Microsoft Defender · Capability

Microsoft Defender for Endpoint API — Vulnerabilities

Microsoft Defender for Endpoint API — Vulnerabilities. 4 operations. Lead operation: Microsoft Defender List vulnerabilities for a machine. Self-contained Naftiko capability covering one Microsoft Defender business surface.

Run with Naftiko Microsoft DefenderVulnerabilities

What You Can Do

GET

Listmachinevulnerabilities — Microsoft Defender List vulnerabilities for a machine

/v1/machines/{machineid}/vulnerabilities

GET

Listvulnerabilities — Microsoft Defender List all vulnerabilities

/v1/vulnerabilities

GET

Getvulnerability — Microsoft Defender Get vulnerability by ID

/v1/vulnerabilities/{vulnerabilityid}

GET

Listvulnerabilitymachinereferences — Microsoft Defender List machines affected by a vulnerability

/v1/vulnerabilities/{vulnerabilityid}/machinereferences

MCP Tools

microsoft-defender-list-vulnerabilities-machine

Microsoft Defender List vulnerabilities for a machine

read-only idempotent

microsoft-defender-list-all-vulnerabilities

Microsoft Defender List all vulnerabilities

read-only idempotent

microsoft-defender-get-vulnerability-id

Microsoft Defender Get vulnerability by ID

read-only idempotent

microsoft-defender-list-machines-affected

Microsoft Defender List machines affected by a vulnerability

read-only idempotent

Capability Spec

naftiko: 1.0.0-alpha2
info:
  label: Microsoft Defender for Endpoint API — Vulnerabilities
  description: 'Microsoft Defender for Endpoint API — Vulnerabilities. 4 operations. Lead operation: Microsoft Defender List
    vulnerabilities for a machine. Self-contained Naftiko capability covering one Microsoft Defender business surface.'
  tags:
  - Microsoft Defender
  - Vulnerabilities
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    MICROSOFT_DEFENDER_API_KEY: MICROSOFT_DEFENDER_API_KEY
capability:
  consumes:
  - type: http
    namespace: for-endpoint-vulnerabilities
    baseUri: https://api.security.microsoft.com/api
    description: Microsoft Defender for Endpoint API — Vulnerabilities business capability. Self-contained, no shared references.
    resources:
    - name: machines-machineId-vulnerabilities
      path: /machines/{machineId}/vulnerabilities
      operations:
      - name: listmachinevulnerabilities
        method: GET
        description: Microsoft Defender List vulnerabilities for a machine
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: machineId
          in: path
          type: string
          description: The device ID of the machine.
          required: true
    - name: vulnerabilities
      path: /vulnerabilities
      operations:
      - name: listvulnerabilities
        method: GET
        description: Microsoft Defender List all vulnerabilities
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: $filter
          in: query
          type: string
          description: OData filter expression. Filterable properties include id, name, description, cvssV3, publishedOn,
            severity, and updatedOn.
        - name: $top
          in: query
          type: integer
          description: Maximum number of results to return (max 8,000).
        - name: $skip
          in: query
          type: integer
          description: Number of results to skip for pagination.
    - name: vulnerabilities-vulnerabilityId
      path: /vulnerabilities/{vulnerabilityId}
      operations:
      - name: getvulnerability
        method: GET
        description: Microsoft Defender Get vulnerability by ID
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: vulnerabilityId
          in: path
          type: string
          description: The CVE identifier of the vulnerability.
          required: true
    - name: vulnerabilities-vulnerabilityId-machineReferences
      path: /vulnerabilities/{vulnerabilityId}/machineReferences
      operations:
      - name: listvulnerabilitymachinereferences
        method: GET
        description: Microsoft Defender List machines affected by a vulnerability
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: vulnerabilityId
          in: path
          type: string
          description: The CVE identifier of the vulnerability.
          required: true
    authentication:
      type: bearer
      token: '{{env.MICROSOFT_DEFENDER_API_KEY}}'
  exposes:
  - type: rest
    namespace: for-endpoint-vulnerabilities-rest
    port: 8080
    description: REST adapter for Microsoft Defender for Endpoint API — Vulnerabilities. One Spectral-compliant resource per
      consumed operation, prefixed with /v1.
    resources:
    - path: /v1/machines/{machineid}/vulnerabilities
      name: machines-machineid-vulnerabilities
      description: REST surface for machines-machineId-vulnerabilities.
      operations:
      - method: GET
        name: listmachinevulnerabilities
        description: Microsoft Defender List vulnerabilities for a machine
        call: for-endpoint-vulnerabilities.listmachinevulnerabilities
        with:
          machineId: rest.machineId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/vulnerabilities
      name: vulnerabilities
      description: REST surface for vulnerabilities.
      operations:
      - method: GET
        name: listvulnerabilities
        description: Microsoft Defender List all vulnerabilities
        call: for-endpoint-vulnerabilities.listvulnerabilities
        with:
          $filter: rest.$filter
          $top: rest.$top
          $skip: rest.$skip
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/vulnerabilities/{vulnerabilityid}
      name: vulnerabilities-vulnerabilityid
      description: REST surface for vulnerabilities-vulnerabilityId.
      operations:
      - method: GET
        name: getvulnerability
        description: Microsoft Defender Get vulnerability by ID
        call: for-endpoint-vulnerabilities.getvulnerability
        with:
          vulnerabilityId: rest.vulnerabilityId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/vulnerabilities/{vulnerabilityid}/machinereferences
      name: vulnerabilities-vulnerabilityid-machinereferences
      description: REST surface for vulnerabilities-vulnerabilityId-machineReferences.
      operations:
      - method: GET
        name: listvulnerabilitymachinereferences
        description: Microsoft Defender List machines affected by a vulnerability
        call: for-endpoint-vulnerabilities.listvulnerabilitymachinereferences
        with:
          vulnerabilityId: rest.vulnerabilityId
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: for-endpoint-vulnerabilities-mcp
    port: 9090
    transport: http
    description: MCP adapter for Microsoft Defender for Endpoint API — Vulnerabilities. One tool per consumed operation, routed
      inline through this capability's consumes block.
    tools:
    - name: microsoft-defender-list-vulnerabilities-machine
      description: Microsoft Defender List vulnerabilities for a machine
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: for-endpoint-vulnerabilities.listmachinevulnerabilities
      with:
        machineId: tools.machineId
      outputParameters:
      - type: object
        mapping: $.
    - name: microsoft-defender-list-all-vulnerabilities
      description: Microsoft Defender List all vulnerabilities
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: for-endpoint-vulnerabilities.listvulnerabilities
      with:
        $filter: tools.$filter
        $top: tools.$top
        $skip: tools.$skip
      outputParameters:
      - type: object
        mapping: $.
    - name: microsoft-defender-get-vulnerability-id
      description: Microsoft Defender Get vulnerability by ID
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: for-endpoint-vulnerabilities.getvulnerability
      with:
        vulnerabilityId: tools.vulnerabilityId
      outputParameters:
      - type: object
        mapping: $.
    - name: microsoft-defender-list-machines-affected
      description: Microsoft Defender List machines affected by a vulnerability
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: for-endpoint-vulnerabilities.listvulnerabilitymachinereferences
      with:
        vulnerabilityId: tools.vulnerabilityId
      outputParameters:
      - type: object
        mapping: $.