naftiko: 1.0.0-alpha2 info: label: VirusTotal API v3 - YARA Hunting (Livehunt, Retrohunt, IoC Stream) — YARA Hunting - Retrohunt description: 'VirusTotal API v3 - YARA Hunting (Livehunt, Retrohunt, IoC Stream) — YARA Hunting - Retrohunt. 6 operations. Lead operation: Get a List of Retrohunt Jobs. Self-contained Naftiko capability covering one VirusTotal business surface.' tags: - VirusTotal - YARA Hunting - Retrohunt created: '2026-05-29' modified: '2026-05-29' binds: - namespace: env keys: VIRUSTOTAL_API_KEY: VIRUSTOTAL_API_KEY capability: consumes: - type: http namespace: yara-hunting-yara-hunting-retrohunt baseUri: https://www.virustotal.com/api/v3 description: VirusTotal API v3 - YARA Hunting (Livehunt, Retrohunt, IoC Stream) — YARA Hunting - Retrohunt. Self-contained, no shared references. authentication: type: apikey key: x-apikey value: '{{env.VIRUSTOTAL_API_KEY}}' placement: header resources: - name: intelligence-retrohunt-jobs path: /intelligence/retrohunt_jobs operations: - name: getRetrohuntJobs method: GET description: VirusTotal Get a List of Retrohunt Jobs inputParameters: - name: limit in: query type: integer required: false description: Maximum number jobs to retrieve - name: filter in: query type: string required: false description: Return the jobs matching the given criteria only - name: cursor in: query type: string required: false description: Continuation cursor outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createRetrohuntJob method: POST description: VirusTotal Create a New Retrohunt Job inputParameters: - name: body in: body type: object required: false description: Request body payload. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: intelligence-retrohunt-jobs-id path: /intelligence/retrohunt_jobs/{id} operations: - name: deleteRetrohuntJob method: DELETE description: VirusTotal Delete a Retrohunt Job inputParameters: - name: id in: path type: string required: true description: Job identifier outputRawFormat: json outputParameters: - name: result type: object value: $. - name: getRetrohuntJob method: GET description: VirusTotal Get a Retrohunt Job Object inputParameters: - name: id in: path type: string required: true description: Job identifier outputRawFormat: json outputParameters: - name: result type: object value: $. - name: intelligence-retrohunt-jobs-id-abort path: /intelligence/retrohunt_jobs/{id}/abort operations: - name: abortRetrohuntJob method: POST description: VirusTotal Abort a Retrohunt Job inputParameters: - name: id in: path type: string required: true description: Job identifier outputRawFormat: json outputParameters: - name: result type: object value: $. - name: intelligence-retrohunt-jobs-id-matching-files path: /intelligence/retrohunt_jobs/{id}/matching_files operations: - name: getRetrohuntJobRelationships method: GET description: VirusTotal Retrieve Matches for a Retrohunt Job inputParameters: - name: id in: path type: string required: true description: Job identifier - name: cursor in: query type: string required: false description: Continuation cursor - name: limit in: query type: integer required: false description: Maximum number of matching files to retrieve outputRawFormat: json outputParameters: - name: result type: object value: $. exposes: - type: rest namespace: yara-hunting-yara-hunting-retrohunt-rest port: 8080 description: REST adapter for VirusTotal API v3 - YARA Hunting (Livehunt, Retrohunt, IoC Stream) — YARA Hunting - Retrohunt. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/intelligence/retrohunt_jobs name: intelligence-retrohunt-jobs description: REST surface for /intelligence/retrohunt_jobs. operations: - method: GET name: getRetrohuntJobs description: VirusTotal Get a List of Retrohunt Jobs call: yara-hunting-yara-hunting-retrohunt.getRetrohuntJobs outputParameters: - type: object mapping: $. with: limit: rest.limit filter: rest.filter cursor: rest.cursor - method: POST name: createRetrohuntJob description: VirusTotal Create a New Retrohunt Job call: yara-hunting-yara-hunting-retrohunt.createRetrohuntJob outputParameters: - type: object mapping: $. with: body: rest.body - path: /v1/intelligence/retrohunt_jobs/{id} name: intelligence-retrohunt-jobs-id description: REST surface for /intelligence/retrohunt_jobs/{id}. operations: - method: DELETE name: deleteRetrohuntJob description: VirusTotal Delete a Retrohunt Job call: yara-hunting-yara-hunting-retrohunt.deleteRetrohuntJob outputParameters: - type: object mapping: $. with: id: rest.id - method: GET name: getRetrohuntJob description: VirusTotal Get a Retrohunt Job Object call: yara-hunting-yara-hunting-retrohunt.getRetrohuntJob outputParameters: - type: object mapping: $. with: id: rest.id - path: /v1/intelligence/retrohunt_jobs/{id}/abort name: intelligence-retrohunt-jobs-id-abort description: REST surface for /intelligence/retrohunt_jobs/{id}/abort. operations: - method: POST name: abortRetrohuntJob description: VirusTotal Abort a Retrohunt Job call: yara-hunting-yara-hunting-retrohunt.abortRetrohuntJob outputParameters: - type: object mapping: $. with: id: rest.id - path: /v1/intelligence/retrohunt_jobs/{id}/matching_files name: intelligence-retrohunt-jobs-id-matching-files description: REST surface for /intelligence/retrohunt_jobs/{id}/matching_files. operations: - method: GET name: getRetrohuntJobRelationships description: VirusTotal Retrieve Matches for a Retrohunt Job call: yara-hunting-yara-hunting-retrohunt.getRetrohuntJobRelationships outputParameters: - type: object mapping: $. with: id: rest.id cursor: rest.cursor limit: rest.limit - type: mcp namespace: yara-hunting-yara-hunting-retrohunt-mcp port: 9090 transport: http description: MCP adapter for VirusTotal API v3 - YARA Hunting (Livehunt, Retrohunt, IoC Stream) — YARA Hunting - Retrohunt. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: get-list-retrohunt-jobs description: VirusTotal Get a List of Retrohunt Jobs hints: readOnly: true destructive: false idempotent: true call: yara-hunting-yara-hunting-retrohunt.getRetrohuntJobs outputParameters: - type: object mapping: $. with: limit: tools.limit filter: tools.filter cursor: tools.cursor - name: create-new-retrohunt-job description: VirusTotal Create a New Retrohunt Job hints: readOnly: false destructive: false idempotent: false call: yara-hunting-yara-hunting-retrohunt.createRetrohuntJob outputParameters: - type: object mapping: $. with: body: tools.body - name: delete-retrohunt-job description: VirusTotal Delete a Retrohunt Job hints: readOnly: false destructive: true idempotent: true call: yara-hunting-yara-hunting-retrohunt.deleteRetrohuntJob outputParameters: - type: object mapping: $. with: id: tools.id - name: get-retrohunt-job-object description: VirusTotal Get a Retrohunt Job Object hints: readOnly: true destructive: false idempotent: true call: yara-hunting-yara-hunting-retrohunt.getRetrohuntJob outputParameters: - type: object mapping: $. with: id: tools.id - name: abort-retrohunt-job description: VirusTotal Abort a Retrohunt Job hints: readOnly: false destructive: false idempotent: false call: yara-hunting-yara-hunting-retrohunt.abortRetrohuntJob outputParameters: - type: object mapping: $. with: id: tools.id - name: retrieve-matches-retrohunt-job description: VirusTotal Retrieve Matches for a Retrohunt Job hints: readOnly: true destructive: false idempotent: true call: yara-hunting-yara-hunting-retrohunt.getRetrohuntJobRelationships outputParameters: - type: object mapping: $. with: id: tools.id cursor: tools.cursor limit: tools.limit