SentinelOne’s security analyst can now be used with third-party data. This expansion should accelerate cybersecurity investigations and simplify threat hunting.
New integrations have been established with the Zscaler Zero Trust Exchange platform, firewalls from Palo Alto Networks, Okta, Proofpoint TAP, Fortinet FortiGate and Microsoft Office 365. This extension enables security teams to use Purple AI for faster and more complete investigations across multiple data sources. Purple AI began within SentinelOne as an AI assistant but now acts as an analyst that works proactively and autonomously for businesses.
In addition to expanding to other platforms, SentinelOne is also introducing multilingual support for Purple AI. The tool now supports natural language queries and summaries in Dutch, Spanish, French, German, and Italian.
Benefits for security teams
Purple AI uses the Open Cybersecurity Schema Framework (OCSF) to perform queries on normalized data (data that has been reorganized to store it logically). This allows customers to quickly search native and external data, find correlations and get context about their entire security stack.
Ely Kahn, Vice President of Product Management at SentinelOne, emphasizes that Purple AI is more than just a query tool: “Purple AI is automating investigations, prioritizing threats, and slashing response times from hours to mere minutes.” To add: “By extending Purple AI’s capabilities across both native and third-party data in Singularity, customers can rapidly stop even the most sophisticated attacks in their tracks, while gaining more value from the full security stack and their collective security data.”
The tool’s ability to handle data from more security platforms allows it to perform stronger analyses. For example, it allows SentinelOne and Zscaler users to analyze Zscaler Security Service Edge (SSE) logs through the Singularity platform. They can ask Purple AI questions about user activity, threats, and policy violations.