end goal should be more governance and data security and safety.
How are customer service and support?
As of now, I have not faced many issues with technical support from SentinelOne. They are good. I would give eight out of ten for technical support because I am not sure how other solutions work, so I will take some time to fully evaluate.
How would you rate customer service and support?
Positive
What about the implementation team?
My deployment was done with a partner and not in-house.
What was our ROI?
I have checked with Check Point and CrowdStrike when comparing competitors. This particular new AI era is new, and people are more focused on the AI part, but the outcome discussions are what matter. Because it is new technology, I do not have that much clarity on the costing front. However, this is not too expensive and it is not a white elephant. It is somewhere in the middle. If I take this trio of Check Point, SentinelOne, and CrowdStrike, SentinelOne is the most expensive among them.
Which other solutions did I evaluate?
All other products are having the same limitations. After every quarter or every release, they are also evolving. It is not only with SentinelOne. I have also checked with Fortinet and other products from Cisco.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)