naftiko: 1.0.0-alpha2 info: label: VirusTotal API v3 - Threat Landscape and Vulnerability Intelligence — Threat Landscape & Vulnerability Intelligence & Reports & Analysis description: 'VirusTotal API v3 - Threat Landscape and Vulnerability Intelligence — Threat Landscape & Vulnerability Intelligence & Reports & Analysis. 16 operations. Lead operation: List Threat Objects (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report). Self-contained Naftiko capability covering one VirusTotal business surface.' tags: - VirusTotal - Threat Landscape & Vulnerability Intelligence & Reports & Analysis created: '2026-05-29' modified: '2026-05-29' binds: - namespace: env keys: VIRUSTOTAL_API_KEY: VIRUSTOTAL_API_KEY capability: consumes: - type: http namespace: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis baseUri: https://www.virustotal.com/api/v3 description: VirusTotal API v3 - Threat Landscape and Vulnerability Intelligence — Threat Landscape & Vulnerability Intelligence & Reports & Analysis. Self-contained, no shared references. authentication: type: apikey key: x-apikey value: '{{env.VIRUSTOTAL_API_KEY}}' placement: header resources: - name: collections path: /collections operations: - name: listThreats method: GET description: VirusTotal List Threat Objects (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report) inputParameters: - name: limit in: query type: integer required: false description: Maximum number of threat objects to retrieve (max 40) - name: cursor in: query type: string required: false description: Continuation cursor - name: filter in: query type: string required: false description: Filter threat objects by different properties - name: order in: query type: string required: false description: Sorting order outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createIocCollection method: POST description: VirusTotal Create a New IoC Collection inputParameters: - name: body in: body type: object required: false description: Request body payload. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: collections-id path: /collections/{id} operations: - name: getThreat method: GET description: VirusTotal Get a Threat inputParameters: - name: id in: path type: string required: true description: Threat object's ID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deleteIocCollection method: DELETE description: VirusTotal Delete an IoC Collection inputParameters: - name: id in: path type: string required: true description: IoC Collection's ID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updateIocCollection method: PATCH description: VirusTotal Update an IoC Collection inputParameters: - name: id in: path type: string required: true description: IoC Collection's ID - name: body in: body type: object required: false description: Request body payload. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: collections-id-relationships-relationship path: /collections/{id}/relationships/{relationship} operations: - name: getThreatRelatedDescriptors method: GET description: VirusTotal Get Object Descriptors Related to a Threat Object (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report) inputParameters: - name: id in: path type: string required: true description: Threat object's ID - name: relationship in: path type: string required: true description: Relationship name (see [threat actors](ref:threat-actor-object#relationships), [campaigns](ref:campaign-object#relationships), [malware](ref:malware-family-object#relationships), [toolkits](ref:software-toolkit-object#relationships), [ioc collectins](ref:ioc-collection-object#relationships), [reports](ref:report-object#relationships), [vulnerabilities](ref:vulnerability-object#relationships)) relationships section - name: limit in: query type: integer required: false description: Maximum number of related objects to retrieve - name: cursor in: query type: string required: false description: Continuation cursor outputRawFormat: json outputParameters: - name: result type: object value: $. - name: collections-id-relationship path: /collections/{id}/{relationship} operations: - name: getThreatRelationships method: GET description: VirusTotal Get Objects Related to a Threat Object (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report) inputParameters: - name: id in: path type: string required: true description: Threat object's ID - name: relationship in: path type: string required: true description: Relationship name (see [threat actors](ref:threat-actor-object#relationships), [campaigns](ref:campaign-object#relationships), [malware](ref:malware-family-object#relationships), [toolkits](ref:software-toolkit-object#relationships), [ioc collectins](ref:ioc-collection-object#relationships), [reports](ref:report-object#relationships), [vulnerabilities](ref:vulnerability-object#relationships)) relationships section - name: limit in: query type: integer required: false description: Maximum number of related objects to retrieve - name: cursor in: query type: string required: false description: Continuation cursor outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deleteElementFromIocCollection method: DELETE description: VirusTotal Delete Items from an IoC Collection inputParameters: - name: id in: path type: string required: true description: IoC Collection's ID - name: relationship in: path type: string required: true description: Relationship name (see [table](ref:ioc-collection-object#relationships)) - name: body in: body type: object required: false description: Request body payload. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: addElementToIocCollection method: POST description: VirusTotal Add New Items to an IoC Collection inputParameters: - name: id in: path type: string required: true description: IoC Collection's ID - name: relationship in: path type: string required: true description: Relationship name (see [table](ref:ioc-collection-object#relationships)) - name: body in: body type: object required: false description: Request body payload. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: collections-id-comments path: /collections/{id}/comments operations: - name: getThreatComments method: GET description: VirusTotal Get Comments from a Threat Object (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report) inputParameters: - name: id in: path type: string required: true description: Threat object's ID - name: limit in: query type: integer required: false description: Maximum number of comments to retrieve - name: cursor in: query type: string required: false description: Continuation cursor outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createThreatComment method: POST description: VirusTotal Add a Comment to a Threat Object (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report) Object inputParameters: - name: id in: path type: string required: true description: Threat object's ID - name: body in: body type: object required: false description: Request body payload. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: collections-id-mitre-tree path: /collections/{id}/mitre_tree operations: - name: getThreatMitreTree method: GET description: VirusTotal Get MITRE Tactics and Techniques Associated with a Threat Object (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report) inputParameters: - name: id in: path type: string required: true description: Threat object's ID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: collections-id-search path: /collections/{id}/search operations: - name: searchIocsInsideAThreat method: GET description: VirusTotal Search IoCs Inside a Threat Object (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report) inputParameters: - name: id in: path type: string required: true description: Threat object's ID - name: query in: query type: string required: true description: Intelligence query - name: limit in: query type: integer required: false description: Maximum number of IoCs to retrieve (max 40) - name: cursor in: query type: string required: false description: Continuation cursor - name: order in: query type: string required: false description: Sorting order - name: attributes in: query type: string required: false description: Comma-separated attributes to return from the resulting IoCs - name: relationships in: query type: string required: false description: Comma-separated name of relationships descriptors to return from the IoCs outputRawFormat: json outputParameters: - name: result type: object value: $. - name: collections-id-download-format path: /collections/{id}/download/{format} operations: - name: exportThreatIocs method: GET description: VirusTotal Export IOCs from a Threat Object (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report) inputParameters: - name: id in: path type: string required: true description: Threat object's ID - name: format in: path type: string required: true description: Export format (one of `json`, `csv`, or `stix`) outputRawFormat: json outputParameters: - name: result type: object value: $. - name: collections-id-aggregations-download-format path: /collections/{id}/aggregations/download/{format} operations: - name: exportThreatAggregations method: GET description: VirusTotal Export Aggregations / Commonalities from a Threat Object (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report) inputParameters: - name: id in: path type: string required: true description: Threat object's ID - name: format in: path type: string required: true description: Export format (one of `json` or `csv`) outputRawFormat: json outputParameters: - name: result type: object value: $. - name: collections-id-relationship-download-format path: /collections/{id}/{relationship}/download/{format} operations: - name: exportIocsThreatRelationship method: GET description: VirusTotal Export IOCs from a Given Threat Object (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report)'s Relationship inputParameters: - name: id in: path type: string required: true description: Threat object's ID - name: relationship in: path type: string required: true description: Relationship name (see [threat actors](ref:threat-actor-object#relationships), [campaign](ref:campaign-object#relationships), [malware family](ref:malware-family-object#relationships), [software toolkit](ref:software-toolkit-object#relationships), [ioc collections](ref:ioc-collection-object#relationships), [reports](ref:report-object#relationships), [vulnerabilities](ref:vulnerability-object#relationships)) relationships section - name: format in: path type: string required: true description: Export format (one of `json`, `csv`, or `stix`) outputRawFormat: json outputParameters: - name: result type: object value: $. exposes: - type: rest namespace: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis-rest port: 8080 description: REST adapter for VirusTotal API v3 - Threat Landscape and Vulnerability Intelligence — Threat Landscape & Vulnerability Intelligence & Reports & Analysis. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/collections name: collections description: REST surface for /collections. operations: - method: GET name: listThreats description: VirusTotal List Threat Objects (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report) call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.listThreats outputParameters: - type: object mapping: $. with: limit: rest.limit cursor: rest.cursor filter: rest.filter order: rest.order - method: POST name: createIocCollection description: VirusTotal Create a New IoC Collection call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.createIocCollection outputParameters: - type: object mapping: $. with: body: rest.body - path: /v1/collections/{id} name: collections-id description: REST surface for /collections/{id}. operations: - method: GET name: getThreat description: VirusTotal Get a Threat call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.getThreat outputParameters: - type: object mapping: $. with: id: rest.id - method: DELETE name: deleteIocCollection description: VirusTotal Delete an IoC Collection call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.deleteIocCollection outputParameters: - type: object mapping: $. with: id: rest.id - method: PATCH name: updateIocCollection description: VirusTotal Update an IoC Collection call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.updateIocCollection outputParameters: - type: object mapping: $. with: id: rest.id body: rest.body - path: /v1/collections/{id}/relationships/{relationship} name: collections-id-relationships-relationship description: REST surface for /collections/{id}/relationships/{relationship}. operations: - method: GET name: getThreatRelatedDescriptors description: VirusTotal Get Object Descriptors Related to a Threat Object (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report) call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.getThreatRelatedDescriptors outputParameters: - type: object mapping: $. with: id: rest.id relationship: rest.relationship limit: rest.limit cursor: rest.cursor - path: /v1/collections/{id}/{relationship} name: collections-id-relationship description: REST surface for /collections/{id}/{relationship}. operations: - method: GET name: getThreatRelationships description: VirusTotal Get Objects Related to a Threat Object (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report) call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.getThreatRelationships outputParameters: - type: object mapping: $. with: id: rest.id relationship: rest.relationship limit: rest.limit cursor: rest.cursor - method: DELETE name: deleteElementFromIocCollection description: VirusTotal Delete Items from an IoC Collection call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.deleteElementFromIocCollection outputParameters: - type: object mapping: $. with: id: rest.id relationship: rest.relationship body: rest.body - method: POST name: addElementToIocCollection description: VirusTotal Add New Items to an IoC Collection call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.addElementToIocCollection outputParameters: - type: object mapping: $. with: id: rest.id relationship: rest.relationship body: rest.body - path: /v1/collections/{id}/comments name: collections-id-comments description: REST surface for /collections/{id}/comments. operations: - method: GET name: getThreatComments description: VirusTotal Get Comments from a Threat Object (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report) call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.getThreatComments outputParameters: - type: object mapping: $. with: id: rest.id limit: rest.limit cursor: rest.cursor - method: POST name: createThreatComment description: VirusTotal Add a Comment to a Threat Object (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report) Object call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.createThreatComment outputParameters: - type: object mapping: $. with: id: rest.id body: rest.body - path: /v1/collections/{id}/mitre_tree name: collections-id-mitre-tree description: REST surface for /collections/{id}/mitre_tree. operations: - method: GET name: getThreatMitreTree description: VirusTotal Get MITRE Tactics and Techniques Associated with a Threat Object (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report) call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.getThreatMitreTree outputParameters: - type: object mapping: $. with: id: rest.id - path: /v1/collections/{id}/search name: collections-id-search description: REST surface for /collections/{id}/search. operations: - method: GET name: searchIocsInsideAThreat description: VirusTotal Search IoCs Inside a Threat Object (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report) call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.searchIocsInsideAThreat outputParameters: - type: object mapping: $. with: id: rest.id query: rest.query limit: rest.limit cursor: rest.cursor order: rest.order attributes: rest.attributes relationships: rest.relationships - path: /v1/collections/{id}/download/{format} name: collections-id-download-format description: REST surface for /collections/{id}/download/{format}. operations: - method: GET name: exportThreatIocs description: VirusTotal Export IOCs from a Threat Object (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report) call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.exportThreatIocs outputParameters: - type: object mapping: $. with: id: rest.id format: rest.format - path: /v1/collections/{id}/aggregations/download/{format} name: collections-id-aggregations-download-format description: REST surface for /collections/{id}/aggregations/download/{format}. operations: - method: GET name: exportThreatAggregations description: VirusTotal Export Aggregations / Commonalities from a Threat Object (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report) call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.exportThreatAggregations outputParameters: - type: object mapping: $. with: id: rest.id format: rest.format - path: /v1/collections/{id}/{relationship}/download/{format} name: collections-id-relationship-download-format description: REST surface for /collections/{id}/{relationship}/download/{format}. operations: - method: GET name: exportIocsThreatRelationship description: VirusTotal Export IOCs from a Given Threat Object (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report)'s Relationship call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.exportIocsThreatRelationship outputParameters: - type: object mapping: $. with: id: rest.id relationship: rest.relationship format: rest.format - type: mcp namespace: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis-mcp port: 9090 transport: http description: MCP adapter for VirusTotal API v3 - Threat Landscape and Vulnerability Intelligence — Threat Landscape & Vulnerability Intelligence & Reports & Analysis. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: list-threat-objects-actor-malware description: VirusTotal List Threat Objects (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report) hints: readOnly: true destructive: false idempotent: true call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.listThreats outputParameters: - type: object mapping: $. with: limit: tools.limit cursor: tools.cursor filter: tools.filter order: tools.order - name: create-new-ioc-collection description: VirusTotal Create a New IoC Collection hints: readOnly: false destructive: false idempotent: false call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.createIocCollection outputParameters: - type: object mapping: $. with: body: tools.body - name: get-threat description: VirusTotal Get a Threat hints: readOnly: true destructive: false idempotent: true call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.getThreat outputParameters: - type: object mapping: $. with: id: tools.id - name: delete-ioc-collection description: VirusTotal Delete an IoC Collection hints: readOnly: false destructive: true idempotent: true call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.deleteIocCollection outputParameters: - type: object mapping: $. with: id: tools.id - name: update-ioc-collection description: VirusTotal Update an IoC Collection hints: readOnly: false destructive: false idempotent: true call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.updateIocCollection outputParameters: - type: object mapping: $. with: id: tools.id body: tools.body - name: get-object-descriptors-related-threat description: VirusTotal Get Object Descriptors Related to a Threat Object (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report) hints: readOnly: true destructive: false idempotent: true call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.getThreatRelatedDescriptors outputParameters: - type: object mapping: $. with: id: tools.id relationship: tools.relationship limit: tools.limit cursor: tools.cursor - name: get-objects-related-threat-object description: VirusTotal Get Objects Related to a Threat Object (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report) hints: readOnly: true destructive: false idempotent: true call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.getThreatRelationships outputParameters: - type: object mapping: $. with: id: tools.id relationship: tools.relationship limit: tools.limit cursor: tools.cursor - name: delete-items-ioc-collection description: VirusTotal Delete Items from an IoC Collection hints: readOnly: false destructive: true idempotent: true call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.deleteElementFromIocCollection outputParameters: - type: object mapping: $. with: id: tools.id relationship: tools.relationship body: tools.body - name: add-new-items-ioc-collection description: VirusTotal Add New Items to an IoC Collection hints: readOnly: false destructive: false idempotent: false call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.addElementToIocCollection outputParameters: - type: object mapping: $. with: id: tools.id relationship: tools.relationship body: tools.body - name: get-comments-threat-object-actor description: VirusTotal Get Comments from a Threat Object (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report) hints: readOnly: true destructive: false idempotent: true call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.getThreatComments outputParameters: - type: object mapping: $. with: id: tools.id limit: tools.limit cursor: tools.cursor - name: add-comment-threat-object-actor description: VirusTotal Add a Comment to a Threat Object (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report) Object hints: readOnly: false destructive: false idempotent: false call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.createThreatComment outputParameters: - type: object mapping: $. with: id: tools.id body: tools.body - name: get-mitre-tactics-techniques-associated description: VirusTotal Get MITRE Tactics and Techniques Associated with a Threat Object (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report) hints: readOnly: true destructive: false idempotent: true call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.getThreatMitreTree outputParameters: - type: object mapping: $. with: id: tools.id - name: search-iocs-inside-threat-object description: VirusTotal Search IoCs Inside a Threat Object (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report) hints: readOnly: true destructive: false idempotent: true call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.searchIocsInsideAThreat outputParameters: - type: object mapping: $. with: id: tools.id query: tools.query limit: tools.limit cursor: tools.cursor order: tools.order attributes: tools.attributes relationships: tools.relationships - name: export-iocs-threat-object-actor description: VirusTotal Export IOCs from a Threat Object (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report) hints: readOnly: true destructive: false idempotent: true call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.exportThreatIocs outputParameters: - type: object mapping: $. with: id: tools.id format: tools.format - name: export-aggregations-commonalities-threat-object description: VirusTotal Export Aggregations / Commonalities from a Threat Object (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report) hints: readOnly: true destructive: false idempotent: true call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.exportThreatAggregations outputParameters: - type: object mapping: $. with: id: tools.id format: tools.format - name: export-iocs-given-threat-object description: VirusTotal Export IOCs from a Given Threat Object (Actor, Malware & Tool, Campaign, IoC Collection, Vulnerability, Report)'s Relationship hints: readOnly: true destructive: false idempotent: true call: threat-landscape-threat-landscape-vulnerability-intelligence-reports-analysis.exportIocsThreatRelationship outputParameters: - type: object mapping: $. with: id: tools.id relationship: tools.relationship format: tools.format