naftiko: 1.0.0-alpha2 info: label: VirusTotal API v3 - IoC Feeds — IoC Feeds - Sandbox analyses feed description: 'VirusTotal API v3 - IoC Feeds — IoC Feeds - Sandbox analyses feed. 6 operations. Lead operation: Get an Hourly File Behaviour Feed Batch. Self-contained Naftiko capability covering one VirusTotal business surface.' tags: - VirusTotal - IoC Feeds - Sandbox analyses feed created: '2026-05-29' modified: '2026-05-29' binds: - namespace: env keys: VIRUSTOTAL_API_KEY: VIRUSTOTAL_API_KEY capability: consumes: - type: http namespace: ioc-feeds-ioc-feeds-sandbox-analyses-feed baseUri: https://www.virustotal.com/api/v3 description: VirusTotal API v3 - IoC Feeds — IoC Feeds - Sandbox analyses feed. Self-contained, no shared references. authentication: type: apikey key: x-apikey value: '{{env.VIRUSTOTAL_API_KEY}}' placement: header resources: - name: feeds-file-behaviours-hourly-time path: /feeds/file_behaviours/hourly/{time} operations: - name: feedsFileBehaviourHourly method: GET description: VirusTotal Get an Hourly File Behaviour Feed Batch inputParameters: - name: time in: path type: string required: true description: A string in format YYYYMMDDhh outputRawFormat: json outputParameters: - name: result type: object value: $. - name: feeds-file-behaviours-time path: /feeds/file_behaviours/{time} operations: - name: feedsFileBehaviour method: GET description: VirusTotal Get a Per-minute File Behaviour Feed Batch inputParameters: - name: time in: path type: string required: true description: A string in format YYYYMMDDhhmm outputRawFormat: json outputParameters: - name: result type: object value: $. - name: feeds-file-behaviours-token-evtx path: /feeds/file_behaviours/{token}/evtx operations: - name: fileBehaviourFeedEvtx method: GET description: VirusTotal Get the EVTX File Generated During a File’s Behavior Analysis inputParameters: - name: token in: path type: string required: true description: Download token. It is included the "evtx" context attribute at the file behaviour feed. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: feeds-file-behaviours-token-html path: /feeds/file_behaviours/{token}/html operations: - name: fileBehaviourFeedHtml method: GET description: VirusTotal Get a File Behaviour's Detailed HTML Report inputParameters: - name: token in: path type: string required: true description: Download token. It can be found inside the behaviour object's properties in the file behaviour feed. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: feeds-file-behaviours-token-memdump path: /feeds/file_behaviours/{token}/memdump operations: - name: fileBehaviourFeedMemdump method: GET description: VirusTotal Get the Memdump File Generated During a File’s Behavior Analysis inputParameters: - name: token in: path type: string required: true description: Download token. It can be found inside the behaviour object's properties in the behaviour feed. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: feeds-file-behaviours-token-pcap path: /feeds/file_behaviours/{token}/pcap operations: - name: fileBehaviourFeedPcap method: GET description: VirusTotal Get the PCAP File Generated During a File’s Behavior Analysis inputParameters: - name: token in: path type: string required: true description: Download token. It can be found inside the behaviour object's properties in the behaviour feed. outputRawFormat: json outputParameters: - name: result type: object value: $. exposes: - type: rest namespace: ioc-feeds-ioc-feeds-sandbox-analyses-feed-rest port: 8080 description: REST adapter for VirusTotal API v3 - IoC Feeds — IoC Feeds - Sandbox analyses feed. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/feeds/file_behaviours/hourly/{time} name: feeds-file-behaviours-hourly-time description: REST surface for /feeds/file_behaviours/hourly/{time}. operations: - method: GET name: feedsFileBehaviourHourly description: VirusTotal Get an Hourly File Behaviour Feed Batch call: ioc-feeds-ioc-feeds-sandbox-analyses-feed.feedsFileBehaviourHourly outputParameters: - type: object mapping: $. with: time: rest.time - path: /v1/feeds/file_behaviours/{time} name: feeds-file-behaviours-time description: REST surface for /feeds/file_behaviours/{time}. operations: - method: GET name: feedsFileBehaviour description: VirusTotal Get a Per-minute File Behaviour Feed Batch call: ioc-feeds-ioc-feeds-sandbox-analyses-feed.feedsFileBehaviour outputParameters: - type: object mapping: $. with: time: rest.time - path: /v1/feeds/file_behaviours/{token}/evtx name: feeds-file-behaviours-token-evtx description: REST surface for /feeds/file_behaviours/{token}/evtx. operations: - method: GET name: fileBehaviourFeedEvtx description: VirusTotal Get the EVTX File Generated During a File’s Behavior Analysis call: ioc-feeds-ioc-feeds-sandbox-analyses-feed.fileBehaviourFeedEvtx outputParameters: - type: object mapping: $. with: token: rest.token - path: /v1/feeds/file_behaviours/{token}/html name: feeds-file-behaviours-token-html description: REST surface for /feeds/file_behaviours/{token}/html. operations: - method: GET name: fileBehaviourFeedHtml description: VirusTotal Get a File Behaviour's Detailed HTML Report call: ioc-feeds-ioc-feeds-sandbox-analyses-feed.fileBehaviourFeedHtml outputParameters: - type: object mapping: $. with: token: rest.token - path: /v1/feeds/file_behaviours/{token}/memdump name: feeds-file-behaviours-token-memdump description: REST surface for /feeds/file_behaviours/{token}/memdump. operations: - method: GET name: fileBehaviourFeedMemdump description: VirusTotal Get the Memdump File Generated During a File’s Behavior Analysis call: ioc-feeds-ioc-feeds-sandbox-analyses-feed.fileBehaviourFeedMemdump outputParameters: - type: object mapping: $. with: token: rest.token - path: /v1/feeds/file_behaviours/{token}/pcap name: feeds-file-behaviours-token-pcap description: REST surface for /feeds/file_behaviours/{token}/pcap. operations: - method: GET name: fileBehaviourFeedPcap description: VirusTotal Get the PCAP File Generated During a File’s Behavior Analysis call: ioc-feeds-ioc-feeds-sandbox-analyses-feed.fileBehaviourFeedPcap outputParameters: - type: object mapping: $. with: token: rest.token - type: mcp namespace: ioc-feeds-ioc-feeds-sandbox-analyses-feed-mcp port: 9090 transport: http description: MCP adapter for VirusTotal API v3 - IoC Feeds — IoC Feeds - Sandbox analyses feed. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: get-hourly-file-behaviour-feed description: VirusTotal Get an Hourly File Behaviour Feed Batch hints: readOnly: true destructive: false idempotent: true call: ioc-feeds-ioc-feeds-sandbox-analyses-feed.feedsFileBehaviourHourly outputParameters: - type: object mapping: $. with: time: tools.time - name: get-per-minute-file-behaviour description: VirusTotal Get a Per-minute File Behaviour Feed Batch hints: readOnly: true destructive: false idempotent: true call: ioc-feeds-ioc-feeds-sandbox-analyses-feed.feedsFileBehaviour outputParameters: - type: object mapping: $. with: time: tools.time - name: get-evtx-file-generated-during description: VirusTotal Get the EVTX File Generated During a File’s Behavior Analysis hints: readOnly: true destructive: false idempotent: true call: ioc-feeds-ioc-feeds-sandbox-analyses-feed.fileBehaviourFeedEvtx outputParameters: - type: object mapping: $. with: token: tools.token - name: get-file-behaviour-s-detailed description: VirusTotal Get a File Behaviour's Detailed HTML Report hints: readOnly: true destructive: false idempotent: true call: ioc-feeds-ioc-feeds-sandbox-analyses-feed.fileBehaviourFeedHtml outputParameters: - type: object mapping: $. with: token: tools.token - name: get-memdump-file-generated-during description: VirusTotal Get the Memdump File Generated During a File’s Behavior Analysis hints: readOnly: true destructive: false idempotent: true call: ioc-feeds-ioc-feeds-sandbox-analyses-feed.fileBehaviourFeedMemdump outputParameters: - type: object mapping: $. with: token: tools.token - name: get-pcap-file-generated-during description: VirusTotal Get the PCAP File Generated During a File’s Behavior Analysis hints: readOnly: true destructive: false idempotent: true call: ioc-feeds-ioc-feeds-sandbox-analyses-feed.fileBehaviourFeedPcap outputParameters: - type: object mapping: $. with: token: tools.token