Features Integrations Use Cases Compare About Contact
Contact Us

KNOW WHAT'S TRUE

Autonomous forensic analysis. From collection to answer in minutes.

Contact Us

Why SURGE

Forensics Without the Bottleneck

Same depth of analysis. Fraction of the time.

Minutes, Not Days

5–20 minutes per investigation. AI handles correlation and MITRE mapping while your analyst focuses on response.

Expert Results, Any Analyst

Tier 1 uploads a collection, gets structured findings and a clear answer. No escalation needed.

Evidence, Not Guesswork

Registry keys, process trees, filesystem timestamps, event logs. Structured evidence, not summaries.

Artifact Parsers
36
Operating Systems
3
Time to Answer
Minutes

How It Works

Collect. Analyze. Answer.

Three steps. No training, no escalation, no bottleneck.

01

Collect

Run our collector on any endpoint — or bring your own (KAPE, Velociraptor).

Registry Event Logs Prefetch MFT Browser Shell History
02

Analyze

Artifacts parsed, correlated, and assembled into a forensic timeline — automatically.

Timeline Correlate AI Agents MITRE Map Score Cluster
03

Get Your Answer

Findings, MITRE ATT&CK mappings, risk scoring, and a clear answer.

Findings ATT&CK Risk Score Evidence Report Answer
SURGE investigation queue showing triage view with malicious, review, and benign verdicts across multiple endpoints

The Difference

Raw Artifacts → Clear Answers

Thousands of artifacts, structured into a timeline with severity ratings and evidence.

Without SURGE
Raw artifact output
01evtx: Security/4688 — powershell.exe -enc SQBFAHgA...
02reg: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost = C:\Users\Public\svc.exe
03prefetch: PSEXEC.EXE-AD70946C.pf — run_count:3 last:2026-02-28T03:12:44Z
04evtx: System/7045 — Service "WinSvc" installed (C:\Temp\payload.dll)
05mft: $SI 2026-02-28T02:58:11 C:\Users\admin\AppData\Local\Temp\mimikatz.exe
06srum: C:\Windows\System32\svchost.exe — network_bytes_sent: 2,847,291
07amcache: SHA256=a1b2c3d4... C:\ProgramData\update.exe first_run:2026-02-28T01:30:00
08browser: chrome history — hxxps://pastebin[.]com/raw/x9k2m — 2026-02-28T01:15:22Z
09evtx: Security/4624 — LogonType:10 user:admin src:10.0.0.45 — 2026-02-28T02:44:18Z
10shellbags: C:\Users\admin\Desktop\exfil — last_accessed:2026-02-28T03:28:00Z
With SURGE
Reconstructed timeline
01:15
T1204 User accessed staging URL via Chrome
01:30
T1059.001 Encoded PowerShell payload executed
02:44
T1021.001 RDP lateral movement from 10.0.0.45
02:58
T1003.001 Mimikatz credential dumping detected
03:12
T1570 PsExec remote execution across hosts
03:28
T1041 Data staging and exfiltration via HTTPS
Critical Result: Malicious
Score: 94/100

Use Cases

Every Team Has a Use Case

SOC analysts, IR teams, MSSPs, and CISOs — one platform.

SOC Investigations

Tier 1-3 Analysts

Alert fires. Upload the collection. Forensic analysis before shift change.

  • Priority-ranked triage queue
  • MITRE ATT&CK technique mapping
  • AI chat to interrogate findings
Learn more

Incident Response

IR Teams

Automated timeline reconstruction and attack chain analysis. Focus on containment, not parsing.

  • Campaign discovery across endpoints
  • Automated forensic reports
  • Network visualization
Learn more

Continuous Assurance

Security Operations

Scheduled forensic scans on critical systems. Tag by compliance framework. Prove they stay clean.

  • Scheduled scans with cron support
  • Tag by compliance scope (PCI-DSS, HIPAA, SOC 2, NIST)
  • Drift detection over time
Learn more

AI Governance

Security & Compliance

Detect AI agents on endpoints — approved or not. Flag shadow AI before it becomes a risk.

  • Detects Claude, Copilot, Cursor, and more
  • Shadow AI alerting
  • Session artifact recovery
Learn more
See all use cases
New Capability

AI Agent Forensics

Detect AI agents on your endpoints. Identify approved tools. Flag shadow AI.

Learn More

Agent Detection

Claude, Copilot, Cursor, Windsurf, Aider, and more.

Shadow AI Alerts

Flag agents your team hasn't approved.

Session Recovery

Recover transcripts and audit what agents did.

Approval Policy

Define which agents are sanctioned per tenant.

Works With Your Stack

SIEM
SOAR
EDR
CrowdStrike
KAPE
Velociraptor
Windows
macOS Beta
Linux Beta
Enterprise Forensics

Get Your Answer
In Minutes

MITRE mappings. Timeline reconstruction. Structured evidence.

Contact Us