Generate investigation plan - Cotool Documentation

cURL

curl -X POST "https://app.cotool.ai/api/detections/generate-plan" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"intent":"string","toolNames":["string"],"detectionId":"string"}'

{
  "investigationPlan": "<string>",
  "steps": [
    {
      "title": "<string>",
      "instructions": "<string>"
    }
  ],
  "systemPrompt": "<string>"
}

POST

api

detections

generate-plan

cURL

curl -X POST "https://app.cotool.ai/api/detections/generate-plan" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"intent":"string","toolNames":["string"],"detectionId":"string"}'

{
  "investigationPlan": "<string>",
  "steps": [
    {
      "title": "<string>",
      "instructions": "<string>"
    }
  ],
  "systemPrompt": "<string>"
}

Authorizations

Authorization

string

header

required

API Key authentication for programmatic access. Include your API key in the Authorization header as: Bearer your_api_key_here

Body

application/json

intent

string

required

What the detection should look for and why

Minimum string length: 1

toolNames

string[]

required

Tool names available to the detection agent (used to infer data sources)

detectionId

string<uuid>

Optional detection ID when regenerating a plan for an existing detection

Response

200 - application/json

Successful response

investigationPlan

string

required

Markdown investigation plan for backwards compatibility.

steps

object[]

required

Structured investigation plan steps.

Minimum array length: 1

Show child attributes

systemPrompt

string

required

The assembled system prompt with intent + plan embedded

Generate a detection system prompt

Generate investigation plan asynchronously

⌘I

Endpoints

Authorizations

Body

Response