RunReveal Glossary
A glossary of terms used throughout the RunReveal platform, documentation, and terms related to security logs and detections.
AlertsDetection queries that have executed and triggered notifications to configured channels
API TokenAPI Tokens are used to authenticate with the RunReveal API when you are not logged in as a specific user. They are associated with the workspace they were created in and not any particular user.
ArtifactsSelf-contained pieces of content referenced throughout AI chat conversations
AWS BedrockAmazon's managed service for building AI applications with foundation models from various providers
BYOC (Bring Your Own Cloud)Deployment model allowing customers to run RunReveal infrastructure in their own cloud environment
CategoriesTags used for organizing and grouping detection queries
ChatGPT (OpenAI)Conversational AI model developed by OpenAI, available for integration with RunReveal's AI chat features
Claude (Anthropic)AI assistant developed by Anthropic, available for integration with RunReveal's Native AI Chat functionality
ClickHouseOpen-source columnar database management system used by RunReveal for log storage and analytics
Custom DetectionsUser-created detection rules with custom SQL queries (as opposed to managed detections)
Custom PromptsUser-defined instructions and context for customizing AI assistant behavior and responses in Native AI Chat
Data ModelRunReveal's normalized schema structure for standardizing log data across all sources
Data TypesClassification system for different kinds of data fields including strings, numbers, timestamps, and booleans used in log processing
DestinationsObject storage services and managed platforms for data backup and external usage
Detection as CodeGit-based workflows for version-controlling, managing, and deploying detection rules
DetectionsScheduled queries that execute automatically to identify security threats and anomalies
EnrichmentsProcess of augmenting log events with supplemental data using pattern matching and external sources
FilteringFeature for dropping or excluding logs based on regex patterns before ingestion
FlagsBoolean configuration options and feature toggles used to control system behavior and enable specific functionality
GCS (Google Cloud Storage)Google's object storage service used for log ingestion and data storage
Gemini (Google)Google's family of large language models available for integration with RunReveal's AI-powered features
Health ChecksAutomated monitoring of data source volume and connectivity every 15 minutes
JSONJavaScript Object Notation, a lightweight data-interchange format commonly used for log data and API communication
Logs APIRESTful API endpoint for programmatically querying and retrieving log data
Managed DetectionsPre-built, out-of-the-box detection rules that are read-only and maintained by RunReveal
MCP (Model Context Protocol)Protocol standard for connecting AI assistants and language models to RunReveal data and services
MITRE ATT&CKGlobally accessible knowledge base and framework for categorizing adversary tactics and techniques
Native AI ChatBuilt-in AI investigation agent for analyzing security data through conversational queries
Normalized SchemaStandardized data format and field structure applied consistently across all log sources
Notification ChannelsConfigured destinations for alert delivery including Email, Slack, PagerDuty, Jira, Webhooks, and Tines
Notification TemplatesCustomizable message formats for alert content and styling
Object StorageCloud storage services including AWS S3, Azure Blob Storage, Google Cloud Storage, and Cloudflare R2 for log ingestion
ParametersDynamic variables passed to detection queries at execution time for customization
PipelinesSequence of data processors for transforming, parsing, and normalizing log data
PollingSource ingestion method that uses API calls on a 60-second timer to collect data
PQL (Pipeline Query Language)RunReveal's domain-specific query language as an alternative to SQL for data queries
ProcessorsIndividual components within pipelines that perform specific data transformation tasks such as parsing, filtering, and enrichment
rawLogDatabase field containing the original, unparsed log data as received from the source
RBAC (Role-Based Access Control)Permission and access management system for controlling user capabilities in RunReveal
receivedAtCritical timestamp field indicating when log data was received and ingested by RunReveal
RegexRegular expressions used for pattern matching and text processing in log parsing, filtering, and enrichment operations
ReportsAutomated daily insights and summaries about security environment activity and trends
revealdRunReveal's command-line interface and daemon for local log processing and analysis
RRQ (RunReveal Query)Query execution engine specifically designed for BYOC (Bring Your Own Cloud) environments
RRSCH (RunReveal Scheduler)Detection scheduling and execution component for BYOC (Bring Your Own Cloud) deployments
RulesConditional logic and criteria for enrichment processes that add data to log events
S3 (Simple Storage Service)Amazon Web Services object storage service commonly used for log data ingestion
Schedule TypesConfiguration options that determine when and how frequently detections execute
scheduled_query_runsDatabase table containing historical records of detection execution and results
SeverityClassification levels for detection importance including low, medium, high, and critical
Sigma StreamingReal-time detection capability using the open-source Sigma rule format for threat detection
SigmaLiteOpen-source library developed by RunReveal for parsing and processing Sigma detection rules
SignalsDetection results and findings that have no notification channels configured for alerting
SOAR (Security Orchestration, Automation and Response)Integration capability for automated security response and workflow orchestration
Source TypesPredefined categories of log sources such as CloudTrail, Okta, GitHub, Slack, and others
SourcesData collection integrations and connectors from various security tools, cloud services, and business applications
SQL (Structured Query Language)Standard programming language for managing and querying relational databases, supported by RunReveal
StreamingReal-time data processing and analysis capability for immediate threat detection
TransformsData processing pipeline that converts raw log formats into RunReveal's normalized schema
WebhookHTTP-based source ingestion method using unique URLs for real-time event forwarding
WorkspaceOrganizational unit that groups sources, detections, users, and configurations together