naftiko: 1.0.0-alpha2 info: label: VirusTotal API v3 - IoC Investigation — IoC Investigation - URLs description: 'VirusTotal API v3 - IoC Investigation — IoC Investigation - URLs. 9 operations. Lead operation: Scan URL. Self-contained Naftiko capability covering one VirusTotal business surface.' tags: - VirusTotal - IoC Investigation - URLs created: '2026-05-29' modified: '2026-05-29' binds: - namespace: env keys: VIRUSTOTAL_API_KEY: VIRUSTOTAL_API_KEY capability: consumes: - type: http namespace: ioc-investigation-ioc-investigation-urls baseUri: https://www.virustotal.com/api/v3 description: VirusTotal API v3 - IoC Investigation — IoC Investigation - URLs. Self-contained, no shared references. authentication: type: apikey key: x-apikey value: '{{env.VIRUSTOTAL_API_KEY}}' placement: header resources: - name: urls path: /urls operations: - name: scanUrl method: POST description: VirusTotal Scan URL inputParameters: - name: body in: body type: object required: false description: Request body payload. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: urls-id path: /urls/{id} operations: - name: urlInfo method: GET description: VirusTotal Get a URL Report inputParameters: - name: id in: path type: string required: true description: URL identifier or base64 representation of URL to scan (w/o padding) - name: x-tool in: header type: string required: false description: The name of your tool or service. This is required to obtain the gti_assesment data outputRawFormat: json outputParameters: - name: result type: object value: $. - name: urls-id-analyse path: /urls/{id}/analyse operations: - name: urlsAnalyse method: POST description: VirusTotal Request a URL Rescan (re-analyze) inputParameters: - name: id in: path type: string required: true description: URL identifier outputRawFormat: json outputParameters: - name: result type: object value: $. - name: urls-id-comments path: /urls/{id}/comments operations: - name: urlsCommentsGet method: GET description: VirusTotal Get Comments on a URL inputParameters: - name: id in: path type: string required: true description: URL identifier - name: limit in: query type: integer required: false description: Maximum number of comments to retrieve - name: cursor in: query type: string required: false description: Continuation cursor outputRawFormat: json outputParameters: - name: result type: object value: $. - name: urlsCommentsPost method: POST description: VirusTotal Add a Comment on a URL inputParameters: - name: id in: path type: string required: true description: URL identifier - name: body in: body type: object required: false description: Request body payload. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: urls-id-relationships-relationship path: /urls/{id}/relationships/{relationship} operations: - name: urlsRelationshipsIds method: GET description: VirusTotal Get Object Descriptors Related to a URL inputParameters: - name: id in: path type: string required: true description: URL ID - name: relationship in: path type: string required: true description: Relationship name (see [table](ref:url-object#relationships)) - name: limit in: query type: string required: false description: Maximum number of related objects to retrieve - name: cursor in: query type: string required: false description: Continuation cursor outputRawFormat: json outputParameters: - name: result type: object value: $. - name: urls-id-votes path: /urls/{id}/votes operations: - name: urlsVotesGet method: GET description: VirusTotal Get Votes on a URL inputParameters: - name: id in: path type: string required: true description: URL identifier - name: limit in: query type: integer required: false description: Maximum number of votes to retrieve - name: cursor in: query type: string required: false description: Continuation cursor outputRawFormat: json outputParameters: - name: result type: object value: $. - name: urlsVotesPost method: POST description: VirusTotal Add a Vote on a URL inputParameters: - name: id in: path type: string required: true description: URL identifier - name: body in: body type: object required: false description: Request body payload. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: urls-id-relationship path: /urls/{id}/{relationship} operations: - name: urlsRelationships method: GET description: VirusTotal Get Objects Related to a URL inputParameters: - name: id in: path type: string required: true description: URL identifier - name: relationship in: path type: string required: true description: Relationship name (see [table](ref:url-object#relationships)) - name: limit in: query type: integer required: false description: Maximum number of related objects to retrieve - name: cursor in: query type: string required: false description: Continuation cursor outputRawFormat: json outputParameters: - name: result type: object value: $. exposes: - type: rest namespace: ioc-investigation-ioc-investigation-urls-rest port: 8080 description: REST adapter for VirusTotal API v3 - IoC Investigation — IoC Investigation - URLs. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/urls name: urls description: REST surface for /urls. operations: - method: POST name: scanUrl description: VirusTotal Scan URL call: ioc-investigation-ioc-investigation-urls.scanUrl outputParameters: - type: object mapping: $. with: body: rest.body - path: /v1/urls/{id} name: urls-id description: REST surface for /urls/{id}. operations: - method: GET name: urlInfo description: VirusTotal Get a URL Report call: ioc-investigation-ioc-investigation-urls.urlInfo outputParameters: - type: object mapping: $. with: id: rest.id x-tool: rest.x-tool - path: /v1/urls/{id}/analyse name: urls-id-analyse description: REST surface for /urls/{id}/analyse. operations: - method: POST name: urlsAnalyse description: VirusTotal Request a URL Rescan (re-analyze) call: ioc-investigation-ioc-investigation-urls.urlsAnalyse outputParameters: - type: object mapping: $. with: id: rest.id - path: /v1/urls/{id}/comments name: urls-id-comments description: REST surface for /urls/{id}/comments. operations: - method: GET name: urlsCommentsGet description: VirusTotal Get Comments on a URL call: ioc-investigation-ioc-investigation-urls.urlsCommentsGet outputParameters: - type: object mapping: $. with: id: rest.id limit: rest.limit cursor: rest.cursor - method: POST name: urlsCommentsPost description: VirusTotal Add a Comment on a URL call: ioc-investigation-ioc-investigation-urls.urlsCommentsPost outputParameters: - type: object mapping: $. with: id: rest.id body: rest.body - path: /v1/urls/{id}/relationships/{relationship} name: urls-id-relationships-relationship description: REST surface for /urls/{id}/relationships/{relationship}. operations: - method: GET name: urlsRelationshipsIds description: VirusTotal Get Object Descriptors Related to a URL call: ioc-investigation-ioc-investigation-urls.urlsRelationshipsIds outputParameters: - type: object mapping: $. with: id: rest.id relationship: rest.relationship limit: rest.limit cursor: rest.cursor - path: /v1/urls/{id}/votes name: urls-id-votes description: REST surface for /urls/{id}/votes. operations: - method: GET name: urlsVotesGet description: VirusTotal Get Votes on a URL call: ioc-investigation-ioc-investigation-urls.urlsVotesGet outputParameters: - type: object mapping: $. with: id: rest.id limit: rest.limit cursor: rest.cursor - method: POST name: urlsVotesPost description: VirusTotal Add a Vote on a URL call: ioc-investigation-ioc-investigation-urls.urlsVotesPost outputParameters: - type: object mapping: $. with: id: rest.id body: rest.body - path: /v1/urls/{id}/{relationship} name: urls-id-relationship description: REST surface for /urls/{id}/{relationship}. operations: - method: GET name: urlsRelationships description: VirusTotal Get Objects Related to a URL call: ioc-investigation-ioc-investigation-urls.urlsRelationships outputParameters: - type: object mapping: $. with: id: rest.id relationship: rest.relationship limit: rest.limit cursor: rest.cursor - type: mcp namespace: ioc-investigation-ioc-investigation-urls-mcp port: 9090 transport: http description: MCP adapter for VirusTotal API v3 - IoC Investigation — IoC Investigation - URLs. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: scan-url description: VirusTotal Scan URL hints: readOnly: false destructive: false idempotent: false call: ioc-investigation-ioc-investigation-urls.scanUrl outputParameters: - type: object mapping: $. with: body: tools.body - name: get-url-report description: VirusTotal Get a URL Report hints: readOnly: true destructive: false idempotent: true call: ioc-investigation-ioc-investigation-urls.urlInfo outputParameters: - type: object mapping: $. with: id: tools.id x-tool: tools.x-tool - name: request-url-rescan-re-analyze description: VirusTotal Request a URL Rescan (re-analyze) hints: readOnly: false destructive: false idempotent: false call: ioc-investigation-ioc-investigation-urls.urlsAnalyse outputParameters: - type: object mapping: $. with: id: tools.id - name: get-comments-url description: VirusTotal Get Comments on a URL hints: readOnly: true destructive: false idempotent: true call: ioc-investigation-ioc-investigation-urls.urlsCommentsGet outputParameters: - type: object mapping: $. with: id: tools.id limit: tools.limit cursor: tools.cursor - name: add-comment-url description: VirusTotal Add a Comment on a URL hints: readOnly: false destructive: false idempotent: false call: ioc-investigation-ioc-investigation-urls.urlsCommentsPost outputParameters: - type: object mapping: $. with: id: tools.id body: tools.body - name: get-object-descriptors-related-url description: VirusTotal Get Object Descriptors Related to a URL hints: readOnly: true destructive: false idempotent: true call: ioc-investigation-ioc-investigation-urls.urlsRelationshipsIds outputParameters: - type: object mapping: $. with: id: tools.id relationship: tools.relationship limit: tools.limit cursor: tools.cursor - name: get-votes-url description: VirusTotal Get Votes on a URL hints: readOnly: true destructive: false idempotent: true call: ioc-investigation-ioc-investigation-urls.urlsVotesGet outputParameters: - type: object mapping: $. with: id: tools.id limit: tools.limit cursor: tools.cursor - name: add-vote-url description: VirusTotal Add a Vote on a URL hints: readOnly: false destructive: false idempotent: false call: ioc-investigation-ioc-investigation-urls.urlsVotesPost outputParameters: - type: object mapping: $. with: id: tools.id body: tools.body - name: get-objects-related-url description: VirusTotal Get Objects Related to a URL hints: readOnly: true destructive: false idempotent: true call: ioc-investigation-ioc-investigation-urls.urlsRelationships outputParameters: - type: object mapping: $. with: id: tools.id relationship: tools.relationship limit: tools.limit cursor: tools.cursor