# CHAD Documentation ## Docs - [Get Alert](https://docs.chad.terrifiedbug.com/api-reference/alerts/get.md): Retrieve a single alert with full context - [List Alerts](https://docs.chad.terrifiedbug.com/api-reference/alerts/list.md): Retrieve a paginated list of alerts - [Update Alert Status](https://docs.chad.terrifiedbug.com/api-reference/alerts/update-status.md): Update an alert's status - [Authentication](https://docs.chad.terrifiedbug.com/api-reference/authentication.md): API authentication methods - [API Overview](https://docs.chad.terrifiedbug.com/api-reference/overview.md): Introduction to the CHAD REST API - [Create Rule](https://docs.chad.terrifiedbug.com/api-reference/rules/create.md): Create a new detection rule - [Delete Rule](https://docs.chad.terrifiedbug.com/api-reference/rules/delete.md): Delete a rule permanently - [Deploy Rule](https://docs.chad.terrifiedbug.com/api-reference/rules/deploy.md): Deploy a rule to start detecting - [Get Rule](https://docs.chad.terrifiedbug.com/api-reference/rules/get.md): Retrieve a single rule by ID - [List Rules](https://docs.chad.terrifiedbug.com/api-reference/rules/list.md): Retrieve a paginated list of rules - [Test Rule](https://docs.chad.terrifiedbug.com/api-reference/rules/test.md): Test a rule against sample logs - [Update Rule](https://docs.chad.terrifiedbug.com/api-reference/rules/update.md): Update an existing rule - [Architecture](https://docs.chad.terrifiedbug.com/architecture.md): How CHAD works under the hood - [Alert Investigation](https://docs.chad.terrifiedbug.com/guide/alerts.md): Triaging and investigating security alerts - [API Keys](https://docs.chad.terrifiedbug.com/guide/api-keys.md): Create API keys for programmatic access - [MITRE ATT&CK Coverage](https://docs.chad.terrifiedbug.com/guide/attack-coverage.md): Visualize detection coverage across the ATT&CK framework - [Audit Log](https://docs.chad.terrifiedbug.com/guide/audit-log.md): Track all user actions for compliance and investigation - [Correlation Rules](https://docs.chad.terrifiedbug.com/guide/correlation-rules.md): Detect complex attack patterns by correlating multiple detections - [Dashboard](https://docs.chad.terrifiedbug.com/guide/dashboard.md): Understanding the CHAD dashboard - [Deployment](https://docs.chad.terrifiedbug.com/guide/deployment.md): Production deployment best practices - [Environment Variables](https://docs.chad.terrifiedbug.com/guide/environment-variables.md): Complete configuration reference - [Exception Rules](https://docs.chad.terrifiedbug.com/guide/exceptions.md): Tune out false positives without disabling detections - [Field Mappings](https://docs.chad.terrifiedbug.com/guide/field-mappings.md): Translate Sigma fields to your log schema - [Health Monitoring](https://docs.chad.terrifiedbug.com/guide/health-monitoring.md): Monitor system and index health with configurable thresholds - [Index Patterns](https://docs.chad.terrifiedbug.com/guide/index-patterns.md): Configure log sources for detection - [Jira Integration](https://docs.chad.terrifiedbug.com/guide/jira.md): Automatically create Jira tickets for security alerts - [Notifications](https://docs.chad.terrifiedbug.com/guide/notifications.md): Configure alert notifications via webhooks - [OpenSearch Configuration](https://docs.chad.terrifiedbug.com/guide/opensearch.md): Connecting CHAD to your OpenSearch cluster - [Rule Management](https://docs.chad.terrifiedbug.com/guide/rules.md): Creating, editing, and deploying Sigma rules - [SigmaHQ Integration](https://docs.chad.terrifiedbug.com/guide/sigmahq.md): Import detection rules from the official SigmaHQ repository - [Threat Intelligence](https://docs.chad.terrifiedbug.com/guide/threat-intelligence.md): Enrich alerts with threat intelligence from multiple sources - [Threshold Alerting](https://docs.chad.terrifiedbug.com/guide/threshold-alerting.md): Count-based detections for high-volume events - [User Management](https://docs.chad.terrifiedbug.com/guide/users.md): Create and manage user accounts with role-based access - [Introduction](https://docs.chad.terrifiedbug.com/introduction.md): CHAD - Cyber Hunting And Detection platform for Sigma rule management - [Quick Start](https://docs.chad.terrifiedbug.com/quickstart.md): Get CHAD running in 5 minutes ## OpenAPI Specs - [openapi](https://docs.chad.terrifiedbug.com/api-reference/openapi.json) ## Optional - [GitHub](https://github.com/terrifiedbug/chad)