SentinelOne and Cloudflare fuse AI SIEM with Edge Telemetry for UNIFIED DEFENSE

Cybersecurity giants SentinelOne and Cloudflare have announced a major expansion of their strategic partnership, aimed at dismantling the silos between network edge security and endpoint protection. The collaboration, finalized on March 16, 2026, introduces a native integration that feeds Cloudflare’s massive global network telemetry directly into SentinelOne’s Singularity™ AI SIEM (Security Information and Event Management) platform.

The move addresses a growing crisis in the Security Operations Center (SOC): "data drowning." As attack surfaces expand, security teams are often forced to manually correlate disconnected logs from web firewalls, employee devices, and cloud workloads. A process that is often too slow to stop modern, automated threats.

The "single command center" for enterprise

The heart of the integration is Cloudflare Logpush, which now allows joint customers to route telemetry from Cloudflare’s Zero Trust services, including Gateway, Access, and Web Application Firewall (WAF), directly into the Singularity Platform with just a few clicks.

By unifying these signals, the AI SIEM can automatically correlate a suspicious web request at the network edge with an anomalous login attempt or a background process on a physical laptop.

"By unifying Cloudflare’s global network telemetry and AI-driven insights with the intelligence of our AI SIEM, we are enabling security teams to automate correlation and response across edge and enterprise," said Melissa K. Smith, SVP of Global Strategic Partnerships at SentinelOne.

Shifting to the "autonomous SOC"

SentinelOne is positioning this update as a cornerstone of the "Autonomous SOC," a vision where AI handles the initial heavy lifting of threat hunting. Key technical advantages of the new integration include:

• Live data pipeline: Unlike traditional SIEMs that analyze static logs, Singularity processes "streaming telemetry" in real-time, identifying risks earlier in the attack lifecycle.

• Agentic AI & hyperautomation: The platform uses autonomous agents to not only detect threats but also execute remediation workflows—such as isolating a compromised device or revoking an access token - without human intervention.

• Reduced alert fatigue: By filtering out "noise" at the edge through AI-driven correlation, the system aims to reduce the volume of false positives that often overwhelm security analysts.

Market implications

The partnership highlights a broader industry shift toward Continuous Threat Exposure Management (CTEM). By turning the network edge into a primary control point that feeds directly into an AI-powered brain, Cloudflare and SentinelOne are challenging the traditional boundaries between "network" and "security" companies.

"Organizations are facing a growing number of threat signals," noted Tom Evans, Chief Partner Officer at Cloudflare. "Now, they can automate that action and analysis from a single platform."

The integration is available immediately for joint enterprise customers, who can configure SentinelOne as a native Logpush destination within their Cloudflare Dashboard.