-
Notifications
You must be signed in to change notification settings - Fork 61
Home
Surveyor is a Python utility that queries Endpoint Detection and Response products and summarizes the results. It provides security and IT teams with a method for quickly baselining an environment to identify normal and abnormal activity. Surveyor uses both definition files and pre-built queries to run searches across an environment and provide insights into what applications or activities exist within an enterprise, who is using them, and how.
EDR user interfaces and REST APIs provide direct access to events and processes and are very useful for real-time threat detection, digital forensics, and incident response (to name a few use cases). Surveyor is intended to provide high-level information about an environment, meeting use cases more closely aligned with inventory maintenance and proactive threat hunting.
Surveyor currently supports the following EDR platforms:
To learn more about various ways to use Surveyor visit our use cases.
To learn about updates and recent changes visit our change log.
If you'd like to contribute to Surveyor please visit our contributing guidelines to learn the best way.