VirusTotal · Capability

VirusTotal API v3 - IoC Investigation — IoC Investigation - Files

VirusTotal API v3 - IoC Investigation — IoC Investigation - Files. 14 operations. Lead operation: Get a URL for Uploading Large Files. Self-contained Naftiko capability covering one VirusTotal business surface.

Run with Naftiko VirusTotalIoC InvestigationFiles

What You Can Do

GET
Filesuploadurl — VirusTotal Get a URL for Uploading Large Files
/v1/files/upload_url
POST
Filesscan — VirusTotal Upload a File
/v1/files
GET
Fileinfo — VirusTotal Get a File Report
/v1/files/{id}
POST
Filesanalyse — VirusTotal Request a File Rescan (re-analyze)
/v1/files/{id}/analyse
GET
Filescommentsget — VirusTotal Get Comments on a File
/v1/files/{id}/comments
POST
Filescommentspost — VirusTotal Add a Comment to a File
/v1/files/{id}/comments
GET
Filesdownload — VirusTotal Download a File
/v1/files/{id}/download
GET
Filesdownloadurl — VirusTotal Get a File’s Download URL
/v1/files/{id}/download_url
GET
Filesrelationshipsids — VirusTotal Get Object Descriptors Related to a File
/v1/files/{id}/relationships/{relationship}
GET
Filesvotesget — VirusTotal Get Votes on a File
/v1/files/{id}/votes
POST
Filesvotespost — VirusTotal Add a Vote on a File
/v1/files/{id}/votes
GET
Filesrelationships — VirusTotal Get Objects Related to a File
/v1/files/{id}/{relationship}
GET
Getsigmarules — VirusTotal Get a Crowdsourced Sigma Rule Object
/v1/sigma_rules/{id}
GET
Getyararulesets — VirusTotal Get a Crowdsourced YARA Ruleset
/v1/yara_rulesets/{id}

MCP Tools

get-url-uploading-large-files

VirusTotal Get a URL for Uploading Large Files

read-only idempotent
upload-file

VirusTotal Upload a File

get-file-report

VirusTotal Get a File Report

read-only idempotent
request-file-rescan-re-analyze

VirusTotal Request a File Rescan (re-analyze)

get-comments-file

VirusTotal Get Comments on a File

read-only idempotent
add-comment-file

VirusTotal Add a Comment to a File

download-file

VirusTotal Download a File

read-only idempotent
get-file-s-download-url

VirusTotal Get a File’s Download URL

read-only idempotent
get-object-descriptors-related-file

VirusTotal Get Object Descriptors Related to a File

read-only idempotent
get-votes-file

VirusTotal Get Votes on a File

read-only idempotent
add-vote-file

VirusTotal Add a Vote on a File

get-objects-related-file

VirusTotal Get Objects Related to a File

read-only idempotent
get-crowdsourced-sigma-rule-object

VirusTotal Get a Crowdsourced Sigma Rule Object

read-only idempotent
get-crowdsourced-yara-ruleset

VirusTotal Get a Crowdsourced YARA Ruleset

read-only idempotent

Capability Spec

ioc-investigation-ioc-investigation-files.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: VirusTotal API v3 - IoC Investigation — IoC Investigation - Files
  description: 'VirusTotal API v3 - IoC Investigation — IoC Investigation - Files. 14 operations. Lead operation: Get a URL for Uploading Large Files. Self-contained Naftiko capability covering one VirusTotal
    business surface.'
  tags:
  - VirusTotal
  - IoC Investigation
  - Files
  created: '2026-05-29'
  modified: '2026-05-29'
binds:
- namespace: env
  keys:
    VIRUSTOTAL_API_KEY: VIRUSTOTAL_API_KEY
capability:
  consumes:
  - type: http
    namespace: ioc-investigation-ioc-investigation-files
    baseUri: https://www.virustotal.com/api/v3
    description: VirusTotal API v3 - IoC Investigation — IoC Investigation - Files. Self-contained, no shared references.
    authentication:
      type: apikey
      key: x-apikey
      value: '{{env.VIRUSTOTAL_API_KEY}}'
      placement: header
    resources:
    - name: files-upload-url
      path: /files/upload_url
      operations:
      - name: filesUploadUrl
        method: GET
        description: VirusTotal Get a URL for Uploading Large Files
        inputParameters: []
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: files
      path: /files
      operations:
      - name: filesScan
        method: POST
        description: VirusTotal Upload a File
        inputParameters:
        - name: body
          in: body
          type: object
          required: true
          description: Request body payload.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: files-id
      path: /files/{id}
      operations:
      - name: fileInfo
        method: GET
        description: VirusTotal Get a File Report
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
          description: SHA-256, SHA-1 or MD5 identifying the file
        - name: x-tool
          in: header
          type: string
          required: false
          description: The name of your tool or service. This is required to obtain the gti_assesment data
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: files-id-analyse
      path: /files/{id}/analyse
      operations:
      - name: filesAnalyse
        method: POST
        description: VirusTotal Request a File Rescan (re-analyze)
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
          description: SHA-256, SHA-1 or MD5 identifying the file
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: files-id-comments
      path: /files/{id}/comments
      operations:
      - name: filesCommentsGet
        method: GET
        description: VirusTotal Get Comments on a File
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
          description: SHA-256, SHA-1 or MD5 identifying the file
        - name: limit
          in: query
          type: integer
          required: false
          description: Maximum number of comments to retrieve
        - name: cursor
          in: query
          type: string
          required: false
          description: Continuation cursor
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: filesCommentsPost
        method: POST
        description: VirusTotal Add a Comment to a File
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
          description: SHA-256, SHA-1 or MD5 identifying the file
        - name: body
          in: body
          type: object
          required: false
          description: Request body payload.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: files-id-download
      path: /files/{id}/download
      operations:
      - name: filesDownload
        method: GET
        description: VirusTotal Download a File
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
          description: SHA-256, SHA-1 or MD5 identifying the file
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: files-id-download-url
      path: /files/{id}/download_url
      operations:
      - name: filesDownloadUrl
        method: GET
        description: VirusTotal Get a File’s Download URL
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
          description: SHA-256, SHA-1 or MD5 identifying the file
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: files-id-relationships-relationship
      path: /files/{id}/relationships/{relationship}
      operations:
      - name: filesRelationshipsIds
        method: GET
        description: VirusTotal Get Object Descriptors Related to a File
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
          description: SHA-256, SHA-1 or MD5 identifying the file
        - name: relationship
          in: path
          type: string
          required: true
          description: Relationship name (see [table](ref:object-files#relationships))
        - name: limit
          in: query
          type: string
          required: false
          description: Maximum number of related objects to retrieve
        - name: cursor
          in: query
          type: string
          required: false
          description: Continuation cursor
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: files-id-votes
      path: /files/{id}/votes
      operations:
      - name: filesVotesGet
        method: GET
        description: VirusTotal Get Votes on a File
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
          description: SHA-256, SHA-1 or MD5 identifying the file
        - name: limit
          in: query
          type: integer
          required: false
          description: Maximum number of votes to retrieve
        - name: cursor
          in: query
          type: string
          required: false
          description: Continuation cursor
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: filesVotesPost
        method: POST
        description: VirusTotal Add a Vote on a File
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
          description: SHA-256, SHA-1 or MD5 identifying the file
        - name: body
          in: body
          type: object
          required: false
          description: Request body payload.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: files-id-relationship
      path: /files/{id}/{relationship}
      operations:
      - name: filesRelationships
        method: GET
        description: VirusTotal Get Objects Related to a File
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
          description: SHA-256, SHA-1 or MD5 identifying the file
        - name: relationship
          in: path
          type: string
          required: true
          description: Relationship name (see [table](ref:object-files#relationships))
        - name: limit
          in: query
          type: integer
          required: false
          description: Maximum number of related objects to retrieve
        - name: cursor
          in: query
          type: string
          required: false
          description: Continuation cursor
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: sigma-rules-id
      path: /sigma_rules/{id}
      operations:
      - name: getSigmaRules
        method: GET
        description: VirusTotal Get a Crowdsourced Sigma Rule Object
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
          description: Rule ID
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: yara-rulesets-id
      path: /yara_rulesets/{id}
      operations:
      - name: getYaraRulesets
        method: GET
        description: VirusTotal Get a Crowdsourced YARA Ruleset
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
          description: Ruleset ID to fetch.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
  exposes:
  - type: rest
    namespace: ioc-investigation-ioc-investigation-files-rest
    port: 8080
    description: REST adapter for VirusTotal API v3 - IoC Investigation — IoC Investigation - Files. One Spectral-compliant resource per consumed operation, prefixed with /v1.
    resources:
    - path: /v1/files/upload_url
      name: files-upload-url
      description: REST surface for /files/upload_url.
      operations:
      - method: GET
        name: filesUploadUrl
        description: VirusTotal Get a URL for Uploading Large Files
        call: ioc-investigation-ioc-investigation-files.filesUploadUrl
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/files
      name: files
      description: REST surface for /files.
      operations:
      - method: POST
        name: filesScan
        description: VirusTotal Upload a File
        call: ioc-investigation-ioc-investigation-files.filesScan
        outputParameters:
        - type: object
          mapping: $.
        with:
          body: rest.body
    - path: /v1/files/{id}
      name: files-id
      description: REST surface for /files/{id}.
      operations:
      - method: GET
        name: fileInfo
        description: VirusTotal Get a File Report
        call: ioc-investigation-ioc-investigation-files.fileInfo
        outputParameters:
        - type: object
          mapping: $.
        with:
          id: rest.id
          x-tool: rest.x-tool
    - path: /v1/files/{id}/analyse
      name: files-id-analyse
      description: REST surface for /files/{id}/analyse.
      operations:
      - method: POST
        name: filesAnalyse
        description: VirusTotal Request a File Rescan (re-analyze)
        call: ioc-investigation-ioc-investigation-files.filesAnalyse
        outputParameters:
        - type: object
          mapping: $.
        with:
          id: rest.id
    - path: /v1/files/{id}/comments
      name: files-id-comments
      description: REST surface for /files/{id}/comments.
      operations:
      - method: GET
        name: filesCommentsGet
        description: VirusTotal Get Comments on a File
        call: ioc-investigation-ioc-investigation-files.filesCommentsGet
        outputParameters:
        - type: object
          mapping: $.
        with:
          id: rest.id
          limit: rest.limit
          cursor: rest.cursor
      - method: POST
        name: filesCommentsPost
        description: VirusTotal Add a Comment to a File
        call: ioc-investigation-ioc-investigation-files.filesCommentsPost
        outputParameters:
        - type: object
          mapping: $.
        with:
          id: rest.id
          body: rest.body
    - path: /v1/files/{id}/download
      name: files-id-download
      description: REST surface for /files/{id}/download.
      operations:
      - method: GET
        name: filesDownload
        description: VirusTotal Download a File
        call: ioc-investigation-ioc-investigation-files.filesDownload
        outputParameters:
        - type: object
          mapping: $.
        with:
          id: rest.id
    - path: /v1/files/{id}/download_url
      name: files-id-download-url
      description: REST surface for /files/{id}/download_url.
      operations:
      - method: GET
        name: filesDownloadUrl
        description: VirusTotal Get a File’s Download URL
        call: ioc-investigation-ioc-investigation-files.filesDownloadUrl
        outputParameters:
        - type: object
          mapping: $.
        with:
          id: rest.id
    - path: /v1/files/{id}/relationships/{relationship}
      name: files-id-relationships-relationship
      description: REST surface for /files/{id}/relationships/{relationship}.
      operations:
      - method: GET
        name: filesRelationshipsIds
        description: VirusTotal Get Object Descriptors Related to a File
        call: ioc-investigation-ioc-investigation-files.filesRelationshipsIds
        outputParameters:
        - type: object
          mapping: $.
        with:
          id: rest.id
          relationship: rest.relationship
          limit: rest.limit
          cursor: rest.cursor
    - path: /v1/files/{id}/votes
      name: files-id-votes
      description: REST surface for /files/{id}/votes.
      operations:
      - method: GET
        name: filesVotesGet
        description: VirusTotal Get Votes on a File
        call: ioc-investigation-ioc-investigation-files.filesVotesGet
        outputParameters:
        - type: object
          mapping: $.
        with:
          id: rest.id
          limit: rest.limit
          cursor: rest.cursor
      - method: POST
        name: filesVotesPost
        description: VirusTotal Add a Vote on a File
        call: ioc-investigation-ioc-investigation-files.filesVotesPost
        outputParameters:
        - type: object
          mapping: $.
        with:
          id: rest.id
          body: rest.body
    - path: /v1/files/{id}/{relationship}
      name: files-id-relationship
      description: REST surface for /files/{id}/{relationship}.
      operations:
      - method: GET
        name: filesRelationships
        description: VirusTotal Get Objects Related to a File
        call: ioc-investigation-ioc-investigation-files.filesRelationships
        outputParameters:
        - type: object
          mapping: $.
        with:
          id: rest.id
          relationship: rest.relationship
          limit: rest.limit
          cursor: rest.cursor
    - path: /v1/sigma_rules/{id}
      name: sigma-rules-id
      description: REST surface for /sigma_rules/{id}.
      operations:
      - method: GET
        name: getSigmaRules
        description: VirusTotal Get a Crowdsourced Sigma Rule Object
        call: ioc-investigation-ioc-investigation-files.getSigmaRules
        outputParameters:
        - type: object
          mapping: $.
        with:
          id: rest.id
    - path: /v1/yara_rulesets/{id}
      name: yara-rulesets-id
      description: REST surface for /yara_rulesets/{id}.
      operations:
      - method: GET
        name: getYaraRulesets
        description: VirusTotal Get a Crowdsourced YARA Ruleset
        call: ioc-investigation-ioc-investigation-files.getYaraRulesets
        outputParameters:
        - type: object
          mapping: $.
        with:
          id: rest.id
  - type: mcp
    namespace: ioc-investigation-ioc-investigation-files-mcp
    port: 9090
    transport: http
    description: MCP adapter for VirusTotal API v3 - IoC Investigation — IoC Investigation - Files. One tool per consumed operation, routed inline through this capability's consumes block.
    tools:
    - name: get-url-uploading-large-files
      description: VirusTotal Get a URL for Uploading Large Files
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: ioc-investigation-ioc-investigation-files.filesUploadUrl
      outputParameters:
      - type: object
        mapping: $.
    - name: upload-file
      description: VirusTotal Upload a File
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: ioc-investigation-ioc-investigation-files.filesScan
      outputParameters:
      - type: object
        mapping: $.
      with:
        body: tools.body
    - name: get-file-report
      description: VirusTotal Get a File Report
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: ioc-investigation-ioc-investigation-files.fileInfo
      outputParameters:
      - type: object
        mapping: $.
      with:
        id: tools.id
        x-tool: tools.x-tool
    - name: request-file-rescan-re-analyze
      description: VirusTotal Request a File Rescan (re-analyze)
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: ioc-investigation-ioc-investigation-files.filesAnalyse
      outputParameters:
      - type: object
        mapping: $.
      with:
        id: tools.id
    - name: get-comments-file
      description: VirusTotal Get Comments on a File
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: ioc-investigation-ioc-investigation-files.filesCommentsGet
      outputParameters:
      - type: object
        mapping: $.
      with:
        id: tools.id
        limit: tools.limit
        cursor: tools.cursor
    - name: add-comment-file
      description: VirusTotal Add a Comment to a File
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: ioc-investigation-ioc-investigation-files.filesCommentsPost
      outputParameters:
      - type: object
        mapping: $.
      with:
        id: tools.id
        body: tools.body
    - name: download-file
      description: VirusTotal Download a File
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: ioc-investigation-ioc-investigation-files.filesDownload
      outputParameters:
      - type: object
        mapping: $.
      with:
        id: tools.id
    - name: get-file-s-download-url
      description: VirusTotal Get a File’s Download URL
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: ioc-investigation-ioc-investigation-files.filesDownloadUrl
      outputParameters:
      - type: object
        mapping: $.
      with:
        id: tools.id
    - name: get-object-descriptors-related-file
      description: VirusTotal Get Object Descriptors Related to a File
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: ioc-investigation-ioc-investigation-files.filesRelationshipsIds
      outputParameters:
      - type: object
        mapping: $.
      with:
        id: tools.id
        relationship: tools.relationship
        limit: tools.limit
        cursor: tools.cursor
    - name: get-votes-file
      description: VirusTotal Get Votes on a File
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: ioc-investigation-ioc-investigation-files.filesVotesGet
      outputParameters:
      - type: object
        mapping: $.
      with:
        id: tools.id
        limit: tools.limit
        cursor: tools.cursor
    - name: add-vote-file
      description: VirusTotal Add a Vote on a File
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: ioc-investigation-ioc-investigation-files.filesVotesPost
      outputParameters:
      - type: object
        mapping: $.
      with:
        id: tools.id
        body: tools.body
    - name: get-objects-related-file
      description: VirusTotal Get Objects Related to a File
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: ioc-investigation-ioc-investigation-files.filesRelationships
      outputParameters:
      - type: object
        mapping: $.
      with:
        id: tools.id
        relationship: tools.relationship
        limit: tools.limit
        cursor: tools.cursor
    - name: get-crowdsourced-sigma-rule-object
      description: VirusTotal Get a Crowdsourced Sigma Rule Object
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: ioc-investigation-ioc-investigation-files.getSigmaRules
      outputParameters:
      - type: object
        mapping: $.
      with:
        id: tools.id
    - name: get-crowdsourced-yara-ruleset
      description: VirusTotal Get a Crowdsourced YARA Ruleset
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: ioc-investigation-ioc-investigation-files.getYaraRulesets
      outputParameters:
      - type: object
        mapping: $.
      with:
        id: tools.id