5 min read

RunReveal is now in Open Beta

Detection without the headache. Make RunReveal your company's first security tool.

Starting today, anyone can use RunReveal.

We built RunReveal because every company wants to be secure, but the security monitoring tools that exist require a sophisticated team of security experts to operate and enormous budgets to purchase. We believe a team of one should be able to overhaul a company's security, compliance, and detection capabilities but they need fast tools that are easy to set up to do it.

All companies need to collect their security logs, store them, and use them for investigations after a compromise. RunReveal helps you collect, query, visualize, and alert on those logs. We give you the power of splunk or elasticsearch but in an easy to use self-service form-factor. RunReveal is free to get started and ingest up to 20GB per month, $200 for your first 100GB of logs, and can support ingesting datasets of any size with our enterprise tier. To make this possible we totally rethought the architecture of how security big-data systems work and starting today the RunReveal product is available.

Explore your logs 5 minutes from right now.

Search is one of the most important technically challenging aspects of any logging platform. Practitioners need to be able to answer questions using their logs and get those answers fast.

The RunReveal search interface is SQL but also supports generating that SQL on the fly using an LLM. Together, this query interface makes exploring your logs no different than chatting to a friendly robot.

Even the most complicated queries run quickly with the RunReveal search interface. We provide you with complex queries that can be useful for detecting the attacks you need to know about when your RunReveal account is created. There's no limit to the queries you can write yourself, but the queries we give you are more than enough for a baseline in coverage.

There is no need to worry about partitioning your data, scalability concerns, or costly Athena queries blowing up your AWS bill for the month. Your security logs don't have to be locked away because they are too difficult to access or too expensive to query.

Any visualization you want

RunReveal is providing all customers with our free Grafana plugin and pre-built threat monitoring dashboards. This plugin is open source and freely available in the official grafana plugin marketplace. With this plugin it's possible to build any kind of custom visualization out of your security logs. In the Grafana Cloud offering, getting started with the plugin is as easy to clicking "Install", and pasting your authentication token.

When we've spoken to dozens of practitioners and we heard three big things about visualizations. First, customers want to know that their data is flowing properly and be able to see sudden increases, decreases, or problems. Finding out your security logging is broken while you're midway through an audit is not a fun situation to be in, and we want help you prevent that.

Second, people want meaningful security dashboards. We want to provide you with visualizations that you can instantly tell something is wrong when you look at it. Whether it's a new country that someone suddenly started logging in from, or a large increase in login failures that tell you an attack is ongoing. There's a lot of attacks that are difficult to detect when looking at individual events, but easy to spot once you zoom out and can see patterns or can see the data represented on a map.

Last, nobody wanted to be limited in the kinds of dashboards they can see. Because of this we thought it was important to integrate with the best open-source tools we could find so we wouldn't be blocking our customers from visualizing whatever they wanted to.

Write detections in any syntax

As part of our beta we're providing users the ability to write detections in python, but other next few months we'll be adding support for other syntaxes, like Sigma, to provide the standard interfaces our customers expect, along with super flexible interfaces our customers can customize.

With our existing python interface, writing a detection rule is as simple as writing writing a python function and returning True or False.

from runreveal import deep_get

def trigger(event):
    eventName = deep_get(event, "log", "eventName")
    return eventName in [

We save the results of every trigger that returns true and we make it accessible through the search interface and when visualizing data in grafana. We plan to use the trigger history to help customers write alerts based on anomalies in their data, rather than binary True or False results.

RunReveal executes our customer's python functions safely in a WebAssembly runtime environment. Using WebAssembly is what allows us to easily extend the runtime and provide all of the syntaxes that our customers expect.

Not everyone wants to write customer triggers, though. With each type of security log you onboard to out platform we provide out of the box a set of high fidelity open source alerts to give you a baseline in coverage for the sources we support.

RunReveal is available today

We’ve worked hard over the past five months to get the basics of our platform into a good state so we can support customers at all price-points and data-volumes.

Over the next few months we have a few goals:

  • Help our new and existing customers get more secure! If you need help, please reach out to us at contact@runreveal.com!
  • Providing Sigma rules as an alerting interface, and a world class developer interface for managing resources within our platform.
  • Rapidly adding support for more log sources and formats, along with a baseline of alerts. Today we support AWS, GCP, GSuite, ALB logs, and custom formats using transforms. We want our customers to get instant value from the sources we support and we're prioritizing major service providers like Cloudflare, Okta, Azure, and Github.

Today, we believe that RunReveal is the most compelling security data platform that provides the best value to money. We are disrupting the way that every company approaches security and hope you're interested in trying it out. You can get started today, join our brand new community discord, and if you'd like a demo then stop by our contact page to schedule one.