Endpoints
- GETList detection rule proposals
- GETGet a detection rule proposal
- POSTDismiss a detection rule proposal
- POSTRestore a dismissed detection rule proposal
- POSTTest a detection query
- POSTExecute a detection query
- GETGet publishing options for a platform
- GETList available GitHub repositories
- POSTSmart publish detection to GitHub (SSE)
- POSTSmart deploy detection to native platform (SSE)
cURL
curl -X GET "https://app.cotool.ai/api/detection-rules/proposals" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json"{
"proposals": [
{
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"organizationId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"name": "<string>",
"description": "<string>",
"query": "<string>",
"siemPlatform": "<string>",
"reasoning": "<string>",
"mitreTechniqueIds": [
"<string>"
],
"mitreTechniqueNames": [
"<string>"
],
"mitreTacticIds": [
"<string>"
],
"dataSourcesRequired": [
"<string>"
],
"suggestedTuning": {
"exclusions": [
"<string>"
],
"thresholds": [
"<string>"
],
"expectedVolume": "<string>"
},
"status": "proposed",
"validationResult": {
"valid": true,
"details": {
"syntaxOk": true,
"executionOk": true,
"resultCount": 123,
"executionTimeMs": 123
},
"error": "<string>"
},
"volumeCheckResult": {
"checkedAt": "2023-11-07T05:31:56Z",
"rowCount": 123,
"executionTimeMs": 123,
"timeRangeHours": 123,
"bytesScanned": 123,
"sampleResults": [
{}
],
"querySnapshot": "<string>",
"bestEstimate": {
"count": 1,
"timeRangeHours": 2,
"basis": "estimated_detection_noisiness",
"quality": "authoritative",
"source": "<string>"
}
},
"prUrl": "<string>",
"prMergedAt": "2023-11-07T05:31:56Z",
"publishMethod": "api",
"publishedAt": "2023-11-07T05:31:56Z",
"publishedRuleId": "<string>",
"jobRunId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"dismissedReason": "<string>",
"dismissedBy": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"dismissedAt": "2023-11-07T05:31:56Z",
"publishingStartedAt": "2023-11-07T05:31:56Z",
"createdAt": "2023-11-07T05:31:56Z",
"updatedAt": "2023-11-07T05:31:56Z",
"grade": 10,
"gradeReason": "<string>",
"testResultsSummary": "<string>",
"detectionIntent": {
"methodLabel": "<string>",
"rationale": "<string>",
"confidence": "high",
"keyKnobs": {}
},
"platformConfig": {
"version": 123,
"platform": "<string>",
"queries": [
{
"name": "<string>",
"query": "<string>",
"aggregation": "count",
"dataSource": "logs",
"groupByFields": [
"<string>"
],
"distinctFields": [
"<string>"
]
}
],
"cases": [
{
"status": "info",
"condition": "<string>",
"name": "<string>"
}
],
"options": {
"detectionMethod": "threshold",
"evaluationWindow": 123,
"keepAlive": 123,
"maxSignalDuration": 123,
"decreaseCriticalityBasedOnEnv": true
},
"isEnabled": true
}
}
],
"total": 123
}Detection Rules
List detection rule proposals
Retrieve all detection rule proposals for the organization.
GET
/
api
/
detection-rules
/
proposals
cURL
curl -X GET "https://app.cotool.ai/api/detection-rules/proposals" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json"{
"proposals": [
{
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"organizationId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"name": "<string>",
"description": "<string>",
"query": "<string>",
"siemPlatform": "<string>",
"reasoning": "<string>",
"mitreTechniqueIds": [
"<string>"
],
"mitreTechniqueNames": [
"<string>"
],
"mitreTacticIds": [
"<string>"
],
"dataSourcesRequired": [
"<string>"
],
"suggestedTuning": {
"exclusions": [
"<string>"
],
"thresholds": [
"<string>"
],
"expectedVolume": "<string>"
},
"status": "proposed",
"validationResult": {
"valid": true,
"details": {
"syntaxOk": true,
"executionOk": true,
"resultCount": 123,
"executionTimeMs": 123
},
"error": "<string>"
},
"volumeCheckResult": {
"checkedAt": "2023-11-07T05:31:56Z",
"rowCount": 123,
"executionTimeMs": 123,
"timeRangeHours": 123,
"bytesScanned": 123,
"sampleResults": [
{}
],
"querySnapshot": "<string>",
"bestEstimate": {
"count": 1,
"timeRangeHours": 2,
"basis": "estimated_detection_noisiness",
"quality": "authoritative",
"source": "<string>"
}
},
"prUrl": "<string>",
"prMergedAt": "2023-11-07T05:31:56Z",
"publishMethod": "api",
"publishedAt": "2023-11-07T05:31:56Z",
"publishedRuleId": "<string>",
"jobRunId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"dismissedReason": "<string>",
"dismissedBy": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"dismissedAt": "2023-11-07T05:31:56Z",
"publishingStartedAt": "2023-11-07T05:31:56Z",
"createdAt": "2023-11-07T05:31:56Z",
"updatedAt": "2023-11-07T05:31:56Z",
"grade": 10,
"gradeReason": "<string>",
"testResultsSummary": "<string>",
"detectionIntent": {
"methodLabel": "<string>",
"rationale": "<string>",
"confidence": "high",
"keyKnobs": {}
},
"platformConfig": {
"version": 123,
"platform": "<string>",
"queries": [
{
"name": "<string>",
"query": "<string>",
"aggregation": "count",
"dataSource": "logs",
"groupByFields": [
"<string>"
],
"distinctFields": [
"<string>"
]
}
],
"cases": [
{
"status": "info",
"condition": "<string>",
"name": "<string>"
}
],
"options": {
"detectionMethod": "threshold",
"evaluationWindow": 123,
"keepAlive": 123,
"maxSignalDuration": 123,
"decreaseCriticalityBasedOnEnv": true
},
"isEnabled": true
}
}
],
"total": 123
}Documentation Index
Fetch the complete documentation index at: https://docs.cotool.ai/llms.txt
Use this file to discover all available pages before exploring further.
Authorizations
API Key authentication for programmatic access. Include your API key in the Authorization header as: Bearer your_api_key_here
Query Parameters
Filter by status (comma-separated for multiple)
Filter by SIEM platform
Max results to return (default 50)
Offset for pagination
Include dismissed proposals (true/false, default false)
Was this page helpful?
⌘I
Assistant
Responses are generated using AI and may contain mistakes.