# Calseta

## Docs

- [Delete Agent](https://docs.calseta.com/api-reference/agents/delete.md)
- [Get Agent](https://docs.calseta.com/api-reference/agents/get.md)
- [List Agents](https://docs.calseta.com/api-reference/agents/list.md)
- [Register Agent](https://docs.calseta.com/api-reference/agents/register.md)
- [Test Agent Webhook](https://docs.calseta.com/api-reference/agents/test.md)
- [Update Agent](https://docs.calseta.com/api-reference/agents/update.md)
- [Alert Activity](https://docs.calseta.com/api-reference/alerts/activity.md)
- [Add Indicators](https://docs.calseta.com/api-reference/alerts/add-indicators.md): Add one or more indicators to an alert.
- [Alert Context](https://docs.calseta.com/api-reference/alerts/context.md): Return all applicable context documents for an alert.
- [Delete Alert](https://docs.calseta.com/api-reference/alerts/delete.md)
- [Dispatch Agent](https://docs.calseta.com/api-reference/alerts/dispatch-agent.md): Dispatch an alert to a specific registered agent.
- [Enrich Alert](https://docs.calseta.com/api-reference/alerts/enrich.md): Re-trigger the enrichment pipeline for an alert.
- [Ingest Alert (Generic)](https://docs.calseta.com/api-reference/alerts/generic-ingest.md): Programmatic alert ingest — skips webhook signature verification.
- [Get Alert](https://docs.calseta.com/api-reference/alerts/get.md)
- [Ingest Alert (Webhook)](https://docs.calseta.com/api-reference/alerts/ingest.md): Receive a webhook from a configured alert source.
- [List Alerts](https://docs.calseta.com/api-reference/alerts/list.md)
- [List Findings](https://docs.calseta.com/api-reference/alerts/list-findings.md): Return all agent findings for an alert, ordered by posted_at.
- [List Alert Indicators](https://docs.calseta.com/api-reference/alerts/list-indicators.md): Return all indicators linked to an alert.
- [Post Finding](https://docs.calseta.com/api-reference/alerts/post-finding.md)
- [Relationship Graph](https://docs.calseta.com/api-reference/alerts/relationship-graph.md): Return the alert-indicator relationship graph.
- [Trigger Agents](https://docs.calseta.com/api-reference/alerts/trigger-agents.md): Manually re-dispatch an alert to all matching registered agents.
- [Update Alert](https://docs.calseta.com/api-reference/alerts/update.md)
- [Create API Key](https://docs.calseta.com/api-reference/api-keys/create.md)
- [Delete API Key](https://docs.calseta.com/api-reference/api-keys/delete.md)
- [Get API Key](https://docs.calseta.com/api-reference/api-keys/get.md)
- [List API Keys](https://docs.calseta.com/api-reference/api-keys/list.md)
- [Update API Key](https://docs.calseta.com/api-reference/api-keys/update.md)
- [Create Context Document](https://docs.calseta.com/api-reference/context-documents/create.md): Create a context document.
- [Delete Context Document](https://docs.calseta.com/api-reference/context-documents/delete.md)
- [Get Context Document](https://docs.calseta.com/api-reference/context-documents/get.md)
- [List Context Documents](https://docs.calseta.com/api-reference/context-documents/list.md)
- [Update Context Document](https://docs.calseta.com/api-reference/context-documents/update.md)
- [Create Detection Rule](https://docs.calseta.com/api-reference/detection-rules/create.md)
- [Delete Detection Rule](https://docs.calseta.com/api-reference/detection-rules/delete.md)
- [Get Detection Rule](https://docs.calseta.com/api-reference/detection-rules/get.md)
- [List Detection Rules](https://docs.calseta.com/api-reference/detection-rules/list.md)
- [Update Detection Rule](https://docs.calseta.com/api-reference/detection-rules/update.md)
- [Bulk Create Field Extractions](https://docs.calseta.com/api-reference/enrichment-field-extractions/bulk-create.md)
- [Create Field Extraction](https://docs.calseta.com/api-reference/enrichment-field-extractions/create.md)
- [Delete Field Extraction](https://docs.calseta.com/api-reference/enrichment-field-extractions/delete.md)
- [Get Field Extraction](https://docs.calseta.com/api-reference/enrichment-field-extractions/get.md)
- [List Field Extractions](https://docs.calseta.com/api-reference/enrichment-field-extractions/list.md)
- [Update Field Extraction](https://docs.calseta.com/api-reference/enrichment-field-extractions/update.md)
- [Activate Enrichment Provider](https://docs.calseta.com/api-reference/enrichment-providers/activate.md)
- [Create Enrichment Provider](https://docs.calseta.com/api-reference/enrichment-providers/create.md)
- [Deactivate Enrichment Provider](https://docs.calseta.com/api-reference/enrichment-providers/deactivate.md)
- [Delete Enrichment Provider](https://docs.calseta.com/api-reference/enrichment-providers/delete.md)
- [Get Enrichment Provider](https://docs.calseta.com/api-reference/enrichment-providers/get.md)
- [List Enrichment Providers](https://docs.calseta.com/api-reference/enrichment-providers/list.md)
- [Test Enrichment Provider](https://docs.calseta.com/api-reference/enrichment-providers/test.md)
- [Update Enrichment Provider](https://docs.calseta.com/api-reference/enrichment-providers/update.md)
- [Enrich On-Demand](https://docs.calseta.com/api-reference/enrichment/enrich.md): Synchronously enrich an indicator against all configured providers.
- [List Enrichment Provider Status](https://docs.calseta.com/api-reference/enrichment/providers.md): Return all registered enrichment providers with their configuration status.
- [Create Indicator Mapping](https://docs.calseta.com/api-reference/indicator-mappings/create.md)
- [Delete Indicator Mapping](https://docs.calseta.com/api-reference/indicator-mappings/delete.md)
- [Get Indicator Mapping](https://docs.calseta.com/api-reference/indicator-mappings/get.md)
- [List Indicator Mappings](https://docs.calseta.com/api-reference/indicator-mappings/list.md)
- [Update Indicator Mapping](https://docs.calseta.com/api-reference/indicator-mappings/update.md)
- [Get Indicator](https://docs.calseta.com/api-reference/indicators/get.md): Return a single indicator with full enrichment data including raw provider responses. Used for the indicator detail sheet drill-down.
- [Update Indicator](https://docs.calseta.com/api-reference/indicators/update.md): Update an indicator's malice verdict.
- [Alert Metrics](https://docs.calseta.com/api-reference/metrics/alerts.md)
- [Metrics Summary](https://docs.calseta.com/api-reference/metrics/summary.md): Compact SOC health snapshot — always last 30 days. No time window parameters — window is fixed per PRD. Optimized for agent context injection (low token cost).
- [Workflow Metrics](https://docs.calseta.com/api-reference/metrics/workflows.md)
- [API Overview](https://docs.calseta.com/api-reference/overview.md): Base URL, authentication, request format, and response conventions.
- [Create Source](https://docs.calseta.com/api-reference/sources/create.md)
- [Delete Source](https://docs.calseta.com/api-reference/sources/delete.md)
- [Get Source](https://docs.calseta.com/api-reference/sources/get.md)
- [List Sources](https://docs.calseta.com/api-reference/sources/list.md)
- [Update Source](https://docs.calseta.com/api-reference/sources/update.md)
- [Approve Workflow](https://docs.calseta.com/api-reference/workflow-approvals/approve.md): Approve a pending workflow approval request.
- [Get Approval Request](https://docs.calseta.com/api-reference/workflow-approvals/get.md)
- [List Approval Requests](https://docs.calseta.com/api-reference/workflow-approvals/list.md): List workflow approval requests. Filterable by status and workflow_uuid.
- [Reject Workflow](https://docs.calseta.com/api-reference/workflow-approvals/reject.md): Reject a pending workflow approval request.
- [List All Workflow Runs](https://docs.calseta.com/api-reference/workflow-runs/list.md): List workflow runs across all workflows. Filterable by status and workflow_uuid.
- [Create Workflow](https://docs.calseta.com/api-reference/workflows/create.md)
- [Delete Workflow](https://docs.calseta.com/api-reference/workflows/delete.md)
- [Execute Workflow](https://docs.calseta.com/api-reference/workflows/execute.md): Enqueue a workflow for execution. Returns 202 Accepted immediately.
- [Generate Workflow](https://docs.calseta.com/api-reference/workflows/generate.md): Generate workflow Python code from a natural language description.
- [Get Workflow](https://docs.calseta.com/api-reference/workflows/get.md)
- [List Workflows](https://docs.calseta.com/api-reference/workflows/list.md)
- [List Workflow Runs](https://docs.calseta.com/api-reference/workflows/runs.md)
- [Test Workflow](https://docs.calseta.com/api-reference/workflows/test.md): Execute a workflow in a sandboxed test environment.
- [Update Workflow](https://docs.calseta.com/api-reference/workflows/update.md)
- [List Workflow Versions](https://docs.calseta.com/api-reference/workflows/versions.md): List saved code versions for a workflow, newest first.
- [Alert Schema](https://docs.calseta.com/concepts/alert-schema.md): The Calseta agent-native alert schema — every field, status, and lifecycle timestamp.
- [Authentication](https://docs.calseta.com/concepts/authentication.md): Create API keys and authenticate requests to the Calseta REST API and MCP server.
- [Context Documents](https://docs.calseta.com/concepts/context-documents.md): Upload runbooks, IR plans, and SOPs — and target them to specific alert types.
- [Detection Rules](https://docs.calseta.com/concepts/detection-rules.md): How Calseta manages detection rules and surfaces their documentation to agents.
- [Security](https://docs.calseta.com/concepts/security.md): Built-in security features that ship with every Calseta deployment.
- [Web UI](https://docs.calseta.com/concepts/ui.md): A web dashboard for managing alerts, configuring integrations, and monitoring your Calseta instance.
- [Workflows](https://docs.calseta.com/concepts/workflows.md): HTTP automation scripts that agents can discover and trigger to call external APIs on behalf of your SOC.
- [Adding Alert Sources](https://docs.calseta.com/contributing/adding-alert-sources.md): Step-by-step guide to building a custom alert source integration plugin.
- [Adding Enrichment Providers](https://docs.calseta.com/contributing/adding-enrichment-providers.md): Add custom enrichment providers without writing code — configure via API or database seed.
- [Community Integrations](https://docs.calseta.com/contributing/community-integrations.md): Contribute alert source plugins and enrichment providers to Calseta.
- [How It Works](https://docs.calseta.com/getting-started/how-it-works.md): The five-step pipeline: ingest, normalize, enrich, contextualize, dispatch.
- [Introduction](https://docs.calseta.com/getting-started/introduction.md): What Calseta is, what problem it solves, and who it is for.
- [Quickstart](https://docs.calseta.com/getting-started/quickstart.md): Get Calseta running locally in under 5 minutes
- [Local Development](https://docs.calseta.com/guides/local-development.md): Run the Calseta stack locally, debug with Dozzle, and troubleshoot common development issues.
- [Agent Webhooks](https://docs.calseta.com/integrations/agent-webhooks.md): Register AI agents, understand the webhook payload, and post findings back.
- [Elastic Security](https://docs.calseta.com/integrations/alert-sources/elastic.md): Forward alerts from Elastic Security to Calseta via webhook.
- [Generic Webhook](https://docs.calseta.com/integrations/alert-sources/generic-webhook.md): Send alerts from any source using the generic webhook format.
- [Microsoft Sentinel](https://docs.calseta.com/integrations/alert-sources/microsoft-sentinel.md): Forward alerts from Microsoft Sentinel to Calseta via webhook.
- [Alert Sources](https://docs.calseta.com/integrations/alert-sources/overview.md): Connect your SIEM or detection platform to Calseta.
- [Splunk](https://docs.calseta.com/integrations/alert-sources/splunk.md): Forward alerts from Splunk SIEM to Calseta via webhook alert actions.
- [AbuseIPDB](https://docs.calseta.com/integrations/enrichment/abuseipdb.md): Enrich IP addresses with abuse confidence scores using AbuseIPDB.
- [Custom Enrichment Sources](https://docs.calseta.com/integrations/enrichment/custom-sources.md): Use Logic Apps, Lambda functions, or any HTTP endpoint as a custom enrichment source.
- [Microsoft Entra ID](https://docs.calseta.com/integrations/enrichment/entra.md): Enrich user accounts with identity context from Microsoft Entra ID.
- [Okta](https://docs.calseta.com/integrations/enrichment/okta.md): Enrich user accounts with identity context from Okta.
- [Enrichment Overview](https://docs.calseta.com/integrations/enrichment/overview.md): How Calseta enriches indicators using configured providers.
- [VirusTotal](https://docs.calseta.com/integrations/enrichment/virustotal.md): Enrich IPs, domains, and file hashes using VirusTotal.
- [MCP Overview](https://docs.calseta.com/mcp-reference/overview.md): Calseta's MCP server exposes alerts, enrichment, and context data to AI agents via the Model Context Protocol.
- [Alerts](https://docs.calseta.com/mcp-reference/resources/alerts.md): MCP resources for reading alert data.
- [Context Documents](https://docs.calseta.com/mcp-reference/resources/context-documents.md): MCP resources for reading organizational context documents.
- [Detection Rules](https://docs.calseta.com/mcp-reference/resources/detection-rules.md): MCP resources for reading detection rule data.
- [Enrichments](https://docs.calseta.com/mcp-reference/resources/enrichments.md): MCP resource for indicator enrichment data
- [Metrics](https://docs.calseta.com/mcp-reference/resources/metrics.md): MCP resource for platform metrics.
- [Workflows](https://docs.calseta.com/mcp-reference/resources/workflows.md): MCP resources for workflow data
- [MCP Setup](https://docs.calseta.com/mcp-reference/setup.md): Configure the Calseta MCP server in Claude Desktop, Claude Code, Cursor, or any MCP client.
- [enrich_indicator](https://docs.calseta.com/mcp-reference/tools/enrich-indicator.md): MCP tool to trigger on-demand enrichment for an indicator.
- [execute_workflow](https://docs.calseta.com/mcp-reference/tools/execute-workflow.md): MCP tool to trigger workflow execution
- [post_alert_finding](https://docs.calseta.com/mcp-reference/tools/post-alert-finding.md): MCP tool to post an analysis finding for an alert.
- [search_alerts](https://docs.calseta.com/mcp-reference/tools/search-alerts.md): MCP tool to search and filter alerts.
- [search_detection_rules](https://docs.calseta.com/mcp-reference/tools/search-detection-rules.md): MCP tool to search detection rules
- [update_alert_status](https://docs.calseta.com/mcp-reference/tools/update-alert-status.md): MCP tool to update the triage status of an alert.
- [Deploy on AWS](https://docs.calseta.com/operations/deploy-aws.md): Deploy Calseta on AWS with Terraform — ECS Fargate, RDS PostgreSQL, ALB, and Secrets Manager.
- [Deploy on Azure](https://docs.calseta.com/operations/deploy-azure.md): Deploy Calseta on Azure with Terraform — Container Apps, Azure Database for PostgreSQL, and Key Vault.
- [Production Deployment](https://docs.calseta.com/operations/production-deployment.md): Cloud-agnostic guide to running Calseta in production — architecture, hardening, secrets, networking, observability, and environment variable reference.
- [Roadmap](https://docs.calseta.com/operations/roadmap.md): What's coming next for Calseta — planned features and future direction.
- [Self-Hosting](https://docs.calseta.com/operations/self-hosting.md): Deploy Calseta on your own infrastructure with Docker Compose.

## OpenAPI Specs

- [openapi](https://docs.calseta.com/openapi.json)

## Optional

- [GitHub](https://github.com/calseta/calseta)
- [Contact](mailto:contact@calseta.com)