Monitoring your third party SaaS at the speed of MCP

A deep-dive into RunReveal's internal process to monitor third-party tools and risk with the RunReveal MCP Server.

News Featured

Introducing RunReveal Pipelines Beta

Announcing Pipelines to build custom data pipelines to route, filter, match, detect, transform, and enrich security logs for better threat detection and insights directly in the RunReveal platform.

What we're looking forward to at BSidesSF

BSidesSF 2025 is just around the corner with an impressive lineup of talks. From AI threat modeling to service mesh implementation, our team has curated just some of the great talks for practitioners.

Featured

How We Built the RunReveal MCP Server

Learn how RunReveal built a custom MCP server while leveraging ClickHouse for faster security investigations and detection management.

3 security blogs and podcasts to follow in 2025

A roundup of three essential security resources for 2025: Detection Engineering Collective for tactical threat detection advice, tl;dr sec newsletter for curated security news and trends, and the Google Cloud Security Podcast for insights from industry leaders and Google experts.

News

Security Operations with RunReveal's MCP Server

Last Thursday, we released a RunReveal Model Context Protocol Server. We knew it had the potential to be good, but we didn't anticipate that it would be this good. Since we released it we received numerous customer success stories, so we wanted to share some real-world experiences from

News

Introducing a RunReveal Model Context Protocol Server!

Starting today all RunReveal customers can use our Model Context Protocol (MCP) server to explore their log data with the full power of their LLMs and MCP clients! This integration represents a significant advancement in how security teams can leverage AI capabilities while maintaining strict data security standards and investigate

News

Why RunReveal helps companies detect threats with their Okta logs for free

If you're an Okta customer then it's safe to assume that Okta is a critical application of yours. For a lot of companies it is the single portal that their employees use to access all work applications, and it enforces some of the most foundational security

News

Introducing Automatic Enrichments. Rewriting logs with the latest threat feed data.

Today we're excited to announce automatic enrichments and we're making them available to all RunReveal customers. Automatic enrichments are your security team's easy button for contextualizing your logs with managed enrichment rulesets. Today we're launching an IP threat intel enrichment and an

News

There's a problem with SIEM. Why Johnny Can't Detect.

SIEM is hot right now! Cisco acquired Splunk. Exabeam and LogRhythm merged. Palo Alto acquired QRadar from IBM. That's a lot of action given SIEM is a mature market. There's just one big problem... nearly everyone is still unhappy with their SIEM. Alert fatigue, months long

News

Introducing Sigmalite. RunReveal's open source sigma rule evaluator for detection

Today RunReveal is announcing support for sigma detections directly in RunReveal, and releasing an open-source sigma rule evaluator called sigmalite.

News

We shipped SSO support in a day, how?

Last week, RunReveal shipped Single Sign-On support with the help of SSOReady.com! 🎉 It took us less than 8 hours from project kick-off to working in production, which is faster than I get a load of laundry done and folded much of the time. While that's impressive for

News

Introducing RunReveal Enrichments because every log needs a little more context

Today we're announcing custom enrichments and providing the functionality to RunReveal customers. Enriching your logs with additional information is one of the simplest and most effective methods to make each log more meaningful. RunReveal is now providing this functionality through a full featured API to our customers. Your

News

Introducing RunReveal Blob Destinations Beta. Your security logs when you need them.

Today, we're excited to release blob storage destinations to all pro and enterprise tier RunReveal customers. Our customers can now easily collect logs from different log sources, use those logs for detection and threat hunting purposes, and stream those logs to low cost blob storage for long-term retention.

News

Introducing Detection as Code Beta Support in RunReveal

Today we're announcing that RunReveal fully supports detection as code and it's available in beta for all RunReveal customers immediately. RunReveal's detection as code implementation is built as a first-class feature of our product because Detection as Code is an important step towards maturing

News Featured

RunReveal announces $2.5M fundraise to reinvent SIEM

When we started RunReveal last year, we quickly realized that every security team was struggling with their security data and logs. Today we're announcing that we raised $2.5 million to fix the problem, led by Costanoa Ventures. We've made a lot of progress towards our

News

Introducing Correlated Alerting. A new method of detection that optimizes for high signal alerts

Today RunReveal is announcing the beta release of correlated alerting, a new security alerting technique that is running for all customers today and is designed to deliver significantly higher signal for cloud detection and SIEM use cases. Current stream processing techniques and log query languages are really bad at searching

News

CVE-2024-22412 - Behind the bug, a classic caching problem in the ClickHouse query cache

In December we reported a Bypass of Role Based Authentication in ClickHouse's open source product, versions v23.1 and earlier. We worked with ClickHouse to report and disclose the bug, and the issue was disclosed March 18th as CVE-2024-22412. This bug is a classic product security problem. All

News

Announcing RunReveal Destinations, your security data streamed to where you want it.

Today RunReveal is announcing RunReveal Destinations. Since starting RunReveal we've met dozens of security teams and many of them are writing and maintaining integrations with "point-solutions" just to collect their logs and store them somewhere for a rainy day. RunReveal wants to help security teams make

News Featured

Introducing pql, a pipelined query language that compiles to SQL (written in Go).

Today we're open-sourcing pql under the Apache 2.0 license and announcing that all RunReveal customers can use pql to query their logs. We built pql because the major security vendors use proprietary languages as a source of vendor lock-in and there were no open-source alternatives. pql is

OWASP? O'Please. A secure design pattern for RBAC authorization in Go.

This week at RunReveal we shipped Role Based Access Control for Users and API Token access! 🎉 We're really happy with how it turned out so we thought we'd share part 1 of the implementation. Access controls are an essential security building block for nearly every multi-user

News

Introducing RunReveal Search, the fastest way to explore logs

Today RunReveal is releasing a more friendly way to search your logs that we're calling the Explore view. With this new interface you'll be able to search you logs faster by not having to recall all the pesky details of that SQL command or some other

Why We picked ClickHouse As Our Primary Data Platform

This blog is a repost of the guest contribution we made to ClickHouse's blog. If you have opinions about data warehousing, throw them out and try ClickHouse. It will reshape how you think about what's possible. When I first read about ClickHouse back in 2016, I

News

RunReveal supports Jupyter Notebooks

RunReveal customers can now access their security data using Jupyter Notebooks. Supporting this feature is possible because of our open platform and API design. We plan to natively support more integrations in the future because we want security teams to have their data accessible using the tools that work best

News

Introducing Detection of Tor Exit Nodes

Today we’re announcing Tor exit node detection across all RunReveal log sources. This is available for all of our customers immediately, including our free tier, and is enabled by default. The Tor exit node detection is available under the "Detections" tab and can be fully customized or