Generate a SIEM query using AI - Cotool Documentation

cURL

curl -X POST "https://app.cotool.ai/api/detection-queries/generate" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"prompt":"string","siemType":"splunk","category":"baseline_anomaly"}'

{
  "query": "<string>",
  "systemPrompt": "<string>",
  "explanation": "<string>"
}

POST

api

detection-queries

generate

cURL

curl -X POST "https://app.cotool.ai/api/detection-queries/generate" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"prompt":"string","siemType":"splunk","category":"baseline_anomaly"}'

{
  "query": "<string>",
  "systemPrompt": "<string>",
  "explanation": "<string>"
}

Authorizations

Authorization

string

header

required

API Key authentication for programmatic access. Include your API key in the Authorization header as: Bearer your_api_key_here

Body

application/json

Request body for generating a detection query using AI

prompt

string

required

Natural language description of what the query should accomplish

Minimum string length: 1

siemType

enum<string>

required

The detection tool platform to generate the query for (SIEM or endpoint tools like SentinelOne)

Available options:

splunk,

sumologic,

elastic,

databricks,

datadog,

scanner,

runreveal,

sentinelone,

crowdstrike,

gadmin

Response

200 - application/json

Successful response

Generated SIEM query, system prompt, and optional explanation

query

string

required

The generated SIEM query

systemPrompt

string

required

The customized system prompt for the detection agent

explanation

string

Optional explanation of what the query does

Generate a detection system prompt

⌘I

Endpoints

Authorizations

Body

Response