Create a detection authoring draft - Cotool Documentation

cURL

curl -X POST "https://app.cotool.ai/api/detection-authoring/drafts" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"chatId":"string","proposalId":"string","platform":"panther"}'

{
  "chatId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "organizationId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "platform": "<string>",
  "name": "<string>",
  "description": "<string>",
  "query": "<string>",
  "mitreTechniqueIds": [
    "<string>"
  ],
  "mitreTechniqueNames": [
    "<string>"
  ],
  "dataSourcesRequired": [
    "<string>"
  ],
  "createdAt": "<string>",
  "updatedAt": "<string>",
  "proposalId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "reasoning": "<string>",
  "prUrl": "<string>",
  "deployedAt": "<string>",
  "sourceStatus": "proposed",
  "sourcePrUrl": "<string>",
  "sourcePublishedAt": "<string>",
  "isUnmodifiedFromSource": true
}

POST

api

detection-authoring

drafts

cURL

curl -X POST "https://app.cotool.ai/api/detection-authoring/drafts" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"chatId":"string","proposalId":"string","platform":"panther"}'

{
  "chatId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "organizationId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "platform": "<string>",
  "name": "<string>",
  "description": "<string>",
  "query": "<string>",
  "mitreTechniqueIds": [
    "<string>"
  ],
  "mitreTechniqueNames": [
    "<string>"
  ],
  "dataSourcesRequired": [
    "<string>"
  ],
  "createdAt": "<string>",
  "updatedAt": "<string>",
  "proposalId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "reasoning": "<string>",
  "prUrl": "<string>",
  "deployedAt": "<string>",
  "sourceStatus": "proposed",
  "sourcePrUrl": "<string>",
  "sourcePublishedAt": "<string>",
  "isUnmodifiedFromSource": true
}

Authorizations

Authorization

string

header

required

API Key authentication for programmatic access. Include your API key in the Authorization header as: Bearer your_api_key_here

Body

application/json

chatId

string<uuid>

required

Chat ID for this draft session

proposalId

string<uuid>

ID of the proposal to create a draft from (omit for blank drafts)

platform

enum<string>

Platform for blank drafts (required when proposalId is omitted)

Available options:

panther,

sublime,

scanner,

datadog,

splunk,

sentinelone,

elastic,

sumologic,

runreveal

Response

200 - application/json

Successful response

chatId

string<uuid>

required

organizationId

string<uuid>

required

platform

string

required

name

string

required

description

string

required

query

string

required

mitreTechniqueIds

string[]

required

mitreTechniqueNames

string[]

required

dataSourcesRequired

string[]

required

createdAt

string

required

updatedAt

string

required

proposalId

string<uuid>

reasoning

string

prUrl

string<uri>

deployedAt

string

sourceStatus

enum<string>

Available options:

proposed,

validated,

validation_failed,

published,

pr_created,

merged,

rejected,

dismissed

sourcePrUrl

string<uri>

sourcePublishedAt

string

isUnmodifiedFromSource

boolean

Smart deploy detection to native platform (SSE)

Get a detection authoring draft

⌘I

Endpoints

Authorizations

Body

Response