RunReveal FAQ

Find answers to common questions about RunReveal, including setup, integrations, pricing, security, and platform features.

RunReveal Overview

What is RunReveal?

RunReveal is the modern security data platform reimagining traditional SIEM by combining data collection, threat detection, investigation, and AI-powered analysis in one unified platform.

What kind of companies use RunReveal?

RunReveal is designed for businesses of all sizes, from startups to enterprises. It's particularly valuable for security teams that are overwhelmed by data from multiple cloud services, experiencing too many false positives, or finding traditional SIEMs too complex or expensive.

Our (pretty amazing) customers include security teams from Cloudflare, Harvey, AngelList, Weights & Biases, and more.

Who on my team should use RunReveal?

RunReveal is specifically designed for security engineers, heads of security/security leadership, and SOC analysts who need to detect, investigate, and respond to threats efficiently.

What tools does RunReveal replace?

RunReveal can replace a variety of existing security tooling, such as existing SIEM, routing, and AI SOC solutions. Because RunReveal unifies security engineering tooling into one tool, teams can store, route, filter, enrich, normalize, query, detect, and use AI to investigate security log data directly in the RunReveal platform.

The RunReveal team can also help with migrating existing detections into the RunReveal platform.

How is RunReveal different from traditional SIEM solutions?

Unlike legacy SIEMs, RunReveal was built from the ground up for modern cloud environments. It offers faster unified tooling (no more need to buy Splunk + Cribl + an AI SOC....) search performance, transparent pricing, fewer false positives through correlated alerting, and native AI integration for investigations.

What are RunReveal's core capabilities?

RunReveal's platform provides log collection and enrichment and normalization, high-speed search, automated threat detection with correlated alerting, detections-as-code, AI-powered chat for investigations, data visualization and dashboards.

Does RunReveal support detections-as-code?

Yes, RunReveal supports detections-as-code written in SQL. RunReveal also offers migration support to move existing detections to RunReveal.

How does RunReveal's pricing work?

RunReveal uses a transparent, predictable pricing model based on two main factors: data volume ingestion and deployment option. This approach eliminates the complex licensing fees, per-user costs, and hidden charges common in traditional SIEM solutions. To see more about our pricing, please visit our Pricing page.

How is RunReveal different from Panther?

RunReveal offers a truly unified platform that combines data collection and management, detection, investigation, AI chat, and visualization in one seamless experience, while Panther focuses primarily on detection-as-code with Python rules and requires additonal tools for comprehensive security operations. RunReveal's modern infrastructure delivers blazing-fast search performance and native AI integration that cuts investigation time from hours to seconds, compared to Panther's AWS Lambda-based architecture that still requires manual coding for most detection scenarios.

How is RunReveal different from Splunk?

RunReveal gives you everything you need in one simple platform—AI-powered investigations, lightning-fast search, and modern infrastructure that just works out of the box. Splunk requires you to piece together multiple tools and manually normalize the data before you get any value from it at all. In addition, RunReveal's straightforward pricing model and built-in data filtering enables our customers to have enterprise-grade SIEM without enterprise-grade SIEM costs.

How is RunReveal different from Elastic?

RunReveal delivers a unified platform combining data collection, detection, AI-powered investigation, and visualization in one seamless experience, while Elastic requires assembling multiple siloed components (Elasticsearch, Logstash, Kibana, Beats) and manual dashboard configuration, and ongoing laborious index maintenance to keep search times reasonable. RunReveal's modern ClickHouse infrastructure provides ridiculously fast performance with native AI chat that cuts investigation time from hours to minutes (or even seconds!), compared to Elastic's complex multi-component architecture that demands significant expertise to operate effectively.

Pricing

How does RunReveal's pricing work?

Is there a free trial available?

Yes, RunReveal offers a minimum 2-week free trial for teams wanting to try out the product. Please reach out to our team here to learn more about the trial and getting started.

What's included in the free tier?

With RunReveal's free tier provides 20GB of monthly log ingestion, full platform access, 5 source integrations, and 30-day data retention. Simply sign up and begin connecting your data sources to get started.

How does RunReveal's pricing compare to traditional SIEMs?

RunReveal's transparent, usage-based pricing eliminates the complex licensing, per-user fees, and hidden costs common in traditional SIEM solutions, making it significantly more cost-effective solution for most organizations.

Deployment & Security

What kind of deployment options does RunReveal offer?

RunReveal offers a SaaS, bring-your-own-database, and bring-your-own-cloud deployment options:

1. SaaS: Fully cloud-hosted, enterprise grade solution.
2. Bring-Your-Own-Database: The RunReveal SaaS platform can function on top of a database that you're in control of. We support ClickHouse and make the setup a breeze.
3. Bring-Your-Own-Cloud: Deploy RunReveal in your own VPC for unmatched security, compliance, scale, and efficiency. Pay for only the resources you use with the ease of a cloud provider.

To learn more about these options, please visit our pricing page or Security page.

Does RunReveal offer an on-premise deployment option?

RunReveal is very flexible in terms of how and where we can deploy. From the fully managed SaaS offering that you can instantly onboard without having to talk to our (admittedly lovely) sales team, to self-hosted on-premises bare metal deployment, we can do that!

How does RunReveal ensure data security?

All data is encrypted at rest and in transit. Sensitive authentication tokens are additionally encrypted at the application layer. All RunReveal employees must use yubikeys and two factor authentication for accessing services. We log every access to databases and make those audit logs available to customers. See our security center for more details.

How quickly can RunReveal be deployed?

RunReveal can deployed in minutes for RunReveal Cloud or under a day for other deployment modes! We pride ourselves on making the deployment and integration process simple, so your team can start driving immediate value and insight from the platform.

What kind of compliance and certifications does RunReveal have?

RunReveal offers compliance and certification that all security teams can love. RunReveal is SOC 2 Type 2 certified, GDPR and CCPA compliant, and offers many enterprise-grade security features (e.g., SSO, RBAC, multiple deployment options). To learn more about RunReveal's security certifications and processes, please check out our Security page.

Does RunReveal offer SSO and RBAC?

Yes, RunReveal offers both Single Sign On (SSO) and Role-Based Access Control (RBAC).

Integrations

Which integrations does RunReveal offer?

Please see the list of current integration support here.

What if I don't see an integration I need?

The team is adding new integrations and sources *daily*; simply reach out to our team here, or fill out the Integration Request form on this page, and our team will be in touch with you.

AI

How does RunReveal integrate AI into security operations?

RunReveal's AI capabilities include native AI chat and a Remote MCP Server to enable natural language investigation and automated detection creation.

What is RunReveal's MCP Server?

RunReveal supports a Remote Model Context Protocol (MCP) Server to enable AI-powered investigations and detection management, enabling you to resolve incidents with speed and detail using context-aware AI chat.

Can I use my own AI models with RunReveal?

Yes, RunReveal's AI Chat feature allows you to integrate your own LLM API keys, supporting various AI model providers including Claude, ChatGPT, and other compatible systems through the MCP protocol.

How does AI improve threat detection in RunReveal?

RunReveal's integrated AI agent cuts log analysis time from hours to seconds by automatically surfacing critical insights and accelerating investigation workflows, helping security teams focus on real threats instead of getting overwhelmed by noise. The RunReveal AI chat also supports managing detections directly through natural language chat.

Trying RunReveal

How can I get started with RunReveal?

For folks that just want to get started, you can start immediately with RunReveal's free tier, which provides 20GB of monthly log ingestion and full platform access. Simply sign up and begin connecting your data sources.

For larger teams or for folks who just want to learn more about what RunReveal can offer, we recommend reaching out to our team to learn more about the RunReveal platform and identify which deployment options is best for your data volume and security requirements.

What does trialing RunReveal typically look like?

A typical trial with RunReveal looks like the following:

1. An initial meeting with the RunReveal team to walk through the platform and your team's needs
2. A 14-day trial period: Connecting sources, adding detections, leveraging pipelines, and utilizing AI chat—all of which our team helps enables
3. A shared Slack channel with our team to troubleshoot any problems and answer any questions

Can I migrate my existing SIEM data to RunReveal?

Yes, RunReveal can help with data migration from existing SIEM solutions. The platform's flexible ingestion capabilities and account team can assist with transition planning and execution.

What kind of onboarding and training is available?

RunReveal offers comprehensive documentation, hands-on support during setup, and guidance on best practices for detection engineering and security operations from our seasonsed internal security practitioners.

Learn more about RunReveal

Developer Blog

Read about security engineering news and best practices

Docs

Complete guides for setup, detection rules, integrations, and advanced features

Case Studies

Learn how customers are achieving results at scale

One Platform. All Your Security Data.
Complete Control.

LinkedIn X (Twitter)Discord GitHub

Get Started

Book a Demo
Sign-Up

Resources

Blog
Docs
Changelog

Pricing
Customers

Product

Security Data Lake
Data Monitoring
Data Normalization & Enrichment
Investigations
AI Investigations
Pipelines

Legal & Privacy

Company

About Us
CareersWe're hiring!
Contact
Media