naftiko: 1.0.0-alpha2 info: label: VirusTotal API v3 - IoC Investigation — IoC Investigation - Attack Techniques description: 'VirusTotal API v3 - IoC Investigation — IoC Investigation - Attack Techniques. 3 operations. Lead operation: Get an Attack Technique Object. Self-contained Naftiko capability covering one VirusTotal business surface.' tags: - VirusTotal - IoC Investigation - Attack Techniques created: '2026-05-29' modified: '2026-05-29' binds: - namespace: env keys: VIRUSTOTAL_API_KEY: VIRUSTOTAL_API_KEY capability: consumes: - type: http namespace: ioc-investigation-ioc-investigation-attack-techniques baseUri: https://www.virustotal.com/api/v3 description: VirusTotal API v3 - IoC Investigation — IoC Investigation - Attack Techniques. Self-contained, no shared references. authentication: type: apikey key: x-apikey value: '{{env.VIRUSTOTAL_API_KEY}}' placement: header resources: - name: attack-techniques-id path: /attack_techniques/{id} operations: - name: attackTechniqueid method: GET description: VirusTotal Get an Attack Technique Object inputParameters: - name: id in: path type: string required: true description: Attack technique's ID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: attack-techniques-id-relationships-relationship path: /attack_techniques/{id}/relationships/{relationship} operations: - name: attackTechniquesidrelationshipsrelationship method: GET description: VirusTotal Get Object Descriptors Related to an Attack Technique inputParameters: - name: id in: path type: string required: true description: Attack technique's ID - name: relationship in: path type: string required: true description: Relationship name (see [table](ref:object-attack-techniques#relationships)) - name: limit in: query type: integer required: false description: Maximum number of related objects to retrieve - name: cursor in: query type: string required: false description: Continuation cursor outputRawFormat: json outputParameters: - name: result type: object value: $. - name: attack-techniques-id-relationship path: /attack_techniques/{id}/{relationship} operations: - name: attackTechniqueidrelationship method: GET description: VirusTotal Get Objects Related to an Attack Technique inputParameters: - name: id in: path type: string required: true description: Attack technique's ID - name: relationship in: path type: string required: true description: Relationship name (see [table](ref:object-attack-techniques#relationships)) - name: limit in: query type: integer required: false description: Maximum number of related objects to retrieve - name: cursor in: query type: string required: false description: Continuation cursor outputRawFormat: json outputParameters: - name: result type: object value: $. exposes: - type: rest namespace: ioc-investigation-ioc-investigation-attack-techniques-rest port: 8080 description: REST adapter for VirusTotal API v3 - IoC Investigation — IoC Investigation - Attack Techniques. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/attack_techniques/{id} name: attack-techniques-id description: REST surface for /attack_techniques/{id}. operations: - method: GET name: attackTechniqueid description: VirusTotal Get an Attack Technique Object call: ioc-investigation-ioc-investigation-attack-techniques.attackTechniqueid outputParameters: - type: object mapping: $. with: id: rest.id - path: /v1/attack_techniques/{id}/relationships/{relationship} name: attack-techniques-id-relationships-relationship description: REST surface for /attack_techniques/{id}/relationships/{relationship}. operations: - method: GET name: attackTechniquesidrelationshipsrelationship description: VirusTotal Get Object Descriptors Related to an Attack Technique call: ioc-investigation-ioc-investigation-attack-techniques.attackTechniquesidrelationshipsrelationship outputParameters: - type: object mapping: $. with: id: rest.id relationship: rest.relationship limit: rest.limit cursor: rest.cursor - path: /v1/attack_techniques/{id}/{relationship} name: attack-techniques-id-relationship description: REST surface for /attack_techniques/{id}/{relationship}. operations: - method: GET name: attackTechniqueidrelationship description: VirusTotal Get Objects Related to an Attack Technique call: ioc-investigation-ioc-investigation-attack-techniques.attackTechniqueidrelationship outputParameters: - type: object mapping: $. with: id: rest.id relationship: rest.relationship limit: rest.limit cursor: rest.cursor - type: mcp namespace: ioc-investigation-ioc-investigation-attack-techniques-mcp port: 9090 transport: http description: MCP adapter for VirusTotal API v3 - IoC Investigation — IoC Investigation - Attack Techniques. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: get-attack-technique-object description: VirusTotal Get an Attack Technique Object hints: readOnly: true destructive: false idempotent: true call: ioc-investigation-ioc-investigation-attack-techniques.attackTechniqueid outputParameters: - type: object mapping: $. with: id: tools.id - name: get-object-descriptors-related-attack description: VirusTotal Get Object Descriptors Related to an Attack Technique hints: readOnly: true destructive: false idempotent: true call: ioc-investigation-ioc-investigation-attack-techniques.attackTechniquesidrelationshipsrelationship outputParameters: - type: object mapping: $. with: id: tools.id relationship: tools.relationship limit: tools.limit cursor: tools.cursor - name: get-objects-related-attack-technique description: VirusTotal Get Objects Related to an Attack Technique hints: readOnly: true destructive: false idempotent: true call: ioc-investigation-ioc-investigation-attack-techniques.attackTechniqueidrelationship outputParameters: - type: object mapping: $. with: id: tools.id relationship: tools.relationship limit: tools.limit cursor: tools.cursor