Revelstoke Upgrades SOAR Platform With Augmented Automation, Case Management, and User Interface Capabilities

Unified data layer enables continuous platform updates.

November 17, 2022

3 Min Read


Santa Clara, CA, November 17, 2022 — Revelstoke, the next-level Security Orchestration Automation and Response (SOAR) platform, today announces several new product upgrades to include sub-workflow, case management, and indicators of compromise (IOC) automation.

Revelstoke offers Chief Information Security Officers (CISOs) and security analysts the only SOAR solution built on a unified data layer (UDL). Revelstoke automates analysis, eliminates software development needs, optimizes workflows, prevents vendor lock, scales processes, and quickly and effectively allows analysts to get to the root of incidents.

New Revelstoke capabilities include:

Sub-Workflow Replication

Sub-workflows allow analysts to create a repeatable process that can be reused across multiple workflows. For example, if there is a common account lockdown procedure across numerous account types, a sub-workflow allows this functionality to be created once and used in multiple locations. Revelstoke users can containerize reusable objects, saving time and allowing analysts to focus more on mission-critical issues and threats.

Without an automated sub-workflow, analysts must build a workflow every time they repeat a task manually, and organizations cannot create and manage repeatable processes across the board.

Case Management Console

The new Case Management console builds on Revelstoke’s unique case management offerings. The console allows at-a-glance access to all active cases, including functional quick search, pagination, and sorting. Analysts can now view data simply instead of searching through pages and pages of case number listings. In addition, analysts get single-view access to the status of cases to determine those which need attention and those that are remedied.

IOC Database Initiation

Revelstoke now allows analysts to search the entire UDL data store for common entities between cases and incidents. As alerts flow into cases, analysts can discover cases that are similar or have similar indicators. This represents the first step toward a robust IOC database, allowing SOC analysts to search across cases for common IOCs and build correlations.

“The capabilities of Revelstoke’s unique UDL powers a platform that can be upgraded and augmented to meet the evolving needs of Security Operations Centers,” said Josh McCarthy, Revelstoke Co-Founder, and Chief Product Officer. “We continually focus on ensuring that our customers have access to SOAR automation capabilities not offered by any other platform.”

Additional user interface capabilities include:

· Streamlined Dashboard

  • Consolidated Workflow Interface

  • Integration Management Console

· New User Preferences including Light and Dark Mode


Multi-tenancy allows for Managed Security Service Providers (MSSPs), Managed, Detection and Responders (MDRs), and large multi-national enterprise customers to segregate, but still centrally manage individual customers or business units from one "parent" account. This allows the parent to push down workflows to all the other tenants as well as offer a birds-eye view of the entire environment while allowing the individual “child tenants” to manage their own environments and not see each other's data. This is made even more powerful by the UDL which pushes down workflows from the parent to seamlessly adapt to any technology stack.

For more details on platform enhancements, please visit:

About Revelstoke

Revelstoke is the only next-generation Security Orchestration, Automation, and Response (SOAR) solution built on a Unified Data Layer that offers no-code automation and low-code customization. Revelstoke empowers CISOs and security analysts to automate analysis, eliminate software development needs, optimize workflows, prevent vendor lock, scale processes, and secure the enterprise. For more information, get on board at

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights