Key Features
Unified MITRE Coverage Map
Visualize detection coverage across all tools in one consolidated view
AI Detection Authoring
Iteratively craft production-ready detections with AI assistance
Pattern-Based Detection
Deploy agents that detect anomalies without rigid rule-based logic
How It Works
Ingest Existing Detections
Cotool automatically discovers and classifies detections from:
- SIEM platforms
- Endpoint tools
- Email security tools
- Detection-as-Code pipelines
Map to MITRE ATT&CK
AI analyzes each detection’s name, description, and query logic to map it to relevant MITRE ATT&CK techniques, creating a unified view of coverage across your stack
Visualize Coverage
See which techniques are covered, by which tools, with confidence scores for each mapping
Detection Authoring Guide
Learn more about AI-powered detection authoring
Pattern-Based Detection with Agents
Not all threats follow rigid patterns. Cotool allows you to deploy scheduled agents that hunt for suspicious patterns without being bound to rule-based logic. Example: Deploy a weekly agent that:- Reviews user login patterns
- Identifies anomalous behavior
- Creates alerts for investigation
Pattern-Based Detection
Learn about behavioral detection with agents
Getting Started
Connect Your Security Tools
Navigate to Settings > Integrations and authenticate your detection platforms
View Your Detection Map
The MITRE classification job will automatically run weekly to map your detections to MITRE ATT&CK techniques
Author Detections
Use the detection authoring interface to collaboratively craft new rule-based detections with AI assistance