Master SentinelOne Purple AI with our step-by-step tutorial, detailed feature walkthrough, and expert tips.
Explore the key features that make SentinelOne Purple AI powerful for data & analytics workflows.
Purple AI is an add-on capability that layers on top of the SentinelOne Singularity Platform. It requires an active Singularity subscription (typically XDR, Endpoint, or Cloud) and is not sold as a standalone security product.
No. SentinelOne states that customer data queried through Purple AI is processed within the customer's tenant boundary and is not used to train shared foundation models or leak across customers, which is a key design requirement for enterprise and regulated industries.
Analysts can ask natural-language questions about threats, alerts, and telemetry — for example, hunting for specific TTPs, summarizing an incident storyline, pulling all activity for a given user or host, or generating executive reports. Purple AI translates these into structured queries against the Singularity Data Lake.
All three are generative AI assistants for SecOps. Purple AI is tightly coupled to SentinelOne's behavioral AI detections and Storyline correlation, while Microsoft's Copilot favors Defender and Sentinel, and Charlotte AI is native to the CrowdStrike Falcon platform. The best fit usually depends on which underlying EDR/XDR stack the customer has standardized on.
SentinelOne does not publish list pricing for Purple AI. It is quoted by sales, typically as an add-on priced per endpoint, per user, or based on data ingested into the Singularity Data Lake, and is usually bundled with other Singularity modules in enterprise agreements.
Now that you know how to use SentinelOne Purple AI, it's time to put this knowledge into practice.
Sign up and follow the tutorial steps
Check pros, cons, and user feedback
See how it stacks against alternatives
Follow our tutorial and master this powerful data & analytics tool in minutes.
Tutorial updated March 2026