Cotool provides a unified platform for managing, authoring, and deploying detections across your entire security stack—from endpoints to email to SIEMs.Documentation Index
Fetch the complete documentation index at: https://docs.cotool.ai/llms.txt
Use this file to discover all available pages before exploring further.
Key Features
Unified MITRE Coverage Map
Visualize detection coverage across all tools in one consolidated view
AI Detection Authoring
Iteratively craft production-ready detections with AI assistance
Pattern-Based Detection
Deploy agents that detect anomalies without rigid rule-based logic
How It Works
Ingest Existing Detections
Cotool automatically discovers and classifies detections from:
- SIEM platforms
- Endpoint tools
- Email security tools
- Detection-as-Code pipelines
Map to MITRE ATT&CK
AI analyzes each detection’s name, description, and query logic to map it to relevant MITRE ATT&CK techniques, creating a unified view of coverage across your stack
Visualize Coverage
See which techniques are covered, by which tools, with confidence scores for each mapping
Detection Authoring Guide
Learn more about AI-powered detection authoring
Pattern-Based Detection with Agents
Not all threats follow rigid patterns. Cotool allows you to deploy scheduled agents that hunt for suspicious patterns without being bound to rule-based logic. Example: Deploy a weekly agent that:- Reviews user login patterns
- Identifies anomalous behavior
- Creates alerts for investigation
Pattern-Based Detection
Learn about behavioral detection with agents
Getting Started
Connect Your Security Tools
Navigate to Settings > Integrations and authenticate your detection platforms
View Your Detection Map
The MITRE classification job will automatically run weekly to map your detections to MITRE ATT&CK techniques
Author Detections
Use the detection authoring interface to collaboratively craft new rule-based detections with AI assistance