Skip to main content
POST
/
api
/
detections
/
generate-plan
cURL
curl -X POST "https://app.cotool.ai/api/detections/generate-plan" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"intent":"string","toolNames":["string"],"cliNames":["string"],"detectionCadence":"hourly","detectionId":"string"}'
{
  "investigationPlan": "<string>",
  "steps": [
    {
      "title": "<string>",
      "instructions": "<string>"
    }
  ],
  "systemPrompt": "<string>"
}

Documentation Index

Fetch the complete documentation index at: https://docs.cotool.ai/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

API Key authentication for programmatic access. Include your API key in the Authorization header as: Bearer your_api_key_here

Body

application/json
intent
string
required

What the detection should look for and why

Minimum string length: 1
toolNames
string[]
required

Tool names available to the detection agent (used to infer data sources)

cliNames
string[]

CLI integration ids available to the detection agent (used as data sources at runtime)

detectionCadence
enum<string> | null

Cadence the detection will run on; the runtime prompt derives the primary lookback window from this metadata

Available options:
hourly,
daily,
weekly,
null
detectionId
string<uuid>

Optional detection ID when regenerating a plan for an existing detection

Response

200 - application/json

Successful response

investigationPlan
string
required

Markdown investigation plan for backwards compatibility.

steps
object[]
required

Structured investigation plan steps.

Minimum array length: 1
systemPrompt
string
required

The assembled system prompt with intent + plan embedded