Unisys · Capability

Unisys Zero Trust Security Operations

Zero trust security operations workflow for dynamic endpoint and user isolation, security incident response, and Stealth network management. Used by security operations teams, SIEM/SOAR platforms, and incident response workflows integrating Unisys Stealth zero trust network segmentation.

Run with Naftiko UnisysStealthZero TrustSecurity OperationsIncident ResponseEndpoint Isolation

What You Can Do

GET
Get stealth roles — Retrieve Stealth network role configurations
/v1/roles
POST
Isolate endpoint — Isolate an endpoint from the Stealth network
/v1/endpoints/isolate
POST
Unisolate endpoint — Remove isolation from an endpoint
/v1/endpoints/unisolate
POST
Isolate user — Isolate a user from the Stealth network
/v1/users/isolate
POST
Unisolate user — Remove isolation from a user
/v1/users/unisolate
POST
Isolate machine and user — Isolate both an endpoint and user simultaneously
/v1/isolate
POST
Unisolate machine and user — Remove isolation from both endpoint and user
/v1/unisolate

MCP Tools

get-stealth-roles

Retrieve Stealth network role configurations for use in isolation requests

read-only
isolate-endpoint

Isolate a compromised or suspected endpoint from the Stealth zero trust network

idempotent
unisolate-endpoint

Restore a previously isolated endpoint to normal Stealth network access

idempotent
isolate-user

Isolate a compromised or suspected user from the Stealth zero trust network

idempotent
unisolate-user

Restore a previously isolated user to normal Stealth network access

idempotent
isolate-machine-and-user

Simultaneously isolate both an endpoint and user in response to a security incident

idempotent
unisolate-machine-and-user

Simultaneously restore both an endpoint and user to normal Stealth network access

idempotent

APIs Used

stealth

Capability Spec

Raw ↑ 
naftiko: "1.0.0-alpha1"

info:
  label: "Unisys Zero Trust Security Operations"
  description: >-
    Zero trust security operations workflow for dynamic endpoint and user isolation,
    security incident response, and Stealth network management. Used by security
    operations teams, SIEM/SOAR platforms, and incident response workflows integrating
    Unisys Stealth zero trust network segmentation.
  tags:
    - Unisys
    - Stealth
    - Zero Trust
    - Security Operations
    - Incident Response
    - Endpoint Isolation
  created: "2026-05-03"
  modified: "2026-05-03"

binds:
  - namespace: env
    keys:
      STEALTH_HOST: STEALTH_HOST
      STEALTH_PORT: STEALTH_PORT
      STEALTH_USERNAME: STEALTH_USERNAME
      STEALTH_PASSWORD: STEALTH_PASSWORD

capability:
  consumes:
    - import: stealth
      location: ./shared/unisys-stealth-ecoapi.yaml

  exposes:
    - type: rest
      port: 8080
      namespace: unisys-zero-trust-api
      description: "Unified REST API for Unisys zero trust security operations."
      resources:
        - path: /v1/roles
          name: roles
          description: "Stealth network role management"
          operations:
            - method: GET
              name: get-stealth-roles
              description: "Retrieve Stealth network role configurations"
              call: "stealth.get-stealth-roles"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/endpoints/isolate
          name: endpoint-isolate
          description: "Endpoint isolation operations"
          operations:
            - method: POST
              name: isolate-endpoint
              description: "Isolate an endpoint from the Stealth network"
              call: "stealth.isolate-endpoint"
              with:
                endpoint: "rest.endpoint"
                roleId: "rest.roleId"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/endpoints/unisolate
          name: endpoint-unisolate
          description: "Endpoint un-isolation operations"
          operations:
            - method: POST
              name: unisolate-endpoint
              description: "Remove isolation from an endpoint"
              call: "stealth.unisolate-endpoint"
              with:
                endpoint: "rest.endpoint"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/users/isolate
          name: user-isolate
          description: "User isolation operations"
          operations:
            - method: POST
              name: isolate-user
              description: "Isolate a user from the Stealth network"
              call: "stealth.isolate-user"
              with:
                user: "rest.user"
                roleId: "rest.roleId"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/users/unisolate
          name: user-unisolate
          description: "User un-isolation operations"
          operations:
            - method: POST
              name: unisolate-user
              description: "Remove isolation from a user"
              call: "stealth.unisolate-user"
              with:
                user: "rest.user"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/isolate
          name: combined-isolate
          description: "Combined endpoint and user isolation"
          operations:
            - method: POST
              name: isolate-machine-and-user
              description: "Isolate both an endpoint and user simultaneously"
              call: "stealth.isolate-machine-and-user"
              with:
                endpoint: "rest.endpoint"
                user: "rest.user"
                roleId: "rest.roleId"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/unisolate
          name: combined-unisolate
          description: "Combined endpoint and user un-isolation"
          operations:
            - method: POST
              name: unisolate-machine-and-user
              description: "Remove isolation from both endpoint and user"
              call: "stealth.unisolate-machine-and-user"
              with:
                endpoint: "rest.endpoint"
                user: "rest.user"
              outputParameters:
                - type: object
                  mapping: "$."

    - type: mcp
      port: 9080
      namespace: unisys-zero-trust-mcp
      transport: http
      description: "MCP server for AI-assisted zero trust security operations and incident response."
      tools:
        - name: get-stealth-roles
          description: "Retrieve Stealth network role configurations for use in isolation requests"
          hints:
            readOnly: true
            openWorld: false
          call: "stealth.get-stealth-roles"
          outputParameters:
            - type: object
              mapping: "$."

        - name: isolate-endpoint
          description: "Isolate a compromised or suspected endpoint from the Stealth zero trust network"
          hints:
            readOnly: false
            destructive: false
            idempotent: true
          call: "stealth.isolate-endpoint"
          with:
            endpoint: "tools.endpoint"
            roleId: "tools.roleId"
          outputParameters:
            - type: object
              mapping: "$."

        - name: unisolate-endpoint
          description: "Restore a previously isolated endpoint to normal Stealth network access"
          hints:
            readOnly: false
            destructive: false
            idempotent: true
          call: "stealth.unisolate-endpoint"
          with:
            endpoint: "tools.endpoint"
          outputParameters:
            - type: object
              mapping: "$."

        - name: isolate-user
          description: "Isolate a compromised or suspected user from the Stealth zero trust network"
          hints:
            readOnly: false
            destructive: false
            idempotent: true
          call: "stealth.isolate-user"
          with:
            user: "tools.user"
            roleId: "tools.roleId"
          outputParameters:
            - type: object
              mapping: "$."

        - name: unisolate-user
          description: "Restore a previously isolated user to normal Stealth network access"
          hints:
            readOnly: false
            destructive: false
            idempotent: true
          call: "stealth.unisolate-user"
          with:
            user: "tools.user"
          outputParameters:
            - type: object
              mapping: "$."

        - name: isolate-machine-and-user
          description: "Simultaneously isolate both an endpoint and user in response to a security incident"
          hints:
            readOnly: false
            destructive: false
            idempotent: true
          call: "stealth.isolate-machine-and-user"
          with:
            endpoint: "tools.endpoint"
            user: "tools.user"
            roleId: "tools.roleId"
          outputParameters:
            - type: object
              mapping: "$."

        - name: unisolate-machine-and-user
          description: "Simultaneously restore both an endpoint and user to normal Stealth network access"
          hints:
            readOnly: false
            destructive: false
            idempotent: true
          call: "stealth.unisolate-machine-and-user"
          with:
            endpoint: "tools.endpoint"
            user: "tools.user"
          outputParameters:
            - type: object
              mapping: "$."