Comment on page
What is RunReveal
Welcome to RunReveal's documentation website
RunReveal is a security data platform designed to make understanding your environment a breeze. Our goal is to take any company's security data and logs, instantly turn them into actionable insights, and provide the tools to build your own detailed detection and alerting rules.
The main concepts that our customers need to be familiar with.
Places we read data from. There are two types of sources, generic sources and native sources.
- Native sources are data types and integrations we support natively within our platform.
- Generic sources are just blobs of arbitrary data that you parse within RunReveal, that a native source does not exist for. Generic sources exist so you can still make use of data that our platform does not yet natively support.
Functions that you write that parse generic source data. These functions are written in python and return a
Normalizeddictionary that we store in the
All transforms are written in python and there is currently no maximum to the number of transforms that can be uploaded.
Functions that you write that can be useful for alerting. If a trigger function returns
truethe log is saved to an additional table of logs that alerted, and all attached notification channels are informed that the trigger returned true.
All triggers are written in python and there is currently no maximum to the number of triggers that can be uploaded.
RunReveal integrations that inform you when something happens based on the result of a trigger function. If a trigger returns true, all of the notification channels directly attached to that trigger are forwarded the event.
Today we support three notification types:
All of the data that RunReveal collects is searchable. The RunReveal CLI exposes the
We support a few types of querying.
- REPL -- quickly and iteratively query your logs in a CLI loop
- Named Queries -- You can create a complex query, save it, and run it by name.