VirusTotal · Capability

VirusTotal API v3 - IoC Feeds — IoC Feeds - Sandbox analyses feed

VirusTotal API v3 - IoC Feeds — IoC Feeds - Sandbox analyses feed. 6 operations. Lead operation: Get an Hourly File Behaviour Feed Batch. Self-contained Naftiko capability covering one VirusTotal business surface.

Run with Naftiko VirusTotalIoC FeedsSandbox analyses feed

What You Can Do

GET
Feedsfilebehaviourhourly — VirusTotal Get an Hourly File Behaviour Feed Batch
/v1/feeds/file_behaviours/hourly/{time}
GET
Feedsfilebehaviour — VirusTotal Get a Per-minute File Behaviour Feed Batch
/v1/feeds/file_behaviours/{time}
GET
Filebehaviourfeedevtx — VirusTotal Get the EVTX File Generated During a File’s Behavior Analysis
/v1/feeds/file_behaviours/{token}/evtx
GET
Filebehaviourfeedhtml — VirusTotal Get a File Behaviour's Detailed HTML Report
/v1/feeds/file_behaviours/{token}/html
GET
Filebehaviourfeedmemdump — VirusTotal Get the Memdump File Generated During a File’s Behavior Analysis
/v1/feeds/file_behaviours/{token}/memdump
GET
Filebehaviourfeedpcap — VirusTotal Get the PCAP File Generated During a File’s Behavior Analysis
/v1/feeds/file_behaviours/{token}/pcap

MCP Tools

get-hourly-file-behaviour-feed

VirusTotal Get an Hourly File Behaviour Feed Batch

read-only idempotent
get-per-minute-file-behaviour

VirusTotal Get a Per-minute File Behaviour Feed Batch

read-only idempotent
get-evtx-file-generated-during

VirusTotal Get the EVTX File Generated During a File’s Behavior Analysis

read-only idempotent
get-file-behaviour-s-detailed

VirusTotal Get a File Behaviour's Detailed HTML Report

read-only idempotent
get-memdump-file-generated-during

VirusTotal Get the Memdump File Generated During a File’s Behavior Analysis

read-only idempotent
get-pcap-file-generated-during

VirusTotal Get the PCAP File Generated During a File’s Behavior Analysis

read-only idempotent

Capability Spec

ioc-feeds-ioc-feeds-sandbox-analyses-feed.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: VirusTotal API v3 - IoC Feeds — IoC Feeds - Sandbox analyses feed
  description: 'VirusTotal API v3 - IoC Feeds — IoC Feeds - Sandbox analyses feed. 6 operations. Lead operation: Get an Hourly File Behaviour Feed Batch. Self-contained Naftiko capability covering one VirusTotal
    business surface.'
  tags:
  - VirusTotal
  - IoC Feeds
  - Sandbox analyses feed
  created: '2026-05-29'
  modified: '2026-05-29'
binds:
- namespace: env
  keys:
    VIRUSTOTAL_API_KEY: VIRUSTOTAL_API_KEY
capability:
  consumes:
  - type: http
    namespace: ioc-feeds-ioc-feeds-sandbox-analyses-feed
    baseUri: https://www.virustotal.com/api/v3
    description: VirusTotal API v3 - IoC Feeds — IoC Feeds - Sandbox analyses feed. Self-contained, no shared references.
    authentication:
      type: apikey
      key: x-apikey
      value: '{{env.VIRUSTOTAL_API_KEY}}'
      placement: header
    resources:
    - name: feeds-file-behaviours-hourly-time
      path: /feeds/file_behaviours/hourly/{time}
      operations:
      - name: feedsFileBehaviourHourly
        method: GET
        description: VirusTotal Get an Hourly File Behaviour Feed Batch
        inputParameters:
        - name: time
          in: path
          type: string
          required: true
          description: A string in format YYYYMMDDhh
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: feeds-file-behaviours-time
      path: /feeds/file_behaviours/{time}
      operations:
      - name: feedsFileBehaviour
        method: GET
        description: VirusTotal Get a Per-minute File Behaviour Feed Batch
        inputParameters:
        - name: time
          in: path
          type: string
          required: true
          description: A string in format YYYYMMDDhhmm
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: feeds-file-behaviours-token-evtx
      path: /feeds/file_behaviours/{token}/evtx
      operations:
      - name: fileBehaviourFeedEvtx
        method: GET
        description: VirusTotal Get the EVTX File Generated During a File’s Behavior Analysis
        inputParameters:
        - name: token
          in: path
          type: string
          required: true
          description: Download token. It is included the "evtx" context attribute at the file behaviour feed.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: feeds-file-behaviours-token-html
      path: /feeds/file_behaviours/{token}/html
      operations:
      - name: fileBehaviourFeedHtml
        method: GET
        description: VirusTotal Get a File Behaviour's Detailed HTML Report
        inputParameters:
        - name: token
          in: path
          type: string
          required: true
          description: Download token. It can be found inside the behaviour object's properties in the file behaviour feed.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: feeds-file-behaviours-token-memdump
      path: /feeds/file_behaviours/{token}/memdump
      operations:
      - name: fileBehaviourFeedMemdump
        method: GET
        description: VirusTotal Get the Memdump File Generated During a File’s Behavior Analysis
        inputParameters:
        - name: token
          in: path
          type: string
          required: true
          description: Download token. It can be found inside the behaviour object's properties in the behaviour feed.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: feeds-file-behaviours-token-pcap
      path: /feeds/file_behaviours/{token}/pcap
      operations:
      - name: fileBehaviourFeedPcap
        method: GET
        description: VirusTotal Get the PCAP File Generated During a File’s Behavior Analysis
        inputParameters:
        - name: token
          in: path
          type: string
          required: true
          description: Download token. It can be found inside the behaviour object's properties in the behaviour feed.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
  exposes:
  - type: rest
    namespace: ioc-feeds-ioc-feeds-sandbox-analyses-feed-rest
    port: 8080
    description: REST adapter for VirusTotal API v3 - IoC Feeds — IoC Feeds - Sandbox analyses feed. One Spectral-compliant resource per consumed operation, prefixed with /v1.
    resources:
    - path: /v1/feeds/file_behaviours/hourly/{time}
      name: feeds-file-behaviours-hourly-time
      description: REST surface for /feeds/file_behaviours/hourly/{time}.
      operations:
      - method: GET
        name: feedsFileBehaviourHourly
        description: VirusTotal Get an Hourly File Behaviour Feed Batch
        call: ioc-feeds-ioc-feeds-sandbox-analyses-feed.feedsFileBehaviourHourly
        outputParameters:
        - type: object
          mapping: $.
        with:
          time: rest.time
    - path: /v1/feeds/file_behaviours/{time}
      name: feeds-file-behaviours-time
      description: REST surface for /feeds/file_behaviours/{time}.
      operations:
      - method: GET
        name: feedsFileBehaviour
        description: VirusTotal Get a Per-minute File Behaviour Feed Batch
        call: ioc-feeds-ioc-feeds-sandbox-analyses-feed.feedsFileBehaviour
        outputParameters:
        - type: object
          mapping: $.
        with:
          time: rest.time
    - path: /v1/feeds/file_behaviours/{token}/evtx
      name: feeds-file-behaviours-token-evtx
      description: REST surface for /feeds/file_behaviours/{token}/evtx.
      operations:
      - method: GET
        name: fileBehaviourFeedEvtx
        description: VirusTotal Get the EVTX File Generated During a File’s Behavior Analysis
        call: ioc-feeds-ioc-feeds-sandbox-analyses-feed.fileBehaviourFeedEvtx
        outputParameters:
        - type: object
          mapping: $.
        with:
          token: rest.token
    - path: /v1/feeds/file_behaviours/{token}/html
      name: feeds-file-behaviours-token-html
      description: REST surface for /feeds/file_behaviours/{token}/html.
      operations:
      - method: GET
        name: fileBehaviourFeedHtml
        description: VirusTotal Get a File Behaviour's Detailed HTML Report
        call: ioc-feeds-ioc-feeds-sandbox-analyses-feed.fileBehaviourFeedHtml
        outputParameters:
        - type: object
          mapping: $.
        with:
          token: rest.token
    - path: /v1/feeds/file_behaviours/{token}/memdump
      name: feeds-file-behaviours-token-memdump
      description: REST surface for /feeds/file_behaviours/{token}/memdump.
      operations:
      - method: GET
        name: fileBehaviourFeedMemdump
        description: VirusTotal Get the Memdump File Generated During a File’s Behavior Analysis
        call: ioc-feeds-ioc-feeds-sandbox-analyses-feed.fileBehaviourFeedMemdump
        outputParameters:
        - type: object
          mapping: $.
        with:
          token: rest.token
    - path: /v1/feeds/file_behaviours/{token}/pcap
      name: feeds-file-behaviours-token-pcap
      description: REST surface for /feeds/file_behaviours/{token}/pcap.
      operations:
      - method: GET
        name: fileBehaviourFeedPcap
        description: VirusTotal Get the PCAP File Generated During a File’s Behavior Analysis
        call: ioc-feeds-ioc-feeds-sandbox-analyses-feed.fileBehaviourFeedPcap
        outputParameters:
        - type: object
          mapping: $.
        with:
          token: rest.token
  - type: mcp
    namespace: ioc-feeds-ioc-feeds-sandbox-analyses-feed-mcp
    port: 9090
    transport: http
    description: MCP adapter for VirusTotal API v3 - IoC Feeds — IoC Feeds - Sandbox analyses feed. One tool per consumed operation, routed inline through this capability's consumes block.
    tools:
    - name: get-hourly-file-behaviour-feed
      description: VirusTotal Get an Hourly File Behaviour Feed Batch
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: ioc-feeds-ioc-feeds-sandbox-analyses-feed.feedsFileBehaviourHourly
      outputParameters:
      - type: object
        mapping: $.
      with:
        time: tools.time
    - name: get-per-minute-file-behaviour
      description: VirusTotal Get a Per-minute File Behaviour Feed Batch
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: ioc-feeds-ioc-feeds-sandbox-analyses-feed.feedsFileBehaviour
      outputParameters:
      - type: object
        mapping: $.
      with:
        time: tools.time
    - name: get-evtx-file-generated-during
      description: VirusTotal Get the EVTX File Generated During a File’s Behavior Analysis
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: ioc-feeds-ioc-feeds-sandbox-analyses-feed.fileBehaviourFeedEvtx
      outputParameters:
      - type: object
        mapping: $.
      with:
        token: tools.token
    - name: get-file-behaviour-s-detailed
      description: VirusTotal Get a File Behaviour's Detailed HTML Report
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: ioc-feeds-ioc-feeds-sandbox-analyses-feed.fileBehaviourFeedHtml
      outputParameters:
      - type: object
        mapping: $.
      with:
        token: tools.token
    - name: get-memdump-file-generated-during
      description: VirusTotal Get the Memdump File Generated During a File’s Behavior Analysis
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: ioc-feeds-ioc-feeds-sandbox-analyses-feed.fileBehaviourFeedMemdump
      outputParameters:
      - type: object
        mapping: $.
      with:
        token: tools.token
    - name: get-pcap-file-generated-during
      description: VirusTotal Get the PCAP File Generated During a File’s Behavior Analysis
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: ioc-feeds-ioc-feeds-sandbox-analyses-feed.fileBehaviourFeedPcap
      outputParameters:
      - type: object
        mapping: $.
      with:
        token: tools.token