Execute a detection query - Cotool Documentation

cURL

curl -X POST "https://app.cotool.ai/api/detection-rules/execute-query" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"query":"string","platform":"string","timeRangeHours":0,"maxRows":0}'

{
  "success": true,
  "rows": 123,
  "executionTimeMs": 123,
  "results": [
    {}
  ],
  "bytesScanned": 123,
  "error": "<string>"
}

POST

api

detection-rules

execute-query

cURL

curl -X POST "https://app.cotool.ai/api/detection-rules/execute-query" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"query":"string","platform":"string","timeRangeHours":0,"maxRows":0}'

{
  "success": true,
  "rows": 123,
  "executionTimeMs": 123,
  "results": [
    {}
  ],
  "bytesScanned": 123,
  "error": "<string>"
}

Authorizations

Authorization

string

header

required

API Key authentication for programmatic access. Include your API key in the Authorization header as: Bearer your_api_key_here

Body

application/json

query

string

required

The detection query to execute

platform

string

required

The SIEM platform/tool type to execute against

Minimum string length: 1

timeRangeHours

number

Time range in hours (1-168, default: 24)

Required range: 1 <= x <= 168

maxRows

number

Max rows to return (1-100, default: 10)

Required range: 1 <= x <= 100

Response

200 - application/json

Successful response

success

boolean

required

rows

number

required

executionTimeMs

number

required

results

object[]

required

Show child attributes

bytesScanned

number

error

string

Test a detection query

Get publishing options for a platform

⌘I

Endpoints

Authorizations

Body

Response