VirusTotal · Capability

VirusTotal API v3 - IoC Investigation — IoC Investigation - Analyses, Submissions & Operations

VirusTotal API v3 - IoC Investigation — IoC Investigation - Analyses, Submissions & Operations. 5 operations. Lead operation: Get a URL / File Analysis. Self-contained Naftiko capability covering one VirusTotal business surface.

Run with Naftiko VirusTotalIoC InvestigationAnalyses, Submissions & Operations

What You Can Do

GET
Analysis — VirusTotal Get a URL / File Analysis
/v1/analyses/{id}
GET
Analysesgetdescriptors — VirusTotal Get Object Descriptors Related to an Analysis
/v1/analyses/{id}/relationships/{relationship}
GET
Analysesgetobjects — VirusTotal Get Objects Related to an Analysis
/v1/analyses/{id}/{relationship}
GET
Getsubmission — VirusTotal Get a Submission Object
/v1/submission/{id}
GET
Getoperationsid — VirusTotal Get an Operation Object
/v1/operations/{id}

MCP Tools

get-url-file-analysis

VirusTotal Get a URL / File Analysis

read-only idempotent
get-object-descriptors-related-analysis

VirusTotal Get Object Descriptors Related to an Analysis

read-only idempotent
get-objects-related-analysis

VirusTotal Get Objects Related to an Analysis

read-only idempotent
get-submission-object

VirusTotal Get a Submission Object

read-only idempotent
get-operation-object

VirusTotal Get an Operation Object

read-only idempotent

Capability Spec

ioc-investigation-ioc-investigation-analyses-submissions-operations.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: VirusTotal API v3 - IoC Investigation — IoC Investigation - Analyses, Submissions & Operations
  description: 'VirusTotal API v3 - IoC Investigation — IoC Investigation - Analyses, Submissions & Operations. 5 operations. Lead operation: Get a URL / File Analysis. Self-contained Naftiko capability
    covering one VirusTotal business surface.'
  tags:
  - VirusTotal
  - IoC Investigation
  - Analyses, Submissions & Operations
  created: '2026-05-29'
  modified: '2026-05-29'
binds:
- namespace: env
  keys:
    VIRUSTOTAL_API_KEY: VIRUSTOTAL_API_KEY
capability:
  consumes:
  - type: http
    namespace: ioc-investigation-ioc-investigation-analyses-submissions-operations
    baseUri: https://www.virustotal.com/api/v3
    description: VirusTotal API v3 - IoC Investigation — IoC Investigation - Analyses, Submissions & Operations. Self-contained, no shared references.
    authentication:
      type: apikey
      key: x-apikey
      value: '{{env.VIRUSTOTAL_API_KEY}}'
      placement: header
    resources:
    - name: analyses-id
      path: /analyses/{id}
      operations:
      - name: analysis
        method: GET
        description: VirusTotal Get a URL / File Analysis
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
          description: Analysis identifier
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: analyses-id-relationships-relationship
      path: /analyses/{id}/relationships/{relationship}
      operations:
      - name: analysesGetDescriptors
        method: GET
        description: VirusTotal Get Object Descriptors Related to an Analysis
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
          description: Analysis identifier
        - name: relationship
          in: path
          type: string
          required: true
          description: Relationship name (see [table](ref:analyses-object#relationships))
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: analyses-id-relationship
      path: /analyses/{id}/{relationship}
      operations:
      - name: analysesGetObjects
        method: GET
        description: VirusTotal Get Objects Related to an Analysis
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
          description: Analysis identifier
        - name: relationship
          in: path
          type: string
          required: true
          description: Relationship name (see [table](ref:analyses-object#relationships))
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: submission-id
      path: /submission/{id}
      operations:
      - name: getSubmission
        method: GET
        description: VirusTotal Get a Submission Object
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
          description: Submission object ID
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: operations-id
      path: /operations/{id}
      operations:
      - name: getOperationsId
        method: GET
        description: VirusTotal Get an Operation Object
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
          description: Operation ID
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
  exposes:
  - type: rest
    namespace: ioc-investigation-ioc-investigation-analyses-submissions-operations-rest
    port: 8080
    description: REST adapter for VirusTotal API v3 - IoC Investigation — IoC Investigation - Analyses, Submissions & Operations. One Spectral-compliant resource per consumed operation, prefixed with /v1.
    resources:
    - path: /v1/analyses/{id}
      name: analyses-id
      description: REST surface for /analyses/{id}.
      operations:
      - method: GET
        name: analysis
        description: VirusTotal Get a URL / File Analysis
        call: ioc-investigation-ioc-investigation-analyses-submissions-operations.analysis
        outputParameters:
        - type: object
          mapping: $.
        with:
          id: rest.id
    - path: /v1/analyses/{id}/relationships/{relationship}
      name: analyses-id-relationships-relationship
      description: REST surface for /analyses/{id}/relationships/{relationship}.
      operations:
      - method: GET
        name: analysesGetDescriptors
        description: VirusTotal Get Object Descriptors Related to an Analysis
        call: ioc-investigation-ioc-investigation-analyses-submissions-operations.analysesGetDescriptors
        outputParameters:
        - type: object
          mapping: $.
        with:
          id: rest.id
          relationship: rest.relationship
    - path: /v1/analyses/{id}/{relationship}
      name: analyses-id-relationship
      description: REST surface for /analyses/{id}/{relationship}.
      operations:
      - method: GET
        name: analysesGetObjects
        description: VirusTotal Get Objects Related to an Analysis
        call: ioc-investigation-ioc-investigation-analyses-submissions-operations.analysesGetObjects
        outputParameters:
        - type: object
          mapping: $.
        with:
          id: rest.id
          relationship: rest.relationship
    - path: /v1/submission/{id}
      name: submission-id
      description: REST surface for /submission/{id}.
      operations:
      - method: GET
        name: getSubmission
        description: VirusTotal Get a Submission Object
        call: ioc-investigation-ioc-investigation-analyses-submissions-operations.getSubmission
        outputParameters:
        - type: object
          mapping: $.
        with:
          id: rest.id
    - path: /v1/operations/{id}
      name: operations-id
      description: REST surface for /operations/{id}.
      operations:
      - method: GET
        name: getOperationsId
        description: VirusTotal Get an Operation Object
        call: ioc-investigation-ioc-investigation-analyses-submissions-operations.getOperationsId
        outputParameters:
        - type: object
          mapping: $.
        with:
          id: rest.id
  - type: mcp
    namespace: ioc-investigation-ioc-investigation-analyses-submissions-operations-mcp
    port: 9090
    transport: http
    description: MCP adapter for VirusTotal API v3 - IoC Investigation — IoC Investigation - Analyses, Submissions & Operations. One tool per consumed operation, routed inline through this capability's
      consumes block.
    tools:
    - name: get-url-file-analysis
      description: VirusTotal Get a URL / File Analysis
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: ioc-investigation-ioc-investigation-analyses-submissions-operations.analysis
      outputParameters:
      - type: object
        mapping: $.
      with:
        id: tools.id
    - name: get-object-descriptors-related-analysis
      description: VirusTotal Get Object Descriptors Related to an Analysis
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: ioc-investigation-ioc-investigation-analyses-submissions-operations.analysesGetDescriptors
      outputParameters:
      - type: object
        mapping: $.
      with:
        id: tools.id
        relationship: tools.relationship
    - name: get-objects-related-analysis
      description: VirusTotal Get Objects Related to an Analysis
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: ioc-investigation-ioc-investigation-analyses-submissions-operations.analysesGetObjects
      outputParameters:
      - type: object
        mapping: $.
      with:
        id: tools.id
        relationship: tools.relationship
    - name: get-submission-object
      description: VirusTotal Get a Submission Object
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: ioc-investigation-ioc-investigation-analyses-submissions-operations.getSubmission
      outputParameters:
      - type: object
        mapping: $.
      with:
        id: tools.id
    - name: get-operation-object
      description: VirusTotal Get an Operation Object
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: ioc-investigation-ioc-investigation-analyses-submissions-operations.getOperationsId
      outputParameters:
      - type: object
        mapping: $.
      with:
        id: tools.id