RunReveal Glossary
A glossary of terms used throughout the RunReveal platform, documentation, and terms related to security logs and detections.
Agent SchedulesScheduled AI agent tasks that run automatically at configured intervals to perform security analysis and generate reports
AlertsDetection queries that have executed and triggered notifications to configured channels
API TokenAPI Tokens are used to authenticate with the RunReveal API when you are not logged in as a specific user. They are associated with the workspace they were created in and not any particular user.
ArtifactsSelf-contained pieces of content referenced throughout AI chat conversations
AWS BedrockAmazon's managed service for building AI applications with foundation models from various providers
BackfillProcess of ingesting historical log data from object storage that was collected before connecting to RunReveal
BYOC (Bring Your Own Cloud)Deployment model allowing customers to run RunReveal infrastructure in their own cloud environment
CategoriesTags used for organizing and grouping detection queries
ChatGPT (OpenAI)Conversational AI model developed by OpenAI, available for integration with RunReveal's AI chat features
Claude (Anthropic)AI assistant developed by Anthropic, available for integration with RunReveal's Native AI Chat functionality
ClickHouseOpen-source columnar database management system used by RunReveal for log storage and analytics
Custom DetectionsUser-created detection rules with custom SQL queries (as opposed to managed detections)
Custom PromptsUser-defined instructions and context for customizing AI assistant behavior and responses in Native AI Chat
Dashboard LayoutsCustomizable arrangements of graphs and panels for visualizing security data and metrics
Data ModelRunReveal's normalized schema structure for standardizing log data across all sources
Data TypesClassification system for different kinds of data fields including strings, numbers, timestamps, and booleans used in log processing
DestinationsObject storage services and managed platforms for data backup and external usage
Detection as CodeGit-based workflows for version-controlling, managing, and deploying detection rules
DetectionsScheduled queries that execute automatically to identify security threats and anomalies
DiscordChat platform integration for receiving detection alerts and notifications via webhook
EnrichmentsProcess of augmenting log events with supplemental data using pattern matching and external sources
ExploreInteractive interface for querying logs with SQL, PQL, or natural language, featuring time range selection and result visualization
FilteringFeature for dropping or excluding logs based on regex patterns before ingestion
FlagsBoolean configuration options and feature toggles used to control system behavior and enable specific functionality
GCS (Google Cloud Storage)Google's object storage service used for log ingestion and data storage
Gemini (Google)Google's family of large language models available for integration with RunReveal's AI-powered features
Google ChatGoogle's team messaging platform integration for receiving detection alerts and notifications via webhook
GraphsVisual representations of query results displayed as charts, time series, bar graphs, or other visualization types
Health ChecksAutomated monitoring of data source volume and connectivity every 15 minutes
InvestigationsSecurity investigation workflow for tracking and documenting incident analysis, including artifacts, status, and collaboration
JSONJavaScript Object Notation, a lightweight data-interchange format commonly used for log data and API communication
LinearProject management platform integration for automatically creating issues when detections trigger
Logs APIRESTful API endpoint for programmatically querying and retrieving log data
Managed DetectionsPre-built, out-of-the-box detection rules that are read-only and maintained by RunReveal
MCP (Model Context Protocol)Protocol standard for connecting AI assistants and language models to RunReveal data and services
MITRE ATT&CKGlobally accessible knowledge base and framework for categorizing adversary tactics and techniques
Native AI ChatBuilt-in AI investigation agent for analyzing security data through conversational queries
Normalized SchemaStandardized data format and field structure applied consistently across all log sources
Notification ChannelsConfigured destinations for alert delivery including Email, Slack, PagerDuty, Jira, Webhooks, and Tines
Notification TemplatesCustomizable message formats for alert content and styling
Object StorageCloud storage services including AWS S3, Azure Blob Storage, Google Cloud Storage, and Cloudflare R2 for log ingestion
OrganizationTop-level administrative entity that contains workspaces, manages billing, and controls SSO settings
PacksPre-built collections of detection rules organized by source type or security use case
ParametersDynamic variables passed to detection queries at execution time for customization
PipelinesSequence of data processors for transforming, parsing, and normalizing log data
PollingSource ingestion method that uses API calls on a 60-second timer to collect data
PQL (Pipeline Query Language)RunReveal's domain-specific query language as an alternative to SQL for data queries
ProcessorsIndividual components within pipelines that perform specific data transformation tasks such as parsing, filtering, and enrichment
Query HistoryRecord of previously executed queries including SQL, PQL, and AI-generated queries with their results and execution times
rawLogDatabase field containing the original, unparsed log data as received from the source
RBAC (Role-Based Access Control)Permission and access management system for controlling user capabilities in RunReveal
receivedAtCritical timestamp field indicating when log data was received and ingested by RunReveal
RegexRegular expressions used for pattern matching and text processing in log parsing, filtering, and enrichment operations
ReportsAutomated daily insights and summaries about security environment activity and trends
revealdRunReveal's command-line interface and daemon for local log processing and analysis
Risk ScoreNumeric value from 0-100 indicating the potential impact or severity of a detection finding
RRQ (RunReveal Query)Query execution engine specifically designed for BYOC (Bring Your Own Cloud) environments
RRSCH (RunReveal Scheduler)Detection scheduling and execution component for BYOC (Bring Your Own Cloud) deployments
RulesConditional logic and criteria for enrichment processes that add data to log events
S3 (Simple Storage Service)Amazon Web Services object storage service commonly used for log data ingestion
Saved QueriesStored and reusable SQL queries that can be quickly accessed and executed from the Explore interface
Schedule TypesConfiguration options that determine when and how frequently detections execute
scheduled_query_runsDatabase table containing historical records of detection execution and results
SeverityClassification levels for detection importance including low, medium, high, and critical
Sigma StreamingReal-time detection capability using the open-source Sigma rule format for threat detection
SigmaLiteOpen-source library developed by RunReveal for parsing and processing Sigma detection rules
SignalsDetection results and findings that have no notification channels configured for alerting
SilencingTemporarily muting detections or health checks for a specified duration to prevent alert fatigue during maintenance or known issues
SOAR (Security Orchestration, Automation and Response)Integration capability for automated security response and workflow orchestration
Source TypesPredefined categories of log sources such as CloudTrail, Okta, GitHub, Slack, and others
SourcesData collection integrations and connectors from various security tools, cloud services, and business applications
SQL (Structured Query Language)Standard programming language for managing and querying relational databases, supported by RunReveal
SSO (Single Sign-On)Enterprise authentication method allowing users to access RunReveal using their organization's identity provider
StreamingReal-time data processing and analysis capability for immediate threat detection
SubscriptionsConfiguration linking managed detections to notification channels with customizable templates
TransformsData processing pipeline that converts raw log formats into RunReveal's normalized schema
WebhookHTTP-based source ingestion method using unique URLs for real-time event forwarding
WorkspaceOrganizational unit that groups sources, detections, users, and configurations together