Surveyor is an open source Python utility created by Red Canary to query Endpoint Detection and Response (EDR) products and summarize the results. Security and IT teams can use Surveyor to baseline their environments and identify abnormal activity. The development history of Surveyor is described in this blog post.
Endpoint Analysis
Surveyor uses both definition files and pre-built queries to run environment searches and provide insights into what applications or activities exist within an enterprise, who is using them, and how.
Surveyor currently supports the following EDR platforms:
Cortex XDR
Microsoft Defender for Endpoint
SentinelOne (including PowerQuery support)
Carbon Black EDR
Carbon Black Cloud Enterprise EDR
CrowdStrike Falcon
Linux EDR (Canary Forwarder)
Getting Started
For instructions on how to install and use Surveyor, see the Getting Started page in the Surveyor Github repository.
Contribute to Surveyor
We encourage and welcome your contributions to Surveyor. For more information, see the Contributing to Surveyor page.