Tanium Threat Response API — Processes

naftiko: 1.0.0-alpha2
info:
  label: Tanium Threat Response API — Processes
  description: 'Tanium Threat Response API — Processes. 2 operations. Lead operation: Get Events For A Specific Process. Self-contained
    Naftiko capability covering one Tanium business surface.'
  tags:
  - Tanium
  - Processes
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    TANIUM_API_KEY: TANIUM_API_KEY
capability:
  consumes:
  - type: http
    namespace: threat-response-processes
    baseUri: https://{tanium_server}
    description: Tanium Threat Response API — Processes business capability. Self-contained, no shared references.
    resources:
    - name: plugin-products-threat-response-api-v1-conns-connectionId-processevents-processT
      path: /plugin/products/threat-response/api/v1/conns/{connectionId}/processevents/{processTableId}/{eventType}
      operations:
      - name: getprocessevents
        method: GET
        description: Get Events For A Specific Process
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: connectionId
          in: path
          type: string
          description: Unique identifier of the connection
          required: true
        - name: processTableId
          in: path
          type: string
          description: Process table identifier
          required: true
        - name: eventType
          in: path
          type: string
          description: Type of events to retrieve for the process
          required: true
        - name: limit
          in: query
          type: integer
          description: Maximum number of events to return
        - name: offset
          in: query
          type: integer
          description: Number of events to skip for pagination
    - name: plugin-products-threat-response-api-v1-conns-connectionId-processtrees-processTa
      path: /plugin/products/threat-response/api/v1/conns/{connectionId}/processtrees/{processTableId}
      operations:
      - name: getprocesstree
        method: GET
        description: Get A Process Tree
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: connectionId
          in: path
          type: string
          description: Unique identifier of the connection
          required: true
        - name: processTableId
          in: path
          type: string
          description: Process table identifier
          required: true
        - name: context
          in: query
          type: string
          description: Context level for the process tree
    authentication:
      type: apikey
      key: session
      value: '{{env.TANIUM_API_KEY}}'
      placement: header
  exposes:
  - type: rest
    namespace: threat-response-processes-rest
    port: 8080
    description: REST adapter for Tanium Threat Response API — Processes. One Spectral-compliant resource per consumed operation,
      prefixed with /v1.
    resources:
    - path: /v1/plugin/products/threat-response/api/v1/conns/{connectionid}/processevents/{processtableid}/{eventtype}
      name: plugin-products-threat-response-api-v1-conns-connectionid-processevents-processt
      description: REST surface for plugin-products-threat-response-api-v1-conns-connectionId-processevents-processT.
      operations:
      - method: GET
        name: getprocessevents
        description: Get Events For A Specific Process
        call: threat-response-processes.getprocessevents
        with:
          connectionId: rest.connectionId
          processTableId: rest.processTableId
          eventType: rest.eventType
          limit: rest.limit
          offset: rest.offset
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/plugin/products/threat-response/api/v1/conns/{connectionid}/processtrees/{processtableid}
      name: plugin-products-threat-response-api-v1-conns-connectionid-processtrees-processta
      description: REST surface for plugin-products-threat-response-api-v1-conns-connectionId-processtrees-processTa.
      operations:
      - method: GET
        name: getprocesstree
        description: Get A Process Tree
        call: threat-response-processes.getprocesstree
        with:
          connectionId: rest.connectionId
          processTableId: rest.processTableId
          context: rest.context
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: threat-response-processes-mcp
    port: 9090
    transport: http
    description: MCP adapter for Tanium Threat Response API — Processes. One tool per consumed operation, routed inline through
      this capability's consumes block.
    tools:
    - name: get-events-specific-process
      description: Get Events For A Specific Process
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: threat-response-processes.getprocessevents
      with:
        connectionId: tools.connectionId
        processTableId: tools.processTableId
        eventType: tools.eventType
        limit: tools.limit
        offset: tools.offset
      outputParameters:
      - type: object
        mapping: $.
    - name: get-process-tree
      description: Get A Process Tree
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: threat-response-processes.getprocesstree
      with:
        connectionId: tools.connectionId
        processTableId: tools.processTableId
        context: tools.context
      outputParameters:
      - type: object
        mapping: $.