We posted a blog a while back about the new SentinelOne SOC Console (Singularity Operations Center) describing what is new and where the old features have moved to.  

‍

Now that the SOC console has been around for a while we feel it’s time to compare the two so you can see the benefits for yourselves. SentinelOne has been a leader in autonomous cybersecurity for many years, but with the launch of the Singularity Operations Center at the end of 2024, the company has redefined what a modern SOC console should be.  

‍

This new interface isn’t just a flashy update, it’s a complete overhaul designed to empower analysts, streamline workflows, and unify visibility across the enterprise.  

‍

There are many customers still using the legacy console which is understandable if you are just using it to manage EDR endpoints, however there are so many fantastic new features in the new console it is hugely worthwhile to make the switch, let’s see if you agree.  

‍

Designed with Analysts in mind

‍

Legacy Console:

• Focused on endpoint alerts and basic triage.  

• Navigation was linear and segmented.

• Limited customization and visual context.

‍

New SOC Console:

• Designed with input from hundreds of organizations.

• Workflow-based navigation tailored to SOC roles.

• Contextualized threat graphs and dynamic dashboards.

Legacy Console’s Segmented UI

SOC Console’s Unified Dashboard

Unified Visibility Across the Entire Ecosystem

‍

Legacy Console:

• Primarily focused on endpoint telemetry.

• Cloud, identity, and third-party integrations were limited or external.

‍

New SOC Console:

• Integrates data from endpoints, cloud workloads, identity systems, and marketplace integrations.

• Centralized alert management and asset inventory.

• Real-time correlation across attack surfaces.
• ‍

‍

Alert Management and Investigation

‍

Legacy Console:

• Alerts and threats were managed in separate tabs.

• Manual investigation steps with limited automation.

‍

New SOC Console:

• Unified Alerts tab under “Triage.”

• Auto-triage powered by Purple AI.

• One-click access to investigation timelines and remediation actions.

Manual Alert Triage

Purple AI-assisted Triage.

Enhanced Features and Tabs

‍

• Exposure Tab: Shows misconfigurations and vulnerabilities.  

• Event Search: Deep Visibility for historical data.

• Inventory: Unified view of endpoints, identities, and applications.

• RemoteOps: Execute tasks across endpoints remotely.

• Graph Query Builder: Custom queries and visualizations.

‍

For a tailored demo of the new console, click MORE INFO to submit your request.

‍

‍

Chris Faulkner

Senior Cyber Security Consultant, SentinelOne Paladin

‍

‍

‍

‍