Features Integrations Use Cases Compare About Contact
Contact Us
Use Cases

Every Team Has a Use Case

SOC analysts, incident responders, MSSPs, compliance teams, and CISOs — all on the same platform.

SOC Investigations Incident Response MSSPs & Consultants Continuous Assurance AI Agent Governance Executive Visibility
SOC Investigations
Tier 1-3 Analysts

From alert to answer before shift change.

An alert fires. Your analyst uploads the endpoint collection. SURGE deploys AI agents that parse artifacts, reconstruct timelines, and deliver a forensic answer — before shift change. No escalation backlogs. No waiting on senior analysts.

SURGE investigation queue showing priority-ranked investigations with severity and status

Priority-ranked triage queue — work Critical and High cases first

MITRE ATT&CK technique mapping with risk scoring

AI chat to interrogate findings in natural language

Full investigation before shift change

Incident Response
IR Teams

Your IR team focuses on containment. SURGE handles the forensics.

When an incident hits, every minute counts. Upload collections from affected endpoints and get automated timeline reconstruction, attack chain analysis, and campaign correlation. Containment decisions backed by evidence.

SURGE investigation detail showing clustered findings, timeline analysis, and MITRE ATT&CK coverage
Without SURGE
Raw artifact output
01evtx: Security/4688 — powershell.exe -enc SQBFAHgA...
02reg: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost = C:\Users\Public\svc.exe
03prefetch: PSEXEC.EXE-AD70946C.pf — run_count:3 last:2026-02-28T03:12:44Z
04evtx: System/7045 — Service "WinSvc" installed (C:\Temp\payload.dll)
05mft: $SI 2026-02-28T02:58:11 C:\Users\admin\AppData\Local\Temp\mimikatz.exe
06srum: C:\Windows\System32\svchost.exe — network_bytes_sent: 2,847,291
07amcache: SHA256=a1b2c3d4... C:\ProgramData\update.exe first_run:2026-02-28T01:30:00
08browser: chrome history — hxxps://pastebin[.]com/raw/x9k2m — 2026-02-28T01:15:22Z
09evtx: Security/4624 — LogonType:10 user:admin src:10.0.0.45 — 2026-02-28T02:44:18Z
10shellbags: C:\Users\admin\Desktop\exfil — last_accessed:2026-02-28T03:28:00Z
With SURGE
Reconstructed timeline
01:15
T1204 User accessed staging URL via Chrome
01:30
T1059.001 Encoded PowerShell payload executed
02:44
T1021.001 RDP lateral movement from 10.0.0.45
02:58
T1003.001 Mimikatz credential dumping detected
03:12
T1570 PsExec remote execution across hosts
03:28
T1041 Data staging and exfiltration via HTTPS
Critical Result: Malicious
Score: 94/100

Automated timeline reconstruction across every artifact type

Campaign discovery — correlate IOCs across multiple endpoints

Forensic reports ready for stakeholders and incident response

Clear answers with risk scoring and severity ratings

MSSPs & Consultants
Service Providers

Serve more clients without hiring more analysts.

Multi-tenant architecture with isolated, encrypted storage per client. Run forensic sweeps across your client base and deliver professional reports — without scaling headcount.

Strict multi-tenant isolation — client data never crosses boundaries

White-label forensic reports with your branding

REST API and webhooks for SOAR/SIEM integration

Team plans with role-based access for analysts and managers

Continuous Assurance
Security Operations

Verify your endpoints are clean. Continuously.

Schedule recurring forensic scans on critical systems. Tag endpoints by compliance framework, detect drift over time, and generate audit-ready evidence.

Scheduled scans with cron support — automate your forensic cadence

Tag endpoints by compliance scope — PCI-DSS, HIPAA, SOC 2, NIST

Drift detection — flag changes between scan intervals

Audit-ready evidence and investigation history

AI Agent Governance
Security & Compliance

Know exactly which AI agents are running on your endpoints.

SURGE detects AI agent activity at the host level — Claude, Copilot, Cursor, Windsurf, Aider. Distinguish approved tools from shadow AI and govern adoption before it becomes a risk.

AI Agent Inventory
fleet-wide scan

GitHub Copilot

v1.234.0

Approved

Claude Code

v1.0.16

Approved

Cursor

v0.45.6

Approved

ChatGPT CLI / Codex

v0.1.2

Shadow AI

Windsurf

v1.2.1

Shadow AI
?

Aider

v0.64.1

Under Review
6 agents detected · 3 approved · 2 shadow AI · 1 under review Action Required

Session Distribution

1,349 total sessions across 47 endpoints Full history

97.7%

Approved

2.3%

Shadow AI

4

Endpoints

Policy violation: ChatGPT CLI on 3 dev workstations

Detects Claude, Copilot, Cursor, Windsurf, Aider, and more

Distinguish approved agents from shadow AI across your fleet

Alerting on unapproved agent activity with configurable severity

Session artifact recovery — see what agents actually did

Executive Visibility
CISOs & Leadership

See your risk posture. Not a wall of alerts.

SURGE gives security leaders what they actually need — answers, not noise. Fleet-wide risk posture, MITRE ATT&CK coverage gaps, and investigation trends. Know which endpoints are clean and where your blind spots are — at a glance.

SURGE dashboard showing fleet-wide risk breakdown, MITRE ATT&CK coverage, and investigation metrics

Fleet-wide risk breakdown with trend analysis

MITRE ATT&CK coverage heatmap — see where you're exposed

Investigation volume and trends over time

Compliance posture across frameworks and endpoint groups

Learn more

Contact Us