Features Integrations Use Cases Compare About Contact
Contact Us
Integrations

Connect Everything

SURGE plugs into the tools you already use. Collect from any source, analyze automatically, push results everywhere.

Integration Architecture

Your forensic analysis engine, connected to your stack

SURGEAutonomous Forensic AnalysisVelociraptorDFIR CollectionCrowdStrikeFalcon ForensicsCollectorSURGE AgentMCP / APIAI AgentsSplunkSIEM ExportJiraTicketsSlackAlertsSOARPlaybooksCOLLECTIONOUTPUT

AI-Native

Model Context Protocol

Run forensic investigations from Claude Code, Cursor, or any MCP-compatible AI agent. Upload collections, review findings, export reports, and override results — without leaving your terminal.

Setup — 3 lines
{
  "mcpServers": {
    "surge": {
      "command": "uvx",
      "args": ["surge-mcp"],
      "env": { "SURGE_API_KEY": "surge_k_..." }
    }
  }
}

Works with

Claude Code Cursor Windsurf Any MCP Client

Available on Professional and Enterprise plans. 28 tools including admin capabilities.

claude code — surge-mcp
connected
surge-mcp v1.0
28 tools available

Key Capabilities

Upload Collections

Submit forensic ZIPs from your IDE. Auto-selects direct or signed URL flow based on size.

Get Investigation

Retrieve full investigation details — findings, MITRE mappings, timeline, evidence chain, and risk scoring.

Boost Analysis

Trigger deep-dive mode with MFT re-parsing and a full secondary analysis pass.

Find Related IOCs

Cross-reference indicators across all your investigations. Surface campaign patterns.

Export Reports & Sigma

Download forensic reports or export Sigma detection rules for your SIEM.

Collaborate

Add comments, override results with analyst judgment, review activity feeds.

Collect From Anywhere

SURGE analyzes forensic collections from any source. Use our collector, connect your DFIR tools, or upload via API.

Live

SURGE Collector

Lightweight Rust binary for Windows, macOS (beta), and Linux (beta). Collects forensic artifacts and ships directly to SURGE for analysis.

Coming Soon

Velociraptor

Connect your Velociraptor server to SURGE. Trigger artifact collections from VR, auto-upload to SURGE for AI analysis.

Coming Soon

CrowdStrike

Upload Falcon Forensics collections directly to SURGE for autonomous analysis with MITRE ATT&CK mapping and structured verdicts.

Coming Soon

SentinelOne

Deploy the SURGE collector to SentinelOne-managed endpoints via RemoteOps. Leverage your existing EDR for forensic collection at scale.

Automate Your Workflow

REST API

Professional+

Full programmatic access to everything the UI can do. Scoped API keys with granular read/write permissions.

curl -H "X-API-Key: surge_k_..." \
  https://app.surge.security/api/investigations \
  -d '{"collection_url": "s3://..."}'

Webhooks

Professional+

Push investigation events to your systems in real-time. Configurable per event type with retry logic.

{
  "event": "investigation.completed",
  "verdict": "malicious",
  "severity": "critical",
  "findings_count": 3,
  "mitre_techniques": ["T1003.001", "T1021.002"]
}

Slack Notifications

All plans

Real-time alerts when investigations complete, threats are detected, or billing events occur. Channel routing by event type.

Export to Your Stack

Push investigation results, IOCs, and detection rules directly into your existing security tools.

These integrations are on our near-term roadmap.

Planned

Splunk

Export findings, IOCs, and timeline events to Splunk for correlation with your existing detection rules.

Planned

Microsoft Sentinel

Push investigation results and threat indicators to Sentinel for unified SOC visibility.

Planned

Jira / ServiceNow

Auto-create incident tickets from signal findings with full forensic context and MITRE mappings.

Planned

SOAR Platforms

Trigger investigations from Tines, Torq, or XSOAR playbooks. Push results back to close the automation loop.

Request an Integration
Contact Us