Key Features
Unified MITRE Coverage Map
Visualize detection coverage across all tools in one consolidated view
AI Detection Authoring
Iteratively craft production-ready detections with AI assistance
Pattern-Based Detection
Deploy agents that detect anomalies without rigid rule-based logic
How It Works
1
Ingest Existing Detections
Cotool automatically discovers and classifies detections from:
- SIEM platforms
- Endpoint tools
- Email security tools
- Detection-as-Code pipelines
2
Map to MITRE ATT&CK
AI analyzes each detection’s name, description, and query logic to map it to relevant MITRE ATT&CK techniques, creating a unified view of coverage across your stack
3
Visualize Coverage
See which techniques are covered, by which tools, with confidence scores for each mapping
4
Author New Detections
Use the AI detection authoring interface to iteratively craft detections:
- Explore platform capabilities with tools
- Draft detection logic that compiles
- Test queries before deployment
- Refine based on feedback
Detection Authoring Guide
Learn more about AI-powered detection authoring
Pattern-Based Detection with Agents
Not all threats follow rigid patterns. Cotool allows you to deploy scheduled agents that hunt for suspicious patterns without being bound to rule-based logic. Example: Deploy a weekly agent that:- Reviews user login patterns
- Identifies anomalous behavior
- Creates alerts for investigation
Pattern-Based Detection
Learn about behavioral detection with agents
Getting Started
1
Connect Your Security Tools
Navigate to Settings > Integrations and authenticate your detection platforms
2
View Your Detection Map
The MITRE classification job will automatically run weekly to map your detections to MITRE ATT&CK techniques
3
Author Detections
Use the detection authoring interface to collaboratively craft new rule-based detections with AI assistance
4
Define Pattern-Based Detection Agents
Define pattern-based agents that hunt for suspicious activity without being bound to rule-based logic