naftiko: 1.0.0-alpha2 info: label: Palo Alto Networks Threat Vault API — ATP description: 'Palo Alto Networks Threat Vault API — ATP. 2 operations. Lead operation: Palo Alto Networks Get ATP Detailed Reports. Self-contained Naftiko capability covering one Palo Alto Networks business surface.' tags: - Palo Alto Networks - ATP created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: PALO_ALTO_NETWORKS_API_KEY: PALO_ALTO_NETWORKS_API_KEY capability: consumes: - type: http namespace: palo-alto-threat-vault-atp baseUri: https://api.threatvault.paloaltonetworks.com/service/v1 description: Palo Alto Networks Threat Vault API — ATP business capability. Self-contained, no shared references. resources: - name: atp-reports path: /atp/reports operations: - name: getatpreports method: GET description: Palo Alto Networks Get ATP Detailed Reports outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: sha256 in: query type: string description: SHA-256 hash to retrieve the ATP report for. - name: id in: query type: string description: ATP report ID. - name: offset in: query type: integer - name: limit in: query type: integer - name: atp-reports-pcaps path: /atp/reports/pcaps operations: - name: getatpreportpcaps method: GET description: Palo Alto Networks Get ATP PCAP Files outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: sha256 in: query type: string description: SHA-256 hash of the threat sample. required: true - name: id in: query type: string description: ATP report ID. authentication: type: apikey key: X-API-KEY value: '{{env.PALO_ALTO_NETWORKS_API_KEY}}' placement: header exposes: - type: rest namespace: palo-alto-threat-vault-atp-rest port: 8080 description: REST adapter for Palo Alto Networks Threat Vault API — ATP. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/atp/reports name: atp-reports description: REST surface for atp-reports. operations: - method: GET name: getatpreports description: Palo Alto Networks Get ATP Detailed Reports call: palo-alto-threat-vault-atp.getatpreports with: sha256: rest.sha256 id: rest.id offset: rest.offset limit: rest.limit outputParameters: - type: object mapping: $. - path: /v1/atp/reports/pcaps name: atp-reports-pcaps description: REST surface for atp-reports-pcaps. operations: - method: GET name: getatpreportpcaps description: Palo Alto Networks Get ATP PCAP Files call: palo-alto-threat-vault-atp.getatpreportpcaps with: sha256: rest.sha256 id: rest.id outputParameters: - type: object mapping: $. - type: mcp namespace: palo-alto-threat-vault-atp-mcp port: 9090 transport: http description: MCP adapter for Palo Alto Networks Threat Vault API — ATP. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: palo-alto-networks-get-atp description: Palo Alto Networks Get ATP Detailed Reports hints: readOnly: true destructive: false idempotent: true call: palo-alto-threat-vault-atp.getatpreports with: sha256: tools.sha256 id: tools.id offset: tools.offset limit: tools.limit outputParameters: - type: object mapping: $. - name: palo-alto-networks-get-atp-2 description: Palo Alto Networks Get ATP PCAP Files hints: readOnly: true destructive: false idempotent: true call: palo-alto-threat-vault-atp.getatpreportpcaps with: sha256: tools.sha256 id: tools.id outputParameters: - type: object mapping: $.