naftiko: 1.0.0-alpha2 info: label: Microsoft Defender for Endpoint API — Machines description: 'Microsoft Defender for Endpoint API — Machines. 5 operations. Lead operation: Microsoft Defender List machines. Self-contained Naftiko capability covering one Microsoft Defender business surface.' tags: - Microsoft Defender - Machines created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: MICROSOFT_DEFENDER_API_KEY: MICROSOFT_DEFENDER_API_KEY capability: consumes: - type: http namespace: for-endpoint-machines baseUri: https://api.security.microsoft.com/api description: Microsoft Defender for Endpoint API — Machines business capability. Self-contained, no shared references. resources: - name: machines path: /machines operations: - name: listmachines method: GET description: Microsoft Defender List machines outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: $filter in: query type: string description: OData filter expression. Filterable properties include computerDnsName, id, version, deviceValue, aadDeviceId, machineTags, lastSeen, exposureLevel, onboardingS - name: $top in: query type: integer description: Maximum number of results to return (max 10,000). - name: $skip in: query type: integer description: Number of results to skip for pagination. - name: machines-machineId path: /machines/{machineId} operations: - name: getmachine method: GET description: Microsoft Defender Get machine by ID outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: machineId in: path type: string description: The device ID or computer name of the machine. required: true - name: machines-machineId-alerts path: /machines/{machineId}/alerts operations: - name: listmachinealerts method: GET description: Microsoft Defender List alerts for a machine outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: machineId in: path type: string description: The device ID of the machine. required: true - name: machines-machineId-vulnerabilities path: /machines/{machineId}/vulnerabilities operations: - name: listmachinevulnerabilities method: GET description: Microsoft Defender List vulnerabilities for a machine outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: machineId in: path type: string description: The device ID of the machine. required: true - name: vulnerabilities-vulnerabilityId-machineReferences path: /vulnerabilities/{vulnerabilityId}/machineReferences operations: - name: listvulnerabilitymachinereferences method: GET description: Microsoft Defender List machines affected by a vulnerability outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: vulnerabilityId in: path type: string description: The CVE identifier of the vulnerability. required: true authentication: type: bearer token: '{{env.MICROSOFT_DEFENDER_API_KEY}}' exposes: - type: rest namespace: for-endpoint-machines-rest port: 8080 description: REST adapter for Microsoft Defender for Endpoint API — Machines. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/machines name: machines description: REST surface for machines. operations: - method: GET name: listmachines description: Microsoft Defender List machines call: for-endpoint-machines.listmachines with: $filter: rest.$filter $top: rest.$top $skip: rest.$skip outputParameters: - type: object mapping: $. - path: /v1/machines/{machineid} name: machines-machineid description: REST surface for machines-machineId. operations: - method: GET name: getmachine description: Microsoft Defender Get machine by ID call: for-endpoint-machines.getmachine with: machineId: rest.machineId outputParameters: - type: object mapping: $. - path: /v1/machines/{machineid}/alerts name: machines-machineid-alerts description: REST surface for machines-machineId-alerts. operations: - method: GET name: listmachinealerts description: Microsoft Defender List alerts for a machine call: for-endpoint-machines.listmachinealerts with: machineId: rest.machineId outputParameters: - type: object mapping: $. - path: /v1/machines/{machineid}/vulnerabilities name: machines-machineid-vulnerabilities description: REST surface for machines-machineId-vulnerabilities. operations: - method: GET name: listmachinevulnerabilities description: Microsoft Defender List vulnerabilities for a machine call: for-endpoint-machines.listmachinevulnerabilities with: machineId: rest.machineId outputParameters: - type: object mapping: $. - path: /v1/vulnerabilities/{vulnerabilityid}/machinereferences name: vulnerabilities-vulnerabilityid-machinereferences description: REST surface for vulnerabilities-vulnerabilityId-machineReferences. operations: - method: GET name: listvulnerabilitymachinereferences description: Microsoft Defender List machines affected by a vulnerability call: for-endpoint-machines.listvulnerabilitymachinereferences with: vulnerabilityId: rest.vulnerabilityId outputParameters: - type: object mapping: $. - type: mcp namespace: for-endpoint-machines-mcp port: 9090 transport: http description: MCP adapter for Microsoft Defender for Endpoint API — Machines. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: microsoft-defender-list-machines description: Microsoft Defender List machines hints: readOnly: true destructive: false idempotent: true call: for-endpoint-machines.listmachines with: $filter: tools.$filter $top: tools.$top $skip: tools.$skip outputParameters: - type: object mapping: $. - name: microsoft-defender-get-machine-id description: Microsoft Defender Get machine by ID hints: readOnly: true destructive: false idempotent: true call: for-endpoint-machines.getmachine with: machineId: tools.machineId outputParameters: - type: object mapping: $. - name: microsoft-defender-list-alerts-machine description: Microsoft Defender List alerts for a machine hints: readOnly: true destructive: false idempotent: true call: for-endpoint-machines.listmachinealerts with: machineId: tools.machineId outputParameters: - type: object mapping: $. - name: microsoft-defender-list-vulnerabilities-machine description: Microsoft Defender List vulnerabilities for a machine hints: readOnly: true destructive: false idempotent: true call: for-endpoint-machines.listmachinevulnerabilities with: machineId: tools.machineId outputParameters: - type: object mapping: $. - name: microsoft-defender-list-machines-affected description: Microsoft Defender List machines affected by a vulnerability hints: readOnly: true destructive: false idempotent: true call: for-endpoint-machines.listvulnerabilitymachinereferences with: vulnerabilityId: tools.vulnerabilityId outputParameters: - type: object mapping: $.