Trend Agentic AI SIEM
Microsoft Sentinel Security CoPilot
SentinelOne Purple AI
Purple AI supports a variety of data sources to enhance threat detection and investigation capabilities. The following are the key data sources that Purple AI can work with:
-
Native Data Sources: These are the built-in data sources that come with SentinelOne’s platform.
-
Third-Party Log Sources: Purple AI has expanded its support to include several widely used third-party log sources, which are:
- Palo Alto Networks Firewall
- ZScaler Internet Access
- Proofpoint TAP
- Microsoft Office 365
- Fortinet FortiGate
- Okta
Ok so Purple AI supports Microsoft Office 365 data source which we were ingesting. Lets ask it a basic question and it returns the below.
Its formatted a query for a data source we don’t have, its certainly not the Office 365 data source, the username isn’t in the correct format. I stil don’t think I have managed to return a sensible answer from purple AI yet, maybe its because I’m not entering the prompts right but its at the point where a user is better off learning the event search syntax and writing the queries them self.