Tanium · Capability
Tanium Threat Response API — Events
Tanium Threat Response API — Events. 2 operations. Lead operation: List Events By Type. Self-contained Naftiko capability covering one Tanium business surface.
What You Can Do
GET
Listevents
— List Events By Type
/v1/plugin/products/threat-response/api/v1/conns/{connectionid}/views/{eventtype}/events
GET
Geteventssummary
— Get Events Count Summary
/v1/plugin/products/threat-response/api/v1/conns/{connectionid}/views/{eventtype}/eventscount
MCP Tools
list-events-type
List Events By Type
read-only
idempotent
get-events-count-summary
Get Events Count Summary
read-only
idempotent
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: Tanium Threat Response API — Events
description: 'Tanium Threat Response API — Events. 2 operations. Lead operation: List Events By Type. Self-contained Naftiko
capability covering one Tanium business surface.'
tags:
- Tanium
- Events
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
TANIUM_API_KEY: TANIUM_API_KEY
capability:
consumes:
- type: http
namespace: threat-response-events
baseUri: https://{tanium_server}
description: Tanium Threat Response API — Events business capability. Self-contained, no shared references.
resources:
- name: plugin-products-threat-response-api-v1-conns-connectionId-views-eventType-events
path: /plugin/products/threat-response/api/v1/conns/{connectionId}/views/{eventType}/events
operations:
- name: listevents
method: GET
description: List Events By Type
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: connectionId
in: path
type: string
description: Unique identifier of the connection
required: true
- name: eventType
in: path
type: string
description: Type of events to retrieve
required: true
- name: limit
in: query
type: integer
description: Maximum number of events to return
- name: offset
in: query
type: integer
description: Number of events to skip for pagination
- name: filter
in: query
type: string
description: Filter expression for events
- name: match
in: query
type: string
description: Match mode for filter expression
- name: sort
in: query
type: string
description: Sort order for results
- name: fields
in: query
type: string
description: Comma-separated list of fields to include
- name: plugin-products-threat-response-api-v1-conns-connectionId-views-eventType-events
path: /plugin/products/threat-response/api/v1/conns/{connectionId}/views/{eventType}/eventsCount
operations:
- name: geteventssummary
method: GET
description: Get Events Count Summary
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: connectionId
in: path
type: string
description: Unique identifier of the connection
required: true
- name: eventType
in: path
type: string
description: Type of events to count
required: true
authentication:
type: apikey
key: session
value: '{{env.TANIUM_API_KEY}}'
placement: header
exposes:
- type: rest
namespace: threat-response-events-rest
port: 8080
description: REST adapter for Tanium Threat Response API — Events. One Spectral-compliant resource per consumed operation,
prefixed with /v1.
resources:
- path: /v1/plugin/products/threat-response/api/v1/conns/{connectionid}/views/{eventtype}/events
name: plugin-products-threat-response-api-v1-conns-connectionid-views-eventtype-events
description: REST surface for plugin-products-threat-response-api-v1-conns-connectionId-views-eventType-events.
operations:
- method: GET
name: listevents
description: List Events By Type
call: threat-response-events.listevents
with:
connectionId: rest.connectionId
eventType: rest.eventType
limit: rest.limit
offset: rest.offset
filter: rest.filter
match: rest.match
sort: rest.sort
fields: rest.fields
outputParameters:
- type: object
mapping: $.
- path: /v1/plugin/products/threat-response/api/v1/conns/{connectionid}/views/{eventtype}/eventscount
name: plugin-products-threat-response-api-v1-conns-connectionid-views-eventtype-events
description: REST surface for plugin-products-threat-response-api-v1-conns-connectionId-views-eventType-events.
operations:
- method: GET
name: geteventssummary
description: Get Events Count Summary
call: threat-response-events.geteventssummary
with:
connectionId: rest.connectionId
eventType: rest.eventType
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: threat-response-events-mcp
port: 9090
transport: http
description: MCP adapter for Tanium Threat Response API — Events. One tool per consumed operation, routed inline through
this capability's consumes block.
tools:
- name: list-events-type
description: List Events By Type
hints:
readOnly: true
destructive: false
idempotent: true
call: threat-response-events.listevents
with:
connectionId: tools.connectionId
eventType: tools.eventType
limit: tools.limit
offset: tools.offset
filter: tools.filter
match: tools.match
sort: tools.sort
fields: tools.fields
outputParameters:
- type: object
mapping: $.
- name: get-events-count-summary
description: Get Events Count Summary
hints:
readOnly: true
destructive: false
idempotent: true
call: threat-response-events.geteventssummary
with:
connectionId: tools.connectionId
eventType: tools.eventType
outputParameters:
- type: object
mapping: $.