Endpoints
- GETList detection rule proposals
- GETGet a detection rule proposal
- POSTDismiss a detection rule proposal
- POSTRestore a dismissed detection rule proposal
- POSTTest a detection query
- POSTExecute a detection query
- GETGet publishing options for a platform
- GETList available GitHub repositories
- POSTSmart publish detection to GitHub (SSE)
- POSTSmart deploy detection to native platform (SSE)
- GET
cURL
Copy
Ask AI
curl -X GET "https://app.cotool.ai/api/detection-rules/proposals" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json"Copy
Ask AI
{
"proposals": [
{
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"organizationId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"name": "<string>",
"description": "<string>",
"query": "<string>",
"siemPlatform": "<string>",
"reasoning": "<string>",
"mitreTechniqueIds": [
"<string>"
],
"mitreTechniqueNames": [
"<string>"
],
"mitreTacticIds": [
"<string>"
],
"dataSourcesRequired": [
"<string>"
],
"suggestedTuning": {
"exclusions": [
"<string>"
],
"thresholds": [
"<string>"
],
"expectedVolume": "<string>"
},
"status": "proposed",
"validationResult": {
"valid": true,
"details": {
"syntaxOk": true,
"executionOk": true,
"resultCount": 123,
"executionTimeMs": 123
},
"error": "<string>"
},
"volumeCheckResult": {
"checkedAt": "2023-11-07T05:31:56Z",
"rowCount": 123,
"executionTimeMs": 123,
"timeRangeHours": 123,
"bytesScanned": 123,
"sampleResults": [
{}
],
"querySnapshot": "<string>"
},
"prUrl": "<string>",
"prMergedAt": "2023-11-07T05:31:56Z",
"publishMethod": "api",
"publishedAt": "2023-11-07T05:31:56Z",
"publishedRuleId": "<string>",
"jobRunId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"dismissedReason": "<string>",
"dismissedBy": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"dismissedAt": "2023-11-07T05:31:56Z",
"publishingStartedAt": "2023-11-07T05:31:56Z",
"createdAt": "2023-11-07T05:31:56Z",
"updatedAt": "2023-11-07T05:31:56Z",
"grade": 10,
"gradeReason": "<string>",
"testResultsSummary": "<string>"
}
],
"total": 123
}Detection Rules
List detection rule proposals
Retrieve all detection rule proposals for the organization.
GET
/
api
/
detection-rules
/
proposals
cURL
Copy
Ask AI
curl -X GET "https://app.cotool.ai/api/detection-rules/proposals" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json"Copy
Ask AI
{
"proposals": [
{
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"organizationId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"name": "<string>",
"description": "<string>",
"query": "<string>",
"siemPlatform": "<string>",
"reasoning": "<string>",
"mitreTechniqueIds": [
"<string>"
],
"mitreTechniqueNames": [
"<string>"
],
"mitreTacticIds": [
"<string>"
],
"dataSourcesRequired": [
"<string>"
],
"suggestedTuning": {
"exclusions": [
"<string>"
],
"thresholds": [
"<string>"
],
"expectedVolume": "<string>"
},
"status": "proposed",
"validationResult": {
"valid": true,
"details": {
"syntaxOk": true,
"executionOk": true,
"resultCount": 123,
"executionTimeMs": 123
},
"error": "<string>"
},
"volumeCheckResult": {
"checkedAt": "2023-11-07T05:31:56Z",
"rowCount": 123,
"executionTimeMs": 123,
"timeRangeHours": 123,
"bytesScanned": 123,
"sampleResults": [
{}
],
"querySnapshot": "<string>"
},
"prUrl": "<string>",
"prMergedAt": "2023-11-07T05:31:56Z",
"publishMethod": "api",
"publishedAt": "2023-11-07T05:31:56Z",
"publishedRuleId": "<string>",
"jobRunId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"dismissedReason": "<string>",
"dismissedBy": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"dismissedAt": "2023-11-07T05:31:56Z",
"publishingStartedAt": "2023-11-07T05:31:56Z",
"createdAt": "2023-11-07T05:31:56Z",
"updatedAt": "2023-11-07T05:31:56Z",
"grade": 10,
"gradeReason": "<string>",
"testResultsSummary": "<string>"
}
],
"total": 123
}Authorizations
API Key authentication for programmatic access. Include your API key in the Authorization header as: Bearer your_api_key_here
Query Parameters
Filter by status (comma-separated for multiple)
Filter by SIEM platform
Max results to return (default 50)
Offset for pagination
Include dismissed proposals (true/false, default false)
Was this page helpful?
⌘I