SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Modern datacenter night racks flowing data cloud edge security
#
Firewalls
#
SIEM
#
Digital Transformation

SentinelOne, Cloudflare link AI SIEM with edge data

Thu, 19th Mar 2026
Author image
By Sean Mitchell, Publisher

SentinelOne and Cloudflare have expanded their partnership with a new integration that feeds Cloudflare edge and Zero Trust telemetry into SentinelOne's Singularity AI SIEM for joint customers.

The goal is to give security teams a unified experience by correlating network edge activity with enterprise security signals. The integration combines Cloudflare Logpush telemetry with SentinelOne signals from endpoint, cloud, identity, and AI sources.

Unified telemetry

The integration routes Cloudflare logs from products including Gateway, Access, and Web Application Firewall into SentinelOne's Singularity Platform, letting organisations view and act on them alongside other data already processed there.

Cloudflare Logpush exports telemetry from the Cloudflare platform. With this integration, Singularity Platform becomes a Logpush destination configured through the Cloudflare Dashboard.

The combined view is positioned as a way to reduce fragmentation when security data is spread across multiple tools and datasets. It also adds investigation context when threats appear at the internet edge and then move into adjacent environments.

Detection and response

The integration applies AI-driven correlation across Cloudflare telemetry and SentinelOne signals to support automated detection, investigation, and response workflows as threats move between the edge and the rest of the environment.

The partnership expansion is framed as a response to rising data volumes and a growing attack surface, with more emphasis on integrated platforms that correlate activity across edge, endpoint, cloud, and identity systems.

It also reflects how many organisations now treat the edge as a primary control point for access, web traffic filtering, and application protection. Those controls can generate high-volume logs that become more useful in investigations when paired with endpoint and identity indicators.

Product context

SentinelOne describes Singularity AI SIEM as built around live data rather than static logs, using a built-in data pipeline and applying intelligence to streaming telemetry.

The company says Singularity AI SIEM can identify and filter risk earlier in the attack lifecycle, with a focus on reducing alert noise. It also uses "Agentic AI" and "Hyperautomation" for investigation and remediation workflows.

Cloudflare operates a global network and sells connectivity and security services at the edge. Its Zero Trust portfolio includes products such as Gateway and Access, commonly used for traffic inspection and policy enforcement for users and devices connecting to applications and the wider internet.

Partner strategy

The announcement highlights how security vendors are building tighter integrations between platforms at different layers of the stack. Edge services can surface early indicators such as suspicious web requests, anomalous access attempts, or traffic patterns that precede compromise. Endpoint and identity signals can then help confirm whether an attempt succeeded and what happened next.

The integration is presented as a way for customers to consolidate workflows into a single operational view. The companies also highlighted a configuration process described as taking only a few clicks in the Cloudflare Dashboard.

Melissa K. Smith, SVP, Global Strategic Partnerships & Initiatives at SentinelOne, said:

"Our expanded partnership with Cloudflare shows what's possible when two innovators come together with a common purpose. By unifying Cloudflare's global network telemetry and AI-driven insights with the intelligence of our AI SIEM, we are enabling security teams to automate correlation and response across edge and enterprise, reducing manual effort and helping analysts focus on the threats that matter most. Together, we are delivering protection that is stronger, easier to operate, and designed to scale with the needs of modern security teams."

Tom Evans, Chief Partner Officer at Cloudflare, said:

"Expanding our partnership with key technology alliance partners like SentinelOne is core to how we are further interconnecting our global infrastructure network to secure even more customers. Organisations worldwide are facing a growing number of threat signals, and now with Cloudflare and SentinelOne's intelligence, they can automate that action and analysis from a single platform. We want to make sure that organizations can clearly see the AI-driven correlations and enforce proper protections to improve their security posture."

The integration is available to joint customers using Cloudflare Logpush and SentinelOne's Singularity Platform, with correlation focused on telemetry spanning edge services and enterprise security signals.

Related stories
Anthropic launches Claude Opus 4.7 with stronger coding
CIQ launches Linux compliance platform ahead of deadlines
Your.Cloud acquires Pure Cloud Solutions in UK push
Emerson & OPSWAT strike global reseller deal for OT patching
OVHcloud adds Quandela Belenos quantum computer to platform

Top stories

Team Cymru launches Total Insights Feeds for threat data
FIRST conference highlights AI & CVE disclosure push
Protegrity launches AI Team Edition for secure inferencing
CERN joins OpenSearch foundation as associate member
OpenAI launches Trusted Access for Cyber with major names