naftiko: 1.0.0-alpha2 info: label: Tanium Threat Response API — Alerts description: 'Tanium Threat Response API — Alerts. 3 operations. Lead operation: List Threat Alerts. Self-contained Naftiko capability covering one Tanium business surface.' tags: - Tanium - Alerts created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: TANIUM_API_KEY: TANIUM_API_KEY capability: consumes: - type: http namespace: threat-response-alerts baseUri: https://{tanium_server} description: Tanium Threat Response API — Alerts business capability. Self-contained, no shared references. resources: - name: plugin-products-threat-response-api-v1-alerts path: /plugin/products/threat-response/api/v1/alerts operations: - name: listalerts method: GET description: List Threat Alerts outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: limit in: query type: integer description: Maximum number of alerts to return - name: offset in: query type: integer description: Number of alerts to skip for pagination - name: computer_ip_address in: query type: string description: Filter by computer IP address - name: computer_name in: query type: string description: Filter by computer hostname - name: scan_config_id in: query type: integer description: Filter by scan configuration identifier - name: intel_doc_id in: query type: integer description: Filter by intel document identifier - name: severity in: query type: string description: Filter by alert severity - name: priority in: query type: string description: Filter by alert priority - name: type in: query type: string description: Filter by alert type - name: state in: query type: string description: Filter by alert state - name: plugin-products-threat-response-api-v1-alerts-alertId path: /plugin/products/threat-response/api/v1/alerts/{alertId} operations: - name: getalert method: GET description: Get An Alert By ID outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: alertId in: path type: integer description: Unique identifier of the alert required: true - name: updatealertstate method: PUT description: Update Alert State outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: alertId in: path type: string description: Alert ID or comma-separated list of alert IDs required: true - name: body in: body type: object description: Request body (JSON). required: true authentication: type: apikey key: session value: '{{env.TANIUM_API_KEY}}' placement: header exposes: - type: rest namespace: threat-response-alerts-rest port: 8080 description: REST adapter for Tanium Threat Response API — Alerts. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/plugin/products/threat-response/api/v1/alerts name: plugin-products-threat-response-api-v1-alerts description: REST surface for plugin-products-threat-response-api-v1-alerts. operations: - method: GET name: listalerts description: List Threat Alerts call: threat-response-alerts.listalerts with: limit: rest.limit offset: rest.offset computer_ip_address: rest.computer_ip_address computer_name: rest.computer_name scan_config_id: rest.scan_config_id intel_doc_id: rest.intel_doc_id severity: rest.severity priority: rest.priority type: rest.type state: rest.state outputParameters: - type: object mapping: $. - path: /v1/plugin/products/threat-response/api/v1/alerts/{alertid} name: plugin-products-threat-response-api-v1-alerts-alertid description: REST surface for plugin-products-threat-response-api-v1-alerts-alertId. operations: - method: GET name: getalert description: Get An Alert By ID call: threat-response-alerts.getalert with: alertId: rest.alertId outputParameters: - type: object mapping: $. - method: PUT name: updatealertstate description: Update Alert State call: threat-response-alerts.updatealertstate with: alertId: rest.alertId body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: threat-response-alerts-mcp port: 9090 transport: http description: MCP adapter for Tanium Threat Response API — Alerts. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: list-threat-alerts description: List Threat Alerts hints: readOnly: true destructive: false idempotent: true call: threat-response-alerts.listalerts with: limit: tools.limit offset: tools.offset computer_ip_address: tools.computer_ip_address computer_name: tools.computer_name scan_config_id: tools.scan_config_id intel_doc_id: tools.intel_doc_id severity: tools.severity priority: tools.priority type: tools.type state: tools.state outputParameters: - type: object mapping: $. - name: get-alert-id description: Get An Alert By ID hints: readOnly: true destructive: false idempotent: true call: threat-response-alerts.getalert with: alertId: tools.alertId outputParameters: - type: object mapping: $. - name: update-alert-state description: Update Alert State hints: readOnly: false destructive: false idempotent: true call: threat-response-alerts.updatealertstate with: alertId: tools.alertId body: tools.body outputParameters: - type: object mapping: $.