naftiko: 1.0.0-alpha2 info: label: VirusTotal API v3 - YARA Hunting (Livehunt, Retrohunt, IoC Stream) — YARA Hunting - Rules description: 'VirusTotal API v3 - YARA Hunting (Livehunt, Retrohunt, IoC Stream) — YARA Hunting - Rules. 4 operations. Lead operation: List Crowdsourced YARA Rules. Self-contained Naftiko capability covering one VirusTotal business surface.' tags: - VirusTotal - YARA Hunting - Rules created: '2026-05-29' modified: '2026-05-29' binds: - namespace: env keys: VIRUSTOTAL_API_KEY: VIRUSTOTAL_API_KEY capability: consumes: - type: http namespace: yara-hunting-yara-hunting-rules baseUri: https://www.virustotal.com/api/v3 description: VirusTotal API v3 - YARA Hunting (Livehunt, Retrohunt, IoC Stream) — YARA Hunting - Rules. Self-contained, no shared references. authentication: type: apikey key: x-apikey value: '{{env.VIRUSTOTAL_API_KEY}}' placement: header resources: - name: yara-rules path: /yara_rules operations: - name: listCrowdsourcedYaraRules method: GET description: VirusTotal List Crowdsourced YARA Rules inputParameters: - name: limit in: query type: integer required: false description: Maximum number of rules to retrieve - name: filter in: query type: string required: false description: Return the rules matching the given criteria only - name: order in: query type: string required: false description: Sort order - name: cursor in: query type: string required: false description: Continuation cursor outputRawFormat: json outputParameters: - name: result type: object value: $. - name: yara-rules-id path: /yara_rules/{id} operations: - name: getACrowdsourcedYaraRule method: GET description: VirusTotal Get a Crowdsourced YARA Rule inputParameters: - name: id in: path type: string required: true description: Rule identifier outputRawFormat: json outputParameters: - name: result type: object value: $. - name: yara-rules-id-relationships-relationship path: /yara_rules/{id}/relationships/{relationship} operations: - name: crowdsourcedYaraRuleRelationshipDescriptorsEndpoint method: GET description: VirusTotal Get Objects Descriptors Related to a Crowdsourced YARA Rule inputParameters: - name: id in: path type: string required: true description: Rule identifier - name: relationship in: path type: string required: true description: Relationship name (see [table](ref:yara-rule-object#relationships)) outputRawFormat: json outputParameters: - name: result type: object value: $. - name: yara-rules-id-relationship path: /yara_rules/{id}/{relationship} operations: - name: crowdsourcedYaraRuleRelationshipEndpoint method: GET description: VirusTotal Get Objects Related to a Crowdsourced YARA Rule inputParameters: - name: id in: path type: string required: true description: Rule identifier - name: relationship in: path type: string required: true description: Relationship name (see [table](ref:yara-rule-object#relationships)) outputRawFormat: json outputParameters: - name: result type: object value: $. exposes: - type: rest namespace: yara-hunting-yara-hunting-rules-rest port: 8080 description: REST adapter for VirusTotal API v3 - YARA Hunting (Livehunt, Retrohunt, IoC Stream) — YARA Hunting - Rules. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/yara_rules name: yara-rules description: REST surface for /yara_rules. operations: - method: GET name: listCrowdsourcedYaraRules description: VirusTotal List Crowdsourced YARA Rules call: yara-hunting-yara-hunting-rules.listCrowdsourcedYaraRules outputParameters: - type: object mapping: $. with: limit: rest.limit filter: rest.filter order: rest.order cursor: rest.cursor - path: /v1/yara_rules/{id} name: yara-rules-id description: REST surface for /yara_rules/{id}. operations: - method: GET name: getACrowdsourcedYaraRule description: VirusTotal Get a Crowdsourced YARA Rule call: yara-hunting-yara-hunting-rules.getACrowdsourcedYaraRule outputParameters: - type: object mapping: $. with: id: rest.id - path: /v1/yara_rules/{id}/relationships/{relationship} name: yara-rules-id-relationships-relationship description: REST surface for /yara_rules/{id}/relationships/{relationship}. operations: - method: GET name: crowdsourcedYaraRuleRelationshipDescriptorsEndpoint description: VirusTotal Get Objects Descriptors Related to a Crowdsourced YARA Rule call: yara-hunting-yara-hunting-rules.crowdsourcedYaraRuleRelationshipDescriptorsEndpoint outputParameters: - type: object mapping: $. with: id: rest.id relationship: rest.relationship - path: /v1/yara_rules/{id}/{relationship} name: yara-rules-id-relationship description: REST surface for /yara_rules/{id}/{relationship}. operations: - method: GET name: crowdsourcedYaraRuleRelationshipEndpoint description: VirusTotal Get Objects Related to a Crowdsourced YARA Rule call: yara-hunting-yara-hunting-rules.crowdsourcedYaraRuleRelationshipEndpoint outputParameters: - type: object mapping: $. with: id: rest.id relationship: rest.relationship - type: mcp namespace: yara-hunting-yara-hunting-rules-mcp port: 9090 transport: http description: MCP adapter for VirusTotal API v3 - YARA Hunting (Livehunt, Retrohunt, IoC Stream) — YARA Hunting - Rules. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: list-crowdsourced-yara-rules description: VirusTotal List Crowdsourced YARA Rules hints: readOnly: true destructive: false idempotent: true call: yara-hunting-yara-hunting-rules.listCrowdsourcedYaraRules outputParameters: - type: object mapping: $. with: limit: tools.limit filter: tools.filter order: tools.order cursor: tools.cursor - name: get-crowdsourced-yara-rule description: VirusTotal Get a Crowdsourced YARA Rule hints: readOnly: true destructive: false idempotent: true call: yara-hunting-yara-hunting-rules.getACrowdsourcedYaraRule outputParameters: - type: object mapping: $. with: id: tools.id - name: get-objects-descriptors-related-crowdsourced description: VirusTotal Get Objects Descriptors Related to a Crowdsourced YARA Rule hints: readOnly: true destructive: false idempotent: true call: yara-hunting-yara-hunting-rules.crowdsourcedYaraRuleRelationshipDescriptorsEndpoint outputParameters: - type: object mapping: $. with: id: tools.id relationship: tools.relationship - name: get-objects-related-crowdsourced-yara description: VirusTotal Get Objects Related to a Crowdsourced YARA Rule hints: readOnly: true destructive: false idempotent: true call: yara-hunting-yara-hunting-rules.crowdsourcedYaraRuleRelationshipEndpoint outputParameters: - type: object mapping: $. with: id: tools.id relationship: tools.relationship