Skip to content
crafted signal
Login

Documentation

Everything you need to install, configure, and run CraftedSignal.

Getting Started

Getting Started

Install CraftedSignal (SaaS or self-hosted), connect your SIEM, import or create detection rules, and deploy your first rule in minutes with csctl.

Configuration

Complete YAML configuration reference for CraftedSignal covering HTTP, storage, security, Temporal, AI, email, logging, and production hardening options.

CLI Reference

Full reference for csctl, the CraftedSignal CLI. Covers commands for init, validate, push, pull, sync, diff, library management, and CI/CD integration.

Pricing & Limits

Compare CraftedSignal pricing tiers: Free, Professional, Enterprise, and Unlimited. See rule limits, SIEM connections, API quotas, and self-hosted licensing.

Core Concepts

Rules

How detection rules are structured in CraftedSignal: metadata, MITRE ATT&CK mapping, multi-platform implementations, lifecycle states, versioning, and dependencies.

Testing

Test detection rules with positive, negative, and enrichment tests run against your live SIEM. Covers validation, CI/CD pipelines, and continuous monitoring.

Deployment & Rollback

Deploy detection rules to Splunk, Sentinel, CrowdStrike, and Rapid7 with approval workflows, dry-run previews, atomic rollback, and drift detection.

Health & Analytics

Monitor detection health with MITRE ATT&CK coverage heatmaps, noise budgets, signal-to-noise ratios, team workload metrics, MTTR, and ROI tracking dashboards.

Features

AI Assistance

AI-assisted detection engineering: rule generation, translation linting, health insights, and autofix. Self-hosted via Ollama with full data privacy and human approval.

Secure Detection Workflows

Secure detection workflows with mandatory validation, automated SIEM testing, approval gates, atomic rollback, drift detection, and breakglass emergency procedures.

Administration

Roles & Permissions

Role-based access control with Admin, User, and Viewer roles. Covers separation of duties, permission matrix, SSO/OIDC, passkey MFA, and instance claiming.

Integrations

API Reference

CraftedSignal REST API reference for CI/CD integration: lint, test, deploy, rollback, approval workflows, health metrics, and rate limits by pricing tier.

Platform Guides

Platform integration guides for Splunk (SPL), Microsoft Sentinel (KQL), CrowdStrike (IOA), and Rapid7 InsightIDR (LEQL) with setup, credentials, and multi-SIEM deployment.

Security

Security & Compliance

CraftedSignal security architecture: data boundaries, AES-256 encryption with per-tenant keys, audit logging, SSO/MFA, and compliance with SOC 2, NIS2, and GDPR.