Frequently asked questions

About the product

What is RuleForge?

A platform for writing, validating, reviewing, and publishing Wazuh rules and decoders with quality. You work in the browser; content ships from here directly to your Git repository and then to Wazuh.

Do I need to install anything?

No. RuleForge runs in the browser.

Does the product support multiple organizations?

Yes. Each customer is a separate organization, with its own projects, members, integrations, and history.

Yes, via SSO with OIDC. It works with Google Workspace, Microsoft Entra ID, Okta, and other OIDC-compliant providers.

Can I automate account creation and deactivation?

Yes, via SCIM. Your identity provider becomes the source of truth.

Does SAML work?

SAML is available in preview. For production, use OIDC.

Collaboration

How do I request approval before publishing?

Use reviews. You open a review with the content, someone else evaluates it, and only then is the version published.

Can I block publishing if quality drops?

Yes. Configure quality criteria — for example, zero errors, minimum score, clean regression.

Can I see who published what?

Yes, on the audit screen.

Integrations

Can I connect my GitHub/GitLab/Gitea?

Yes. See Git repositories and pipelines.

Can I publish via pull request or merge request?

Yes. This is the recommended strategy for most companies.

Can RuleForge trigger my CI pipeline?

Yes, for GitHub Actions, GitLab CI, and Jenkins.

Can I get notifications on Slack/Teams/Jira?

Yes, via webhooks.

API usage

Can I use RuleForge via API?

Yes, on plans that include API access. Create an API key for the integration.

Does the product have API quotas?

Yes, by plan. The organization receives warnings when approaching the limit.

Other

Does RuleForge have a free plan?

Yes. The Free plan covers editor, validation, manual log test, test cases, and workspaces. See Billing and plans.

Where can I get help if I'm stuck?

First, check Common errors — we cover the most frequent issues. If it persists, send feedback directly from the platform.

About the product​

What is RuleForge?​

Do I need to install anything?​

Does the product support multiple organizations?​

Login and identity​

Can I use my company's login (SSO)?​

Can I automate account creation and deactivation?​

Does SAML work?​

Collaboration​

How do I request approval before publishing?​

Can I block publishing if quality drops?​

Can I see who published what?​

Integrations​

Can I connect my GitHub/GitLab/Gitea?​

Can I publish via pull request or merge request?​

Can RuleForge trigger my CI pipeline?​

Can I get notifications on Slack/Teams/Jira?​

API usage​

Can I use RuleForge via API?​

Does the product have API quotas?​

Other​

Does RuleForge have a free plan?​

Where can I get help if I'm stuck?​

Related links​