naftiko: 1.0.0-alpha2 info: label: VirusTotal API v3 - IoC Investigation — IoC Investigation - Search & Metadata description: 'VirusTotal API v3 - IoC Investigation — IoC Investigation - Search & Metadata. 4 operations. Lead operation: Advanced Corpus Search. Self-contained Naftiko capability covering one VirusTotal business surface.' tags: - VirusTotal - IoC Investigation - Search & Metadata created: '2026-05-29' modified: '2026-05-29' binds: - namespace: env keys: VIRUSTOTAL_API_KEY: VIRUSTOTAL_API_KEY capability: consumes: - type: http namespace: ioc-investigation-ioc-investigation-search-metadata baseUri: https://www.virustotal.com/api/v3 description: VirusTotal API v3 - IoC Investigation — IoC Investigation - Search & Metadata. Self-contained, no shared references. authentication: type: apikey key: x-apikey value: '{{env.VIRUSTOTAL_API_KEY}}' placement: header resources: - name: intelligence-search path: /intelligence/search operations: - name: intelligenceSearch method: GET description: VirusTotal Advanced Corpus Search inputParameters: - name: query in: query type: string required: true description: Search query using URL Safe encoding - name: order in: query type: string required: false description: Sort order (see table in the description above) - name: limit in: query type: integer required: false description: Maximum number of results per page (Max. 300) - name: cursor in: query type: string required: false description: Continuation cursor - name: descriptors_only in: query type: boolean required: false description: Whether to return full object information or just object descriptors. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: intelligence-search-snippets-snippet path: /intelligence/search/snippets/{snippet} operations: - name: intelligenceSearchSnippets method: GET description: VirusTotal Get File Content Search Snippets inputParameters: - name: snippet in: path type: string required: true description: Extracted snippet from context attributes at [/search](ref:intelligence-search) endpoint. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: metadata path: /metadata operations: - name: metadata method: GET description: VirusTotal Get Google Threat Intel Metadata inputParameters: [] outputRawFormat: json outputParameters: - name: result type: object value: $. - name: search path: /search operations: - name: apiSearch method: GET description: VirusTotal Search for Files, URLs, Domains, IPs and Comments inputParameters: - name: query in: query type: string required: true description: Search query. outputRawFormat: json outputParameters: - name: result type: object value: $. exposes: - type: rest namespace: ioc-investigation-ioc-investigation-search-metadata-rest port: 8080 description: REST adapter for VirusTotal API v3 - IoC Investigation — IoC Investigation - Search & Metadata. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/intelligence/search name: intelligence-search description: REST surface for /intelligence/search. operations: - method: GET name: intelligenceSearch description: VirusTotal Advanced Corpus Search call: ioc-investigation-ioc-investigation-search-metadata.intelligenceSearch outputParameters: - type: object mapping: $. with: query: rest.query order: rest.order limit: rest.limit cursor: rest.cursor descriptors_only: rest.descriptors_only - path: /v1/intelligence/search/snippets/{snippet} name: intelligence-search-snippets-snippet description: REST surface for /intelligence/search/snippets/{snippet}. operations: - method: GET name: intelligenceSearchSnippets description: VirusTotal Get File Content Search Snippets call: ioc-investigation-ioc-investigation-search-metadata.intelligenceSearchSnippets outputParameters: - type: object mapping: $. with: snippet: rest.snippet - path: /v1/metadata name: metadata description: REST surface for /metadata. operations: - method: GET name: metadata description: VirusTotal Get Google Threat Intel Metadata call: ioc-investigation-ioc-investigation-search-metadata.metadata outputParameters: - type: object mapping: $. - path: /v1/search name: search description: REST surface for /search. operations: - method: GET name: apiSearch description: VirusTotal Search for Files, URLs, Domains, IPs and Comments call: ioc-investigation-ioc-investigation-search-metadata.apiSearch outputParameters: - type: object mapping: $. with: query: rest.query - type: mcp namespace: ioc-investigation-ioc-investigation-search-metadata-mcp port: 9090 transport: http description: MCP adapter for VirusTotal API v3 - IoC Investigation — IoC Investigation - Search & Metadata. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: advanced-corpus-search description: VirusTotal Advanced Corpus Search hints: readOnly: true destructive: false idempotent: true call: ioc-investigation-ioc-investigation-search-metadata.intelligenceSearch outputParameters: - type: object mapping: $. with: query: tools.query order: tools.order limit: tools.limit cursor: tools.cursor descriptors_only: tools.descriptors_only - name: get-file-content-search-snippets description: VirusTotal Get File Content Search Snippets hints: readOnly: true destructive: false idempotent: true call: ioc-investigation-ioc-investigation-search-metadata.intelligenceSearchSnippets outputParameters: - type: object mapping: $. with: snippet: tools.snippet - name: get-google-threat-intel-metadata description: VirusTotal Get Google Threat Intel Metadata hints: readOnly: true destructive: false idempotent: true call: ioc-investigation-ioc-investigation-search-metadata.metadata outputParameters: - type: object mapping: $. - name: search-files-urls-domains-ips description: VirusTotal Search for Files, URLs, Domains, IPs and Comments hints: readOnly: true destructive: false idempotent: true call: ioc-investigation-ioc-investigation-search-metadata.apiSearch outputParameters: - type: object mapping: $. with: query: tools.query