VirusTotal · Capability

VirusTotal API v3 - IoC Investigation — IoC Investigation - IP addresses

VirusTotal API v3 - IoC Investigation — IoC Investigation - IP addresses. 7 operations. Lead operation: Get an IP Address Report. Self-contained Naftiko capability covering one VirusTotal business surface.

Run with Naftiko VirusTotalIoC InvestigationIP addresses

What You Can Do

GET
Ipinfo — VirusTotal Get an IP Address Report
/v1/ip_addresses/{ip}
GET
Ipcommentsget — VirusTotal Get Comments on an IP Address
/v1/ip_addresses/{ip}/comments
POST
Ipcommentspost — VirusTotal Add a Comment to an IP Address
/v1/ip_addresses/{ip}/comments
GET
Iprelationshipsids — VirusTotal Get Object Descriptors Related to an IP Address
/v1/ip_addresses/{ip}/relationships/{relationship}
GET
Ipvotes — VirusTotal Get Votes on an IP Address
/v1/ip_addresses/{ip}/votes
POST
Ipvotespost — VirusTotal Add a Vote to an IP Address
/v1/ip_addresses/{ip}/votes
GET
Iprelationships — VirusTotal Get Objects Related to an IP Address
/v1/ip_addresses/{ip}/{relationship}

MCP Tools

get-ip-address-report

VirusTotal Get an IP Address Report

read-only idempotent
get-comments-ip-address

VirusTotal Get Comments on an IP Address

read-only idempotent
add-comment-ip-address

VirusTotal Add a Comment to an IP Address

get-object-descriptors-related-ip

VirusTotal Get Object Descriptors Related to an IP Address

read-only idempotent
get-votes-ip-address

VirusTotal Get Votes on an IP Address

read-only idempotent
add-vote-ip-address

VirusTotal Add a Vote to an IP Address

get-objects-related-ip-address

VirusTotal Get Objects Related to an IP Address

read-only idempotent

Capability Spec

ioc-investigation-ioc-investigation-ip-addresses.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: VirusTotal API v3 - IoC Investigation — IoC Investigation - IP addresses
  description: 'VirusTotal API v3 - IoC Investigation — IoC Investigation - IP addresses. 7 operations. Lead operation: Get an IP Address Report. Self-contained Naftiko capability covering one VirusTotal
    business surface.'
  tags:
  - VirusTotal
  - IoC Investigation
  - IP addresses
  created: '2026-05-29'
  modified: '2026-05-29'
binds:
- namespace: env
  keys:
    VIRUSTOTAL_API_KEY: VIRUSTOTAL_API_KEY
capability:
  consumes:
  - type: http
    namespace: ioc-investigation-ioc-investigation-ip-addresses
    baseUri: https://www.virustotal.com/api/v3
    description: VirusTotal API v3 - IoC Investigation — IoC Investigation - IP addresses. Self-contained, no shared references.
    authentication:
      type: apikey
      key: x-apikey
      value: '{{env.VIRUSTOTAL_API_KEY}}'
      placement: header
    resources:
    - name: ip-addresses-ip
      path: /ip_addresses/{ip}
      operations:
      - name: ipInfo
        method: GET
        description: VirusTotal Get an IP Address Report
        inputParameters:
        - name: ip
          in: path
          type: string
          required: true
          description: IP address
        - name: x-tool
          in: header
          type: string
          required: false
          description: The name of your tool or service. This is required to obtain the gti_assesment data
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: ip-addresses-ip-comments
      path: /ip_addresses/{ip}/comments
      operations:
      - name: ipCommentsGet
        method: GET
        description: VirusTotal Get Comments on an IP Address
        inputParameters:
        - name: ip
          in: path
          type: string
          required: true
          description: IP address
        - name: limit
          in: query
          type: integer
          required: false
          description: Maximum number of comments to retrieve
        - name: cursor
          in: query
          type: string
          required: false
          description: Continuation cursor
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: ipCommentsPost
        method: POST
        description: VirusTotal Add a Comment to an IP Address
        inputParameters:
        - name: ip
          in: path
          type: string
          required: true
          description: IP address
        - name: body
          in: body
          type: object
          required: false
          description: Request body payload.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: ip-addresses-ip-relationships-relationship
      path: /ip_addresses/{ip}/relationships/{relationship}
      operations:
      - name: ipRelationshipsIds
        method: GET
        description: VirusTotal Get Object Descriptors Related to an IP Address
        inputParameters:
        - name: ip
          in: path
          type: string
          required: true
          description: IP address
        - name: relationship
          in: path
          type: string
          required: true
          description: Relationship name (see [table](ref:ip-object#relationships))
        - name: limit
          in: query
          type: string
          required: false
          description: Maximum number of related objects to retrieve
        - name: cursor
          in: query
          type: string
          required: false
          description: Continuation cursor
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: ip-addresses-ip-votes
      path: /ip_addresses/{ip}/votes
      operations:
      - name: ipVotes
        method: GET
        description: VirusTotal Get Votes on an IP Address
        inputParameters:
        - name: ip
          in: path
          type: string
          required: true
          description: IP Address
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: ipVotesPost
        method: POST
        description: VirusTotal Add a Vote to an IP Address
        inputParameters:
        - name: ip
          in: path
          type: string
          required: true
          description: IP Address
        - name: body
          in: body
          type: object
          required: false
          description: Request body payload.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: ip-addresses-ip-relationship
      path: /ip_addresses/{ip}/{relationship}
      operations:
      - name: ipRelationships
        method: GET
        description: VirusTotal Get Objects Related to an IP Address
        inputParameters:
        - name: ip
          in: path
          type: string
          required: true
          description: IP address
        - name: relationship
          in: path
          type: string
          required: true
          description: Relationship name (see [table](ref:ip-object#relationships))
        - name: limit
          in: query
          type: integer
          required: false
          description: Maximum number of related objects to retrieve
        - name: cursor
          in: query
          type: string
          required: false
          description: Continuation cursor
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
  exposes:
  - type: rest
    namespace: ioc-investigation-ioc-investigation-ip-addresses-rest
    port: 8080
    description: REST adapter for VirusTotal API v3 - IoC Investigation — IoC Investigation - IP addresses. One Spectral-compliant resource per consumed operation, prefixed with /v1.
    resources:
    - path: /v1/ip_addresses/{ip}
      name: ip-addresses-ip
      description: REST surface for /ip_addresses/{ip}.
      operations:
      - method: GET
        name: ipInfo
        description: VirusTotal Get an IP Address Report
        call: ioc-investigation-ioc-investigation-ip-addresses.ipInfo
        outputParameters:
        - type: object
          mapping: $.
        with:
          ip: rest.ip
          x-tool: rest.x-tool
    - path: /v1/ip_addresses/{ip}/comments
      name: ip-addresses-ip-comments
      description: REST surface for /ip_addresses/{ip}/comments.
      operations:
      - method: GET
        name: ipCommentsGet
        description: VirusTotal Get Comments on an IP Address
        call: ioc-investigation-ioc-investigation-ip-addresses.ipCommentsGet
        outputParameters:
        - type: object
          mapping: $.
        with:
          ip: rest.ip
          limit: rest.limit
          cursor: rest.cursor
      - method: POST
        name: ipCommentsPost
        description: VirusTotal Add a Comment to an IP Address
        call: ioc-investigation-ioc-investigation-ip-addresses.ipCommentsPost
        outputParameters:
        - type: object
          mapping: $.
        with:
          ip: rest.ip
          body: rest.body
    - path: /v1/ip_addresses/{ip}/relationships/{relationship}
      name: ip-addresses-ip-relationships-relationship
      description: REST surface for /ip_addresses/{ip}/relationships/{relationship}.
      operations:
      - method: GET
        name: ipRelationshipsIds
        description: VirusTotal Get Object Descriptors Related to an IP Address
        call: ioc-investigation-ioc-investigation-ip-addresses.ipRelationshipsIds
        outputParameters:
        - type: object
          mapping: $.
        with:
          ip: rest.ip
          relationship: rest.relationship
          limit: rest.limit
          cursor: rest.cursor
    - path: /v1/ip_addresses/{ip}/votes
      name: ip-addresses-ip-votes
      description: REST surface for /ip_addresses/{ip}/votes.
      operations:
      - method: GET
        name: ipVotes
        description: VirusTotal Get Votes on an IP Address
        call: ioc-investigation-ioc-investigation-ip-addresses.ipVotes
        outputParameters:
        - type: object
          mapping: $.
        with:
          ip: rest.ip
      - method: POST
        name: ipVotesPost
        description: VirusTotal Add a Vote to an IP Address
        call: ioc-investigation-ioc-investigation-ip-addresses.ipVotesPost
        outputParameters:
        - type: object
          mapping: $.
        with:
          ip: rest.ip
          body: rest.body
    - path: /v1/ip_addresses/{ip}/{relationship}
      name: ip-addresses-ip-relationship
      description: REST surface for /ip_addresses/{ip}/{relationship}.
      operations:
      - method: GET
        name: ipRelationships
        description: VirusTotal Get Objects Related to an IP Address
        call: ioc-investigation-ioc-investigation-ip-addresses.ipRelationships
        outputParameters:
        - type: object
          mapping: $.
        with:
          ip: rest.ip
          relationship: rest.relationship
          limit: rest.limit
          cursor: rest.cursor
  - type: mcp
    namespace: ioc-investigation-ioc-investigation-ip-addresses-mcp
    port: 9090
    transport: http
    description: MCP adapter for VirusTotal API v3 - IoC Investigation — IoC Investigation - IP addresses. One tool per consumed operation, routed inline through this capability's consumes block.
    tools:
    - name: get-ip-address-report
      description: VirusTotal Get an IP Address Report
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: ioc-investigation-ioc-investigation-ip-addresses.ipInfo
      outputParameters:
      - type: object
        mapping: $.
      with:
        ip: tools.ip
        x-tool: tools.x-tool
    - name: get-comments-ip-address
      description: VirusTotal Get Comments on an IP Address
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: ioc-investigation-ioc-investigation-ip-addresses.ipCommentsGet
      outputParameters:
      - type: object
        mapping: $.
      with:
        ip: tools.ip
        limit: tools.limit
        cursor: tools.cursor
    - name: add-comment-ip-address
      description: VirusTotal Add a Comment to an IP Address
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: ioc-investigation-ioc-investigation-ip-addresses.ipCommentsPost
      outputParameters:
      - type: object
        mapping: $.
      with:
        ip: tools.ip
        body: tools.body
    - name: get-object-descriptors-related-ip
      description: VirusTotal Get Object Descriptors Related to an IP Address
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: ioc-investigation-ioc-investigation-ip-addresses.ipRelationshipsIds
      outputParameters:
      - type: object
        mapping: $.
      with:
        ip: tools.ip
        relationship: tools.relationship
        limit: tools.limit
        cursor: tools.cursor
    - name: get-votes-ip-address
      description: VirusTotal Get Votes on an IP Address
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: ioc-investigation-ioc-investigation-ip-addresses.ipVotes
      outputParameters:
      - type: object
        mapping: $.
      with:
        ip: tools.ip
    - name: add-vote-ip-address
      description: VirusTotal Add a Vote to an IP Address
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: ioc-investigation-ioc-investigation-ip-addresses.ipVotesPost
      outputParameters:
      - type: object
        mapping: $.
      with:
        ip: tools.ip
        body: tools.body
    - name: get-objects-related-ip-address
      description: VirusTotal Get Objects Related to an IP Address
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: ioc-investigation-ioc-investigation-ip-addresses.ipRelationships
      outputParameters:
      - type: object
        mapping: $.
      with:
        ip: tools.ip
        relationship: tools.relationship
        limit: tools.limit
        cursor: tools.cursor