naftiko: 1.0.0-alpha2 info: label: VirusTotal API v3 - YARA Hunting (Livehunt, Retrohunt, IoC Stream) — YARA Hunting - Livehunt description: 'VirusTotal API v3 - YARA Hunting (Livehunt, Retrohunt, IoC Stream) — YARA Hunting - Livehunt. 17 operations. Lead operation: Retrieve File Objects for Livehunt Notifications. Self-contained Naftiko capability covering one VirusTotal business surface.' tags: - VirusTotal - YARA Hunting - Livehunt created: '2026-05-29' modified: '2026-05-29' binds: - namespace: env keys: VIRUSTOTAL_API_KEY: VIRUSTOTAL_API_KEY capability: consumes: - type: http namespace: yara-hunting-yara-hunting-livehunt baseUri: https://www.virustotal.com/api/v3 description: VirusTotal API v3 - YARA Hunting (Livehunt, Retrohunt, IoC Stream) — YARA Hunting - Livehunt. Self-contained, no shared references. authentication: type: apikey key: x-apikey value: '{{env.VIRUSTOTAL_API_KEY}}' placement: header resources: - name: intelligence-hunting-notification-files path: /intelligence/hunting_notification_files operations: - name: huntingNotificationFiles method: GET description: VirusTotal Retrieve File Objects for Livehunt Notifications inputParameters: - name: limit in: query type: string required: false description: Maximum number of notifications to retrieve - name: cursor in: query type: string required: false description: Continuation cursor - name: filter in: query type: string required: false description: String to search with in the hunting notification tags - name: count_limit in: query type: integer required: false description: Maximum number of notifications counted (meta.count in the response) 10,000 max outputRawFormat: json outputParameters: - name: result type: object value: $. - name: intelligence-hunting-notifications path: /intelligence/hunting_notifications operations: - name: deleteHuntingNotifications method: DELETE description: VirusTotal Delete Livehunt Notifications inputParameters: - name: tag in: query type: string required: false description: Delete notifications with the given tag outputRawFormat: json outputParameters: - name: result type: object value: $. - name: listHuntingNotifications method: GET description: VirusTotal Get Livehunt Notifications inputParameters: - name: limit in: query type: string required: false description: Maximum number of notifications to retrieve - name: filter in: query type: string required: false description: Return the notifications matching the given criteria only - name: cursor in: query type: string required: false description: Continuation cursor - name: count_limit in: query type: integer required: false description: Maximum number of notifications counted (meta.count in the response) 10,000 max outputRawFormat: json outputParameters: - name: result type: object value: $. - name: intelligence-hunting-notifications-id path: /intelligence/hunting_notifications/{id} operations: - name: deleteHuntingNotification method: DELETE description: VirusTotal Delete a Livehunt Notification inputParameters: - name: id in: path type: string required: true description: Notification identifier outputRawFormat: json outputParameters: - name: result type: object value: $. - name: getHuntingNotification method: GET description: VirusTotal Get a Livehunt Notification Object inputParameters: - name: id in: path type: string required: true description: Notification identifier outputRawFormat: json outputParameters: - name: result type: object value: $. - name: intelligence-hunting-rulesets path: /intelligence/hunting_rulesets operations: - name: deleteAllHuntingRulesets method: DELETE description: VirusTotal Remove All Livehunt Rulesets inputParameters: - name: x-confirm-delete in: header type: string required: true description: Since this is a very destructive operation, this additional header must be set to your username. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: listHuntingRulesets method: GET description: VirusTotal Get Livehunt Rulesets inputParameters: - name: limit in: query type: integer required: false description: Maximum number of rulesets to retrieve - name: filter in: query type: string required: false description: Return the rulesets matching the given criteria only - name: order in: query type: string required: false description: Sort order - name: cursor in: query type: string required: false description: Continuation cursor outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createHuntingRuleset method: POST description: VirusTotal Create a New Livehunt Ruleset inputParameters: - name: body in: body type: object required: false description: Request body payload. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: intelligence-hunting-rulesets-id path: /intelligence/hunting_rulesets/{id} operations: - name: deleteHuntingRuleset method: DELETE description: VirusTotal Delete a Livehunt Ruleset inputParameters: - name: id in: path type: string required: true description: Ruleset identifier outputRawFormat: json outputParameters: - name: result type: object value: $. - name: getHuntingRuleset method: GET description: VirusTotal Get a Livehunt Ruleset inputParameters: - name: id in: path type: string required: true description: Ruleset identifier outputRawFormat: json outputParameters: - name: result type: object value: $. - name: modifyHuntingRuleset method: PATCH description: VirusTotal Update a Livehunt Ruleset inputParameters: - name: id in: path type: string required: true description: Ruleset identifier - name: body in: body type: object required: false description: Request body payload. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: intelligence-hunting-rulesets-id-relationships-editors path: /intelligence/hunting_rulesets/{id}/relationships/editors operations: - name: editHuntingRulesetRelationship method: POST description: VirusTotal Grant Livehunt Ruleset Edit Permissions for a User or Group inputParameters: - name: id in: path type: string required: true description: Ruleset identifier - name: body in: body type: object required: false description: Request body payload. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: intelligence-hunting-rulesets-id-relationships-editors-user-or-group-id path: /intelligence/hunting_rulesets/{id}/relationships/editors/{user_or_group_id} operations: - name: deleteHuntingRulesetEditor method: DELETE description: VirusTotal Revoke Livehunt Ruleset Edit Permission from a User or Group inputParameters: - name: id in: path type: string required: true description: Ruleset identifier - name: user_or_group_id in: path type: string required: true description: User or group ID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: checkUserHuntingRulesetEditor method: GET description: VirusTotal Check if a User or Group is a Livehunt Ruleset Editor inputParameters: - name: id in: path type: string required: true description: Ruleset identifier - name: user_or_group_id in: path type: string required: true description: User or group ID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: intelligence-hunting-rulesets-id-relationships-owner path: /intelligence/hunting_rulesets/{id}/relationships/owner operations: - name: transferLivehuntRulesetToAnotherUser method: POST description: VirusTotal Transfer Livehunt Ruleset to Another User inputParameters: - name: id in: path type: string required: true description: Ruleset identifier - name: body in: body type: object required: false description: Request body payload. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: intelligence-hunting-rulesets-id-relationships-relationship path: /intelligence/hunting_rulesets/{id}/relationships/{relationship} operations: - name: getHuntingRulesetRelationship method: GET description: VirusTotal Get Object Descriptors Related to a Livehunt Ruleset inputParameters: - name: id in: path type: string required: true description: Ruleset identifier - name: relationship in: path type: string required: true description: Relationship name (see [table](ref:hunting-ruleset-object#relationships)) outputRawFormat: json outputParameters: - name: result type: object value: $. - name: intelligence-hunting-rulesets-id-relationship path: /intelligence/hunting_rulesets/{id}/{relationship} operations: - name: getHuntingRulesetFullRelationships method: GET description: VirusTotal Get Objects Related to a Livehunt Ruleset inputParameters: - name: id in: path type: string required: true description: Ruleset identifier - name: relationship in: path type: string required: true description: Relationship name (see [table](ref:hunting-ruleset-object#relationships)) outputRawFormat: json outputParameters: - name: result type: object value: $. exposes: - type: rest namespace: yara-hunting-yara-hunting-livehunt-rest port: 8080 description: REST adapter for VirusTotal API v3 - YARA Hunting (Livehunt, Retrohunt, IoC Stream) — YARA Hunting - Livehunt. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/intelligence/hunting_notification_files name: intelligence-hunting-notification-files description: REST surface for /intelligence/hunting_notification_files. operations: - method: GET name: huntingNotificationFiles description: VirusTotal Retrieve File Objects for Livehunt Notifications call: yara-hunting-yara-hunting-livehunt.huntingNotificationFiles outputParameters: - type: object mapping: $. with: limit: rest.limit cursor: rest.cursor filter: rest.filter count_limit: rest.count_limit - path: /v1/intelligence/hunting_notifications name: intelligence-hunting-notifications description: REST surface for /intelligence/hunting_notifications. operations: - method: DELETE name: deleteHuntingNotifications description: VirusTotal Delete Livehunt Notifications call: yara-hunting-yara-hunting-livehunt.deleteHuntingNotifications outputParameters: - type: object mapping: $. with: tag: rest.tag - method: GET name: listHuntingNotifications description: VirusTotal Get Livehunt Notifications call: yara-hunting-yara-hunting-livehunt.listHuntingNotifications outputParameters: - type: object mapping: $. with: limit: rest.limit filter: rest.filter cursor: rest.cursor count_limit: rest.count_limit - path: /v1/intelligence/hunting_notifications/{id} name: intelligence-hunting-notifications-id description: REST surface for /intelligence/hunting_notifications/{id}. operations: - method: DELETE name: deleteHuntingNotification description: VirusTotal Delete a Livehunt Notification call: yara-hunting-yara-hunting-livehunt.deleteHuntingNotification outputParameters: - type: object mapping: $. with: id: rest.id - method: GET name: getHuntingNotification description: VirusTotal Get a Livehunt Notification Object call: yara-hunting-yara-hunting-livehunt.getHuntingNotification outputParameters: - type: object mapping: $. with: id: rest.id - path: /v1/intelligence/hunting_rulesets name: intelligence-hunting-rulesets description: REST surface for /intelligence/hunting_rulesets. operations: - method: DELETE name: deleteAllHuntingRulesets description: VirusTotal Remove All Livehunt Rulesets call: yara-hunting-yara-hunting-livehunt.deleteAllHuntingRulesets outputParameters: - type: object mapping: $. with: x-confirm-delete: rest.x-confirm-delete - method: GET name: listHuntingRulesets description: VirusTotal Get Livehunt Rulesets call: yara-hunting-yara-hunting-livehunt.listHuntingRulesets outputParameters: - type: object mapping: $. with: limit: rest.limit filter: rest.filter order: rest.order cursor: rest.cursor - method: POST name: createHuntingRuleset description: VirusTotal Create a New Livehunt Ruleset call: yara-hunting-yara-hunting-livehunt.createHuntingRuleset outputParameters: - type: object mapping: $. with: body: rest.body - path: /v1/intelligence/hunting_rulesets/{id} name: intelligence-hunting-rulesets-id description: REST surface for /intelligence/hunting_rulesets/{id}. operations: - method: DELETE name: deleteHuntingRuleset description: VirusTotal Delete a Livehunt Ruleset call: yara-hunting-yara-hunting-livehunt.deleteHuntingRuleset outputParameters: - type: object mapping: $. with: id: rest.id - method: GET name: getHuntingRuleset description: VirusTotal Get a Livehunt Ruleset call: yara-hunting-yara-hunting-livehunt.getHuntingRuleset outputParameters: - type: object mapping: $. with: id: rest.id - method: PATCH name: modifyHuntingRuleset description: VirusTotal Update a Livehunt Ruleset call: yara-hunting-yara-hunting-livehunt.modifyHuntingRuleset outputParameters: - type: object mapping: $. with: id: rest.id body: rest.body - path: /v1/intelligence/hunting_rulesets/{id}/relationships/editors name: intelligence-hunting-rulesets-id-relationships-editors description: REST surface for /intelligence/hunting_rulesets/{id}/relationships/editors. operations: - method: POST name: editHuntingRulesetRelationship description: VirusTotal Grant Livehunt Ruleset Edit Permissions for a User or Group call: yara-hunting-yara-hunting-livehunt.editHuntingRulesetRelationship outputParameters: - type: object mapping: $. with: id: rest.id body: rest.body - path: /v1/intelligence/hunting_rulesets/{id}/relationships/editors/{user_or_group_id} name: intelligence-hunting-rulesets-id-relationships-editors-user-or-group-id description: REST surface for /intelligence/hunting_rulesets/{id}/relationships/editors/{user_or_group_id}. operations: - method: DELETE name: deleteHuntingRulesetEditor description: VirusTotal Revoke Livehunt Ruleset Edit Permission from a User or Group call: yara-hunting-yara-hunting-livehunt.deleteHuntingRulesetEditor outputParameters: - type: object mapping: $. with: id: rest.id user_or_group_id: rest.user_or_group_id - method: GET name: checkUserHuntingRulesetEditor description: VirusTotal Check if a User or Group is a Livehunt Ruleset Editor call: yara-hunting-yara-hunting-livehunt.checkUserHuntingRulesetEditor outputParameters: - type: object mapping: $. with: id: rest.id user_or_group_id: rest.user_or_group_id - path: /v1/intelligence/hunting_rulesets/{id}/relationships/owner name: intelligence-hunting-rulesets-id-relationships-owner description: REST surface for /intelligence/hunting_rulesets/{id}/relationships/owner. operations: - method: POST name: transferLivehuntRulesetToAnotherUser description: VirusTotal Transfer Livehunt Ruleset to Another User call: yara-hunting-yara-hunting-livehunt.transferLivehuntRulesetToAnotherUser outputParameters: - type: object mapping: $. with: id: rest.id body: rest.body - path: /v1/intelligence/hunting_rulesets/{id}/relationships/{relationship} name: intelligence-hunting-rulesets-id-relationships-relationship description: REST surface for /intelligence/hunting_rulesets/{id}/relationships/{relationship}. operations: - method: GET name: getHuntingRulesetRelationship description: VirusTotal Get Object Descriptors Related to a Livehunt Ruleset call: yara-hunting-yara-hunting-livehunt.getHuntingRulesetRelationship outputParameters: - type: object mapping: $. with: id: rest.id relationship: rest.relationship - path: /v1/intelligence/hunting_rulesets/{id}/{relationship} name: intelligence-hunting-rulesets-id-relationship description: REST surface for /intelligence/hunting_rulesets/{id}/{relationship}. operations: - method: GET name: getHuntingRulesetFullRelationships description: VirusTotal Get Objects Related to a Livehunt Ruleset call: yara-hunting-yara-hunting-livehunt.getHuntingRulesetFullRelationships outputParameters: - type: object mapping: $. with: id: rest.id relationship: rest.relationship - type: mcp namespace: yara-hunting-yara-hunting-livehunt-mcp port: 9090 transport: http description: MCP adapter for VirusTotal API v3 - YARA Hunting (Livehunt, Retrohunt, IoC Stream) — YARA Hunting - Livehunt. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: retrieve-file-objects-livehunt-notifications description: VirusTotal Retrieve File Objects for Livehunt Notifications hints: readOnly: true destructive: false idempotent: true call: yara-hunting-yara-hunting-livehunt.huntingNotificationFiles outputParameters: - type: object mapping: $. with: limit: tools.limit cursor: tools.cursor filter: tools.filter count_limit: tools.count_limit - name: delete-livehunt-notifications description: VirusTotal Delete Livehunt Notifications hints: readOnly: false destructive: true idempotent: true call: yara-hunting-yara-hunting-livehunt.deleteHuntingNotifications outputParameters: - type: object mapping: $. with: tag: tools.tag - name: get-livehunt-notifications description: VirusTotal Get Livehunt Notifications hints: readOnly: true destructive: false idempotent: true call: yara-hunting-yara-hunting-livehunt.listHuntingNotifications outputParameters: - type: object mapping: $. with: limit: tools.limit filter: tools.filter cursor: tools.cursor count_limit: tools.count_limit - name: delete-livehunt-notification description: VirusTotal Delete a Livehunt Notification hints: readOnly: false destructive: true idempotent: true call: yara-hunting-yara-hunting-livehunt.deleteHuntingNotification outputParameters: - type: object mapping: $. with: id: tools.id - name: get-livehunt-notification-object description: VirusTotal Get a Livehunt Notification Object hints: readOnly: true destructive: false idempotent: true call: yara-hunting-yara-hunting-livehunt.getHuntingNotification outputParameters: - type: object mapping: $. with: id: tools.id - name: remove-all-livehunt-rulesets description: VirusTotal Remove All Livehunt Rulesets hints: readOnly: false destructive: true idempotent: true call: yara-hunting-yara-hunting-livehunt.deleteAllHuntingRulesets outputParameters: - type: object mapping: $. with: x-confirm-delete: tools.x-confirm-delete - name: get-livehunt-rulesets description: VirusTotal Get Livehunt Rulesets hints: readOnly: true destructive: false idempotent: true call: yara-hunting-yara-hunting-livehunt.listHuntingRulesets outputParameters: - type: object mapping: $. with: limit: tools.limit filter: tools.filter order: tools.order cursor: tools.cursor - name: create-new-livehunt-ruleset description: VirusTotal Create a New Livehunt Ruleset hints: readOnly: false destructive: false idempotent: false call: yara-hunting-yara-hunting-livehunt.createHuntingRuleset outputParameters: - type: object mapping: $. with: body: tools.body - name: delete-livehunt-ruleset description: VirusTotal Delete a Livehunt Ruleset hints: readOnly: false destructive: true idempotent: true call: yara-hunting-yara-hunting-livehunt.deleteHuntingRuleset outputParameters: - type: object mapping: $. with: id: tools.id - name: get-livehunt-ruleset description: VirusTotal Get a Livehunt Ruleset hints: readOnly: true destructive: false idempotent: true call: yara-hunting-yara-hunting-livehunt.getHuntingRuleset outputParameters: - type: object mapping: $. with: id: tools.id - name: update-livehunt-ruleset description: VirusTotal Update a Livehunt Ruleset hints: readOnly: false destructive: false idempotent: true call: yara-hunting-yara-hunting-livehunt.modifyHuntingRuleset outputParameters: - type: object mapping: $. with: id: tools.id body: tools.body - name: grant-livehunt-ruleset-edit-permissions description: VirusTotal Grant Livehunt Ruleset Edit Permissions for a User or Group hints: readOnly: false destructive: false idempotent: false call: yara-hunting-yara-hunting-livehunt.editHuntingRulesetRelationship outputParameters: - type: object mapping: $. with: id: tools.id body: tools.body - name: revoke-livehunt-ruleset-edit-permission description: VirusTotal Revoke Livehunt Ruleset Edit Permission from a User or Group hints: readOnly: false destructive: true idempotent: true call: yara-hunting-yara-hunting-livehunt.deleteHuntingRulesetEditor outputParameters: - type: object mapping: $. with: id: tools.id user_or_group_id: tools.user_or_group_id - name: check-if-user-group-is description: VirusTotal Check if a User or Group is a Livehunt Ruleset Editor hints: readOnly: true destructive: false idempotent: true call: yara-hunting-yara-hunting-livehunt.checkUserHuntingRulesetEditor outputParameters: - type: object mapping: $. with: id: tools.id user_or_group_id: tools.user_or_group_id - name: transfer-livehunt-ruleset-another-user description: VirusTotal Transfer Livehunt Ruleset to Another User hints: readOnly: false destructive: false idempotent: false call: yara-hunting-yara-hunting-livehunt.transferLivehuntRulesetToAnotherUser outputParameters: - type: object mapping: $. with: id: tools.id body: tools.body - name: get-object-descriptors-related-livehunt description: VirusTotal Get Object Descriptors Related to a Livehunt Ruleset hints: readOnly: true destructive: false idempotent: true call: yara-hunting-yara-hunting-livehunt.getHuntingRulesetRelationship outputParameters: - type: object mapping: $. with: id: tools.id relationship: tools.relationship - name: get-objects-related-livehunt-ruleset description: VirusTotal Get Objects Related to a Livehunt Ruleset hints: readOnly: true destructive: false idempotent: true call: yara-hunting-yara-hunting-livehunt.getHuntingRulesetFullRelationships outputParameters: - type: object mapping: $. with: id: tools.id relationship: tools.relationship