SentinelOne, AWS Expand Security and AI Integration at re:Invent 2025
Key Highlights
- Integration allows AWS Security Hub findings to be streamed directly into SentinelOne’s Singularity platform for faster threat correlation.
- Enhanced bi-directional data flows between SentinelOne and AWS CloudWatch provide unified visibility across cloud and hybrid environments.
- Support for open standards like OCSF simplifies setup and improves interoperability of security data across platforms.
- New marketplace offerings, Purple AI MCP Server and Observo AI, enable custom AI security solutions and reduce security data costs.
Las Vegas — December 2, 2025 -- SentinelOne and Amazon Web Services announced a series of new integrations on Tuesday at AWS re:Invent 2025 aimed at improving how organizations manage and secure cloud, endpoint, and AI-driven environments.
The updates focus on tighter connections between SentinelOne’s Singularity security platform and multiple AWS services, including AWS Security Hub and Amazon CloudWatch. The goal is to give organizations broader visibility into security events while simplifying how threat data is collected, correlated, and acted upon across complex environments.
One of the key developments is a new integration that allows AWS Security Hub findings to be streamed directly into SentinelOne’s Singularity AI SIEM platform. The connection enables cloud security alerts to be correlated with endpoint, identity and AI-related telemetry in near real time, helping security teams prioritize and respond to threats more quickly.
SentinelOne has also integrated its platform with new capabilities in Amazon CloudWatch. Through bi-directional data flows, customers can share operational and security data between the two platforms, providing a more unified view of activity across cloud and hybrid environments. Both systems use the Open Cybersecurity Schema Framework (OCSF), an open standard for structuring security data.
To reduce setup time and complexity, the company added support for AWS IAM temporary delegation, allowing customers to configure the Security Hub integration with a single step while maintaining control over permissions.
“Security data is the fuel that powers AI-driven, autonomous security. SentinelOne in collaboration with AWS has long believed that open platforms, open data standards like OCSF, and intelligent, unified data lakes are key to protecting customers’ ever growing attack surface – from endpoints to the cloud to AI,” said Ely Kahn, chief product officer at SentinelOne. “At re:Invent, we’re once again working together to accelerate the adoption and efficacy of AI defenses by making it easy for customers to intelligently and cost effectively harness security data across their entire digital footprint.”
In addition, SentinelOne introduced two new offerings to AWS Marketplace:
- Purple AI MCP Server, designed to connect the Singularity platform with external AI models and frameworks, enabling organizations to build custom AI-driven security tools using SentinelOne data.
- Observo AI, a data pipeline platform intended to reduce the volume and cost of security and observability data ingested into monitoring tools. The company claims the platform can filter out low-value data before ingestion, potentially cutting data costs and speeding up incident response. Observo AI is compatible with several AWS services, including CloudWatch, S3, Kinesis, Lambda, and Security Lake.
SentinelOne said the expanded collaboration with AWS now includes integrations with more than 20 AWS services. The companies are positioning the combined capabilities as a way to support organizations adopting AI while maintaining visibility and control over expanding digital attack surfaces.
The new integrations and marketplace offerings are available now or expected to become generally available this week.