Features Integrations Use Cases Compare About Contact
Contact Us
Platform Capabilities

Everything Under the Hood

The analysis engine, parsers, compliance tagging, and integrations that power every investigation.

Analysis Engine

AI-Powered Analysis

Multiple AI agents analyze artifacts in parallel — triage, deep forensics, findings, and risk scoring.

MITRE ATT&CK Mapping

Findings mapped to tactics and techniques with risk scoring and interactive radar chart.

Timeline Reconstruction

Comprehensive timeline from filesystem, registry, event logs, browser history, and shell commands.

SURGE investigation detail showing CRITICAL verdict, activity timeline with cluster analysis, risk scoring, and forensic findings

Investigation Pipeline

UploadZIP / Collector1Parse36 Artifact Types2AnalyzeAI Agents3MapMITRE ATT&CK4ReportFindings & Evidence5

Average Analysis Time

Workstation
Typical 5–10 min
High activity 10–15 min
Server / DC
Typical 5–12 min
High activity 12–20 min

Based on event volume. Servers and high-activity hosts may take longer.

MITRE ATT&CK Coverage

12 tactics · 59 techniques (34 rule-based, 25 contextual)

Dedicated detection AI-inferred

Init Access

TA0001

Execution

TA0002

Persistence

TA0003

Priv Esc

TA0004

Def Evasion

TA0005

Cred Access

TA0006

Discovery

TA0007

Lat Move

TA0008

Collection

TA0009

C2

TA0011

Exfil

TA0010

Impact

TA0040

Investigation Tools

AI Investigation Chat

Ask questions about any investigation in natural language with full context.

Campaign Discovery

Automatic cross-investigation correlation. Shared IOCs cluster into campaigns with unified timelines.

Triage Queue

Priority-ranked investigations. Work Critical and High first, with bulk actions.

Automated Reports

Forensic reports with evidence, findings, and MITRE mappings. Stakeholder-ready.

Risk Scoring

Clear answers — Malicious, Review, or Benign — with risk scores and severity ratings.

Boost Analysis

MFT re-parsing and full secondary analysis pass for maximum coverage.

SURGE
Forensic Report
Hostname DESKTOP-CORP-PC1
OS Windows 11
Date 2026-02-28
ID INV-2847
CRITICAL
Verdict Malicious
Severity 94%
Risk Score
94 /100

Executive Summary

An active compromise was identified on DESKTOP-CORP-PC1. Encoded PowerShell payloads were executed, credentials were dumped via Mimikatz, and data was staged for exfiltration over HTTPS. Immediate containment and credential rotation recommended.

Findings

Encoded PowerShell Execution Signal Succeeded
T1059.001 Execution
Mimikatz Credential Dumping Signal Succeeded
T1003.001 Credential Access
Data Exfiltration via HTTPS Signal Succeeded
T1041 Exfiltration

MITRE ATT&CK Coverage

ExecutionCredential AccessLateral MovementExfiltration

Timeline

14:23:07 PowerShell.exe spawned with -EncodedCommand flag
14:23:41 mimikatz.exe written to C:\Windows\Temp\
14:24:15 LSASS memory access detected (PID 672)
14:26:03 Large HTTPS POST to 185.234.xx.xx:443 (2.3 MB)
View Full Report

Collection & Coverage

Forensic Artifact Coverage

35 parsers across 7 categories · Windows, macOS beta, Linux beta

SURGE35 parsersExecution 4 parsers Persistence 6 parsers Lateral Move 4 parsers Credentials 3 parsers Browser 5 parsers Filesystem 5 parsers System Logs 8 parsers

Deep Parser Library

EVTX, MFT, registry, prefetch, amcache, SRUM, NTDS.dit, browsers, macOS unified logs, FSEvents, auditd, and more.

Collector Agent

Lightweight collector for Windows, macOS (beta), and Linux (beta). Or bring your own — KAPE, Velociraptor.

Scheduled Scans

Recurring forensic sweeps. Target hosts, groups, or compliance-tagged endpoints.

Malware Analysis

PE, ELF, and Mach-O analysis — disassembly, control flow graphs, behavioral scoring.

Compliance & Governance

Compliance Tagging

Tag endpoints by compliance framework — PCI-DSS, HIPAA, SOC 2, NIST. Filter by scope.

AI Agent Detection

Detect Claude, Copilot, Cursor, Windsurf, Aider on endpoints. Flag unapproved shadow AI.

Tenant Isolation

Encrypted, isolated storage per tenant. Your forensic data never crosses boundaries.

Integrations

REST API

Submit collections, retrieve results, manage endpoints. Scoped API keys.

Webhooks

Real-time notifications to your SIEM, SOAR, or ticketing system.

Contact Us