Surveyor
    • 17 Jul 2025
    • 1 Minute to read
    • PDF

    Surveyor

    • PDF

    Article summary

    Surveyor is an open source Python utility created by Red Canary to query Endpoint Detection and Response (EDR) products and summarize the results. Security and IT teams can use Surveyor to baseline their environments and identify abnormal activity. The development history of Surveyor is described in this blog post.

    Endpoint Analysis

    Surveyor uses both definition files and pre-built queries to run environment searches and provide insights into what applications or activities exist within an enterprise, who is using them, and how.

    Surveyor currently supports the following EDR platforms:

    • Cortex XDR

    • Microsoft Defender for Endpoint

    • SentinelOne (including PowerQuery support)

    • Carbon Black EDR

    • Carbon Black Cloud Enterprise EDR

    • CrowdStrike Falcon

    • Linux EDR (Canary Forwarder)

    Getting Started

    For instructions on how to install and use Surveyor, see the Getting Started page in the Surveyor Github repository.

    Contribute to Surveyor

    We encourage and welcome your contributions to Surveyor. For more information, see the Contributing to Surveyor page.


    Was this article helpful?

    What's Next
    Changing your password will log you out immediately. Use the new password to log back in.
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.