Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
surf-alerts | ✅ | ✅ | ✅ | surf_alerts | NDJSON | API | |
surf-applications | ✅ | ✅ | ✅ | surf_applications | NDJSON | API | |
surf-navigations | ✅ | ✅ | ✅ | surf_navigations | NDJSON | API | |
surf-audit-logs | ✅ | ✅ | ✅ | surf_audit_logs | NDJSON | API | |
surf-malware-logs | ✅ | ✅ | ✅ | surf_malware_logs | NDJSON | API |
Overview
Founded in London in 2022, SURF Security is a cybersecurity company dedicated to redefining secure access in the modern enterprise. As the browser becomes the primary interface for work — spanning SaaS applications, internal systems, and cloud platforms — SURF provides a purpose-built security layer at the point of access.
SURF is the creator of the world’s first Zero-Trust Enterprise Browser, alongside a complementary Zero-Trust Extension, both designed to secure and monitor browser activity in real time. These solutions are specifically engineered to address today’s evolving threat landscape — where hybrid work, third-party access, and browser-based attacks such as phishing and data exfiltration are increasingly prevalent.
The SURF product portfolio includes:
SURF Enterprise Browser – A standalone, zero-trust browser with built-in security, compliance, and visibility controls.
SURF Zero-Trust Extension – A lightweight deployment option for organizations seeking enhanced browser protection without replacing existing infrastructure.
SURF Deepwater Deepfake Detector – An AI-driven tool to identify and block synthetic media threats.
SURF’s solutions are trusted by CIOs, CISOs, IT leaders, compliance professionals, and data protection officers to:
Enforce policy and access controls at the browser level
Prevent data leakage and insider threats
Ensure compliance with global regulations such as GDPR, CCPA, and HIPAA
Provide real-time visibility into user activity across web applications
By transforming the browser into a centralized zero-trust security platform, SURF enables enterprises to reduce complexity, consolidate security tooling, and improve both risk posture and operational efficiency — without compromising the end-user experience.
Supported data types
Surf Alerts
Table name: surf_alerts
clients violations
Surf Applications
Table name: surf_applications
any access to SAAS applications (approved applications)
Surf Navigations
Table name: surf_navigations
clients navigation
Surf Audit Logs
Table name: surf_audit_logs
changes in policies done by admins
Surf Malware Logs
Table name: surf_malware_logs
malware links
Send data to Hunters
Hunters supports the collection of logs from Surf Security using API.
To connect Surf logs:
Generate API Key for Surf using their guide (Surf’s help center with API guide)
Clients of Surf must use their browser extension or browser and to be logged in, in order to access Surf’s admin console.
Complete the process on the Hunters platform, following this guide.
Expected format
Logs are expected in NDJSON format.
Surf Alerts
{"data":[{"id":"REDACTED_ID","groupId":"REDACTED_GROUP_ID","createdAt":"2025-06-26T12:24:36.745Z","updatedAt":"2025-06-26T13:04:37.733Z","deletedAt":null,"companyId":"REDACTED_COMPANY_ID","clientId":"REDACTED_CLIENT_ID","policy":"Phishing","restrictedResource":"REDACTED_RESOURCE","restrictedResourceName":null,"accessRequestReason":"REDACTED_REASON","help":true,"classificationName":"Credential protection","sourceIp":"","sourceExternalIp":"REDACTED_EXTERNAL_IP","deviceType":"desktop","deviceAgent":"browser","operatingSystem":"Windows 10.0","reviewedNote":null,"country":"FR","status":"New","accessRevocationDate":null,"client":{"login":"user@example.com","firstName":"REDACTED_FIRST","lastName":"REDACTED_LAST"}}],"total":1,"page":1,"limit":50}Surf Applications
{"data":[{"id":"REDACTED_ID","createdAt":"2025-04-22T16:02:01.711Z","updatedAt":"2025-06-30T16:08:14.552Z","deletedAt":null,"companyId":"REDACTED_COMPANY_ID","groupId":null,"domain":"docs.google.com","visitCount":6284,"client":{"login":"user@example.com","firstName":"REDACTED_FIRST","lastName":"REDACTED_LAST"}}],"total":1,"page":1,"limit":50}Surf Navigations
{"data":[{"id":"REDACTED_ID_1","createdAt":"2025-06-30T16:37:52.691Z","updatedAt":"2025-06-30T16:37:52.691Z","deletedAt":null,"companyId":"REDACTED_COMPANY_ID","groupId":"REDACTED_GROUP_ID","clientId":"REDACTED_CLIENT_ID","groupName":"REDACTED_GROUP_NAME","timestamp":"2025-06-30T18:34:12.000Z","active":true,"isMonitoring":false,"openTabs":"17","url":"REDACTED_URL_1","pendingUrl":"REDACTED_URL_1","domain":"github.com","dataLoaded":null,"dataReceived":null,"refresh":"914","error":null,"client":{"login":"user@example.com","firstName":"REDACTED_FIRST","lastName":"REDACTED_LAST"}}],"total":1,"page":1,"limit":50}Surf Audit Logs
{"data":[{"id":"REDACTED_ID_1","entityId":"REDACTED_ENTITY_ID_1","entityName":"Client","activityType":"Update","modifiedFields":["hasAccess"],"createdAt":"2025-06-30T16:13:01.721Z","ip":"REDACTED_IP_1","user":{},"group":{"name":"REDACTED_GROUP_NAME","alias":"REDACTED_GROUP_ALIAS"}}],"total":1,"page":1,"limit":50}Surf Malware Logs
{"data":[{"id":"event-001","groupId":"company-xyz","createdAt":"2025-07-01T08:26:02Z","updatedAt":"2025-07-01T12:59:43.476Z","deletedAt":null,"companyId":"eeeeeeee-ffff-1111-7777-22a2f5222222","url":"example1.com","blockedUrls":"177","blockedClients":[{"clientId":"client-abc","blockCount":59}],"blockedLinks":[{"url":"https://example-blocked1.com/path/to/resource","domain":"example-blocked1.com","category":"Ad Protection"}]}],"total":7,"page":1,"limit":50}