Login
        Contents x
        Surveyor
        • 17 Jul 2025
        • 1 Minute to read
        • PDF
        Contents

        Surveyor

        • Updated on 17 Jul 2025
        • 1 Minute to read
        • PDF
        Article summary

        Surveyor is an open source Python utility created by Red Canary to query Endpoint Detection and Response (EDR) products and summarize the results. Security and IT teams can use Surveyor to baseline their environments and identify abnormal activity. The development history of Surveyor is described in this blog post.

        Endpoint Analysis

        Surveyor uses both definition files and pre-built queries to run environment searches and provide insights into what applications or activities exist within an enterprise, who is using them, and how.

        Surveyor currently supports the following EDR platforms:

        • Cortex XDR

        • Microsoft Defender for Endpoint

        • SentinelOne (including PowerQuery support)

        • Carbon Black EDR

        • Carbon Black Cloud Enterprise EDR

        • CrowdStrike Falcon

        • Linux EDR (Canary Forwarder)

        Getting Started

        For instructions on how to install and use Surveyor, see the Getting Started page in the Surveyor Github repository.

        Contribute to Surveyor

        We encourage and welcome your contributions to Surveyor. For more information, see the Contributing to Surveyor page.

        Was this article helpful?
        What's Next
        Change password!
        Changing your password will log you out immediately. Use the new password to log back in.
        Change profile
        Success!
        First name must have atleast 2 characters. Numbers and special characters are not allowed.
        Last name must have atleast 1 characters. Numbers and special characters are not allowed.
        Enter a valid email
        Enter a valid password
        Your profile has been successfully updated.
        Logout