Surf

Prev Next
Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

TL;DR

Supported data types

3rd party detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

surf-alerts

surf_alerts

NDJSON

API

surf-applications

surf_applications

NDJSON

API

surf-navigations

surf_navigations

NDJSON

API

surf-audit-logs

surf_audit_logs

NDJSON

API

surf-malware-logs

surf_malware_logs

NDJSON

API


Overview

Founded in London in 2022, SURF Security is a cybersecurity company dedicated to redefining secure access in the modern enterprise. As the browser becomes the primary interface for work — spanning SaaS applications, internal systems, and cloud platforms — SURF provides a purpose-built security layer at the point of access.

SURF is the creator of the world’s first Zero-Trust Enterprise Browser, alongside a complementary Zero-Trust Extension, both designed to secure and monitor browser activity in real time. These solutions are specifically engineered to address today’s evolving threat landscape — where hybrid work, third-party access, and browser-based attacks such as phishing and data exfiltration are increasingly prevalent.

The SURF product portfolio includes:

  • SURF Enterprise Browser – A standalone, zero-trust browser with built-in security, compliance, and visibility controls.

  • SURF Zero-Trust Extension – A lightweight deployment option for organizations seeking enhanced browser protection without replacing existing infrastructure.

  • SURF Deepwater Deepfake Detector – An AI-driven tool to identify and block synthetic media threats.

SURF’s solutions are trusted by CIOs, CISOs, IT leaders, compliance professionals, and data protection officers to:

  • Enforce policy and access controls at the browser level

  • Prevent data leakage and insider threats

  • Ensure compliance with global regulations such as GDPR, CCPA, and HIPAA

  • Provide real-time visibility into user activity across web applications

By transforming the browser into a centralized zero-trust security platform, SURF enables enterprises to reduce complexity, consolidate security tooling, and improve both risk posture and operational efficiency — without compromising the end-user experience.

Supported data types

Surf Alerts

Table name: surf_alerts

clients violations

Surf Applications

Table name: surf_applications

any access to SAAS applications (approved applications)

Surf Navigations

Table name: surf_navigations

clients navigation

Surf Audit Logs

Table name: surf_audit_logs

changes in policies done by admins

Surf Malware Logs

Table name: surf_malware_logs

malware links

Send data to Hunters

Hunters supports the collection of logs from Surf Security using API.

To connect Surf logs:

  1. Generate API Key for Surf using their guide (Surf’s help center with API guide)

  2. Clients of Surf must use their browser extension or browser and to be logged in, in order to access Surf’s admin console.

  3. Complete the process on the Hunters platform, following this guide.

Expected format

Logs are expected in NDJSON format.

Surf Alerts

{"data":[{"id":"REDACTED_ID","groupId":"REDACTED_GROUP_ID","createdAt":"2025-06-26T12:24:36.745Z","updatedAt":"2025-06-26T13:04:37.733Z","deletedAt":null,"companyId":"REDACTED_COMPANY_ID","clientId":"REDACTED_CLIENT_ID","policy":"Phishing","restrictedResource":"REDACTED_RESOURCE","restrictedResourceName":null,"accessRequestReason":"REDACTED_REASON","help":true,"classificationName":"Credential protection","sourceIp":"","sourceExternalIp":"REDACTED_EXTERNAL_IP","deviceType":"desktop","deviceAgent":"browser","operatingSystem":"Windows 10.0","reviewedNote":null,"country":"FR","status":"New","accessRevocationDate":null,"client":{"login":"user@example.com","firstName":"REDACTED_FIRST","lastName":"REDACTED_LAST"}}],"total":1,"page":1,"limit":50}

Surf Applications

{"data":[{"id":"REDACTED_ID","createdAt":"2025-04-22T16:02:01.711Z","updatedAt":"2025-06-30T16:08:14.552Z","deletedAt":null,"companyId":"REDACTED_COMPANY_ID","groupId":null,"domain":"docs.google.com","visitCount":6284,"client":{"login":"user@example.com","firstName":"REDACTED_FIRST","lastName":"REDACTED_LAST"}}],"total":1,"page":1,"limit":50}

Surf Navigations

{"data":[{"id":"REDACTED_ID_1","createdAt":"2025-06-30T16:37:52.691Z","updatedAt":"2025-06-30T16:37:52.691Z","deletedAt":null,"companyId":"REDACTED_COMPANY_ID","groupId":"REDACTED_GROUP_ID","clientId":"REDACTED_CLIENT_ID","groupName":"REDACTED_GROUP_NAME","timestamp":"2025-06-30T18:34:12.000Z","active":true,"isMonitoring":false,"openTabs":"17","url":"REDACTED_URL_1","pendingUrl":"REDACTED_URL_1","domain":"github.com","dataLoaded":null,"dataReceived":null,"refresh":"914","error":null,"client":{"login":"user@example.com","firstName":"REDACTED_FIRST","lastName":"REDACTED_LAST"}}],"total":1,"page":1,"limit":50}

Surf Audit Logs

{"data":[{"id":"REDACTED_ID_1","entityId":"REDACTED_ENTITY_ID_1","entityName":"Client","activityType":"Update","modifiedFields":["hasAccess"],"createdAt":"2025-06-30T16:13:01.721Z","ip":"REDACTED_IP_1","user":{},"group":{"name":"REDACTED_GROUP_NAME","alias":"REDACTED_GROUP_ALIAS"}}],"total":1,"page":1,"limit":50}

Surf Malware Logs

{"data":[{"id":"event-001","groupId":"company-xyz","createdAt":"2025-07-01T08:26:02Z","updatedAt":"2025-07-01T12:59:43.476Z","deletedAt":null,"companyId":"eeeeeeee-ffff-1111-7777-22a2f5222222","url":"example1.com","blockedUrls":"177","blockedClients":[{"clientId":"client-abc","blockCount":59}],"blockedLinks":[{"url":"https://example-blocked1.com/path/to/resource","domain":"example-blocked1.com","category":"Ad Protection"}]}],"total":7,"page":1,"limit":50}