Palo Alto Networks · Capability

Palo Alto Networks Threat Vault API — ATP

Palo Alto Networks Threat Vault API — ATP. 2 operations. Lead operation: Palo Alto Networks Get ATP Detailed Reports. Self-contained Naftiko capability covering one Palo Alto Networks business surface.

Run with Naftiko Palo Alto NetworksATP

What You Can Do

GET
Getatpreports — Palo Alto Networks Get ATP Detailed Reports
/v1/atp/reports
GET
Getatpreportpcaps — Palo Alto Networks Get ATP PCAP Files
/v1/atp/reports/pcaps

MCP Tools

palo-alto-networks-get-atp

Palo Alto Networks Get ATP Detailed Reports

read-only idempotent
palo-alto-networks-get-atp-2

Palo Alto Networks Get ATP PCAP Files

read-only idempotent

Capability Spec

palo-alto-threat-vault-atp.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Palo Alto Networks Threat Vault API — ATP
  description: 'Palo Alto Networks Threat Vault API — ATP. 2 operations. Lead operation: Palo Alto Networks Get ATP Detailed
    Reports. Self-contained Naftiko capability covering one Palo Alto Networks business surface.'
  tags:
  - Palo Alto Networks
  - ATP
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    PALO_ALTO_NETWORKS_API_KEY: PALO_ALTO_NETWORKS_API_KEY
capability:
  consumes:
  - type: http
    namespace: palo-alto-threat-vault-atp
    baseUri: https://api.threatvault.paloaltonetworks.com/service/v1
    description: Palo Alto Networks Threat Vault API — ATP business capability. Self-contained, no shared references.
    resources:
    - name: atp-reports
      path: /atp/reports
      operations:
      - name: getatpreports
        method: GET
        description: Palo Alto Networks Get ATP Detailed Reports
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: sha256
          in: query
          type: string
          description: SHA-256 hash to retrieve the ATP report for.
        - name: id
          in: query
          type: string
          description: ATP report ID.
        - name: offset
          in: query
          type: integer
        - name: limit
          in: query
          type: integer
    - name: atp-reports-pcaps
      path: /atp/reports/pcaps
      operations:
      - name: getatpreportpcaps
        method: GET
        description: Palo Alto Networks Get ATP PCAP Files
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: sha256
          in: query
          type: string
          description: SHA-256 hash of the threat sample.
          required: true
        - name: id
          in: query
          type: string
          description: ATP report ID.
    authentication:
      type: apikey
      key: X-API-KEY
      value: '{{env.PALO_ALTO_NETWORKS_API_KEY}}'
      placement: header
  exposes:
  - type: rest
    namespace: palo-alto-threat-vault-atp-rest
    port: 8080
    description: REST adapter for Palo Alto Networks Threat Vault API — ATP. One Spectral-compliant resource per consumed
      operation, prefixed with /v1.
    resources:
    - path: /v1/atp/reports
      name: atp-reports
      description: REST surface for atp-reports.
      operations:
      - method: GET
        name: getatpreports
        description: Palo Alto Networks Get ATP Detailed Reports
        call: palo-alto-threat-vault-atp.getatpreports
        with:
          sha256: rest.sha256
          id: rest.id
          offset: rest.offset
          limit: rest.limit
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/atp/reports/pcaps
      name: atp-reports-pcaps
      description: REST surface for atp-reports-pcaps.
      operations:
      - method: GET
        name: getatpreportpcaps
        description: Palo Alto Networks Get ATP PCAP Files
        call: palo-alto-threat-vault-atp.getatpreportpcaps
        with:
          sha256: rest.sha256
          id: rest.id
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: palo-alto-threat-vault-atp-mcp
    port: 9090
    transport: http
    description: MCP adapter for Palo Alto Networks Threat Vault API — ATP. One tool per consumed operation, routed inline
      through this capability's consumes block.
    tools:
    - name: palo-alto-networks-get-atp
      description: Palo Alto Networks Get ATP Detailed Reports
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: palo-alto-threat-vault-atp.getatpreports
      with:
        sha256: tools.sha256
        id: tools.id
        offset: tools.offset
        limit: tools.limit
      outputParameters:
      - type: object
        mapping: $.
    - name: palo-alto-networks-get-atp-2
      description: Palo Alto Networks Get ATP PCAP Files
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: palo-alto-threat-vault-atp.getatpreportpcaps
      with:
        sha256: tools.sha256
        id: tools.id
      outputParameters:
      - type: object
        mapping: $.