naftiko: 1.0.0-alpha2 info: label: VirusTotal API v3 - IoC Investigation — IoC Investigation - Analyses, Submissions & Operations description: 'VirusTotal API v3 - IoC Investigation — IoC Investigation - Analyses, Submissions & Operations. 5 operations. Lead operation: Get a URL / File Analysis. Self-contained Naftiko capability covering one VirusTotal business surface.' tags: - VirusTotal - IoC Investigation - Analyses, Submissions & Operations created: '2026-05-29' modified: '2026-05-29' binds: - namespace: env keys: VIRUSTOTAL_API_KEY: VIRUSTOTAL_API_KEY capability: consumes: - type: http namespace: ioc-investigation-ioc-investigation-analyses-submissions-operations baseUri: https://www.virustotal.com/api/v3 description: VirusTotal API v3 - IoC Investigation — IoC Investigation - Analyses, Submissions & Operations. Self-contained, no shared references. authentication: type: apikey key: x-apikey value: '{{env.VIRUSTOTAL_API_KEY}}' placement: header resources: - name: analyses-id path: /analyses/{id} operations: - name: analysis method: GET description: VirusTotal Get a URL / File Analysis inputParameters: - name: id in: path type: string required: true description: Analysis identifier outputRawFormat: json outputParameters: - name: result type: object value: $. - name: analyses-id-relationships-relationship path: /analyses/{id}/relationships/{relationship} operations: - name: analysesGetDescriptors method: GET description: VirusTotal Get Object Descriptors Related to an Analysis inputParameters: - name: id in: path type: string required: true description: Analysis identifier - name: relationship in: path type: string required: true description: Relationship name (see [table](ref:analyses-object#relationships)) outputRawFormat: json outputParameters: - name: result type: object value: $. - name: analyses-id-relationship path: /analyses/{id}/{relationship} operations: - name: analysesGetObjects method: GET description: VirusTotal Get Objects Related to an Analysis inputParameters: - name: id in: path type: string required: true description: Analysis identifier - name: relationship in: path type: string required: true description: Relationship name (see [table](ref:analyses-object#relationships)) outputRawFormat: json outputParameters: - name: result type: object value: $. - name: submission-id path: /submission/{id} operations: - name: getSubmission method: GET description: VirusTotal Get a Submission Object inputParameters: - name: id in: path type: string required: true description: Submission object ID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: operations-id path: /operations/{id} operations: - name: getOperationsId method: GET description: VirusTotal Get an Operation Object inputParameters: - name: id in: path type: string required: true description: Operation ID outputRawFormat: json outputParameters: - name: result type: object value: $. exposes: - type: rest namespace: ioc-investigation-ioc-investigation-analyses-submissions-operations-rest port: 8080 description: REST adapter for VirusTotal API v3 - IoC Investigation — IoC Investigation - Analyses, Submissions & Operations. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/analyses/{id} name: analyses-id description: REST surface for /analyses/{id}. operations: - method: GET name: analysis description: VirusTotal Get a URL / File Analysis call: ioc-investigation-ioc-investigation-analyses-submissions-operations.analysis outputParameters: - type: object mapping: $. with: id: rest.id - path: /v1/analyses/{id}/relationships/{relationship} name: analyses-id-relationships-relationship description: REST surface for /analyses/{id}/relationships/{relationship}. operations: - method: GET name: analysesGetDescriptors description: VirusTotal Get Object Descriptors Related to an Analysis call: ioc-investigation-ioc-investigation-analyses-submissions-operations.analysesGetDescriptors outputParameters: - type: object mapping: $. with: id: rest.id relationship: rest.relationship - path: /v1/analyses/{id}/{relationship} name: analyses-id-relationship description: REST surface for /analyses/{id}/{relationship}. operations: - method: GET name: analysesGetObjects description: VirusTotal Get Objects Related to an Analysis call: ioc-investigation-ioc-investigation-analyses-submissions-operations.analysesGetObjects outputParameters: - type: object mapping: $. with: id: rest.id relationship: rest.relationship - path: /v1/submission/{id} name: submission-id description: REST surface for /submission/{id}. operations: - method: GET name: getSubmission description: VirusTotal Get a Submission Object call: ioc-investigation-ioc-investigation-analyses-submissions-operations.getSubmission outputParameters: - type: object mapping: $. with: id: rest.id - path: /v1/operations/{id} name: operations-id description: REST surface for /operations/{id}. operations: - method: GET name: getOperationsId description: VirusTotal Get an Operation Object call: ioc-investigation-ioc-investigation-analyses-submissions-operations.getOperationsId outputParameters: - type: object mapping: $. with: id: rest.id - type: mcp namespace: ioc-investigation-ioc-investigation-analyses-submissions-operations-mcp port: 9090 transport: http description: MCP adapter for VirusTotal API v3 - IoC Investigation — IoC Investigation - Analyses, Submissions & Operations. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: get-url-file-analysis description: VirusTotal Get a URL / File Analysis hints: readOnly: true destructive: false idempotent: true call: ioc-investigation-ioc-investigation-analyses-submissions-operations.analysis outputParameters: - type: object mapping: $. with: id: tools.id - name: get-object-descriptors-related-analysis description: VirusTotal Get Object Descriptors Related to an Analysis hints: readOnly: true destructive: false idempotent: true call: ioc-investigation-ioc-investigation-analyses-submissions-operations.analysesGetDescriptors outputParameters: - type: object mapping: $. with: id: tools.id relationship: tools.relationship - name: get-objects-related-analysis description: VirusTotal Get Objects Related to an Analysis hints: readOnly: true destructive: false idempotent: true call: ioc-investigation-ioc-investigation-analyses-submissions-operations.analysesGetObjects outputParameters: - type: object mapping: $. with: id: tools.id relationship: tools.relationship - name: get-submission-object description: VirusTotal Get a Submission Object hints: readOnly: true destructive: false idempotent: true call: ioc-investigation-ioc-investigation-analyses-submissions-operations.getSubmission outputParameters: - type: object mapping: $. with: id: tools.id - name: get-operation-object description: VirusTotal Get an Operation Object hints: readOnly: true destructive: false idempotent: true call: ioc-investigation-ioc-investigation-analyses-submissions-operations.getOperationsId outputParameters: - type: object mapping: $. with: id: tools.id