SentinelOne Purple AI is now generally available: conversational threat hunting for every SOC

Posted on September 17, 2025 by pavanmudalagi

Great security outcomes start with great questions. With the general availability of Purple AI on September 11, 2025, security teams can now investigate threats, hunt across data, and generate findings in natural language—no lengthy query syntax required.

Purple AI helps analysts of all skill levels accelerate investigations, reduce mean time to investigate (MTTI), and eliminate reporting overhead by capturing steps and evidence in an investigation notebook as they work.

What Purple AI does (and why it matters)

Purple AI turns your SOC data into an interactive, guided conversation. Ask plain‑English questions like “Show me suspicious PowerShell activity from last 24 hours and summarize the top 3 hosts” and get a structured answer with recommended next steps. Key capabilities available at GA include:

  • Natural‑language search and investigation across security telemetry, so analysts can go from a question to an answer without memorizing query languages.
  • Threat Hunting Quickstarts and Guided Investigations – Reduce MTTD with expert‑curated hunting workflows and intelligent, contextual next‑step suggestions in natural language.
  • Investigation Notebooks to store hunts, pivots, and findings as reusable artifacts—making results easy to review, share, and audit.
  • Draft follow‑up emails and reports – Automatically generate post‑investigation summaries and communication templates to streamline stakeholder updates.
  • OCSF data model support to normalize and correlate across sources, improving context and reducing noisy hunts.
  • Alert enrichment – Purple AI brings additional details to alerts, including Community VerdictSimilar Alerts, and deep context to accelerate triage.

Availability, packaging, and fit

Purple AI is generally available as of September 11, 2025. To enable it for your organization, reach out to your N‑able sales representative or account manager.

The bottom line

Purple AI brings speed, clarity, and repeatability to everyday SOC work. By meeting analysts where they are—in conversation—it shortens the path from signal to decision while creating a system of record along the way. For MSPs balancing skills gaps, rising alert volumes, and tighter budgets, that change matters.

Ready to see it in action? Contact your N‑able account team

This entry was posted in EDR, N-central, N-sight. Bookmark the permalink.