Naftiko · Capability

Cortex Xdr Alert Shaping Cli Capability

A CLI-driven capability over Palo Alto Cortex XDR that fetches alerts, shapes them for analyst triage, and exposes the shaped feed.

Run with Naftiko NaftikoCortex XDRSecurity

What You Can Do

GET
Get shaped alerts
/alerts

MCP Tools

get-shaped-alerts

read-only
get-incidents

read-only

Capability Spec

cortex-xdr-alert-shaping-cli-capability.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  title: Cortex Xdr Alert Shaping Cli Capability
  description: A CLI-driven capability over Palo Alto Cortex XDR that fetches alerts, shapes them for analyst triage, and exposes the shaped feed.
  tags: [Naftiko, Cortex XDR, Security]
  created: '2026-05-01'
  modified: '2026-05-04'
binds:
- namespace: cortex-env
  keys: {CORTEX_HOST: CORTEX_HOST, CORTEX_API_KEY: CORTEX_API_KEY, CORTEX_API_KEY_ID: CORTEX_API_KEY_ID}
capability:
  consumes:
  - namespace: cortex
    type: http
    baseUri: https://{{CORTEX_HOST}}
    authentication: {type: bearer, token: '{{CORTEX_API_KEY}}'}
    resources:
    - {name: alerts, path: /public_api/v1/alerts/get_alerts_multi_events, operations: [{name: get-alerts, method: POST}]}
    - {name: incidents, path: /public_api/v1/incidents/get_incidents, operations: [{name: get-incidents, method: POST}]}
  exposes:
  - type: rest
    address: 0.0.0.0
    port: 8080
    namespace: cortex-xdr-alert-shaping-cli-capability-rest
    description: REST surface for shaped Cortex XDR alerts.
    resources:
    - {name: alerts, path: /alerts, operations: [{method: GET, name: get-shaped-alerts, call: cortex.get-alerts}]}
  - type: mcp
    address: 0.0.0.0
    port: 3010
    namespace: cortex-xdr-alert-shaping-cli-capability-mcp
    description: MCP for shaped Cortex XDR alerts.
    tools:
    - {name: get-shaped-alerts, hints: {readOnly: true}, call: cortex.get-alerts}
    - {name: get-incidents, hints: {readOnly: true}, call: cortex.get-incidents}
  - type: skill
    address: 0.0.0.0
    port: 3011
    namespace: cortex-xdr-alert-shaping-cli-capability-skills
    description: Skill for shaped Cortex XDR alerts.
    skills:
    - name: cortex-xdr-alert-shaping-cli-capability
      description: Shaped Cortex XDR alerts for analyst triage.
      location: file:///opt/naftiko/skills/cortex-xdr-alert-shaping-cli-capability
      allowed-tools: get-shaped-alerts,get-incidents
      tools:
      - {name: get-shaped-alerts, from: {sourceNamespace: cortex-xdr-alert-shaping-cli-capability-mcp, action: get-shaped-alerts}}
      - {name: get-incidents, from: {sourceNamespace: cortex-xdr-alert-shaping-cli-capability-mcp, action: get-incidents}}