VirusTotal · Capability
VirusTotal API v3 - Threat Graphs — Threat Graphs
VirusTotal API v3 - Threat Graphs — Threat Graphs. 9 operations. Lead operation: Search Graphs. Self-contained Naftiko capability covering one VirusTotal business surface.
What You Can Do
GET
Graphs
— VirusTotal Search Graphs
/v1/graphs
POST
Creategraphs
— VirusTotal Create a Graph
/v1/graphs
DELETE
Graphsdelete
— VirusTotal Delete a Graph
/v1/graphs/{id}
GET
Graphsinfo
— VirusTotal Get a Graph Object
/v1/graphs/{id}
PATCH
Graphsupdate
— VirusTotal Update a Graph Object
/v1/graphs/{id}
GET
Getgraphcomments
— VirusTotal Get Comments on a Graph
/v1/graphs/{id}/comments
POST
Postgraphscomments
— VirusTotal Add a Comment to a Graph
/v1/graphs/{id}/comments
GET
Graphsrelationshipsids
— VirusTotal Get Object Descriptors Related to a Graph
/v1/graphs/{id}/relationships/{relationship}
GET
Graphsrelationships
— VirusTotal Get Objects Related to a Graph
/v1/graphs/{id}/{relationship}
MCP Tools
search-graphs
VirusTotal Search Graphs
read-only
idempotent
create-graph
VirusTotal Create a Graph
delete-graph
VirusTotal Delete a Graph
idempotent
get-graph-object
VirusTotal Get a Graph Object
read-only
idempotent
update-graph-object
VirusTotal Update a Graph Object
idempotent
get-comments-graph
VirusTotal Get Comments on a Graph
read-only
idempotent
add-comment-graph
VirusTotal Add a Comment to a Graph
get-object-descriptors-related-graph
VirusTotal Get Object Descriptors Related to a Graph
read-only
idempotent
get-objects-related-graph
VirusTotal Get Objects Related to a Graph
read-only
idempotent
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: VirusTotal API v3 - Threat Graphs — Threat Graphs
description: 'VirusTotal API v3 - Threat Graphs — Threat Graphs. 9 operations. Lead operation: Search Graphs. Self-contained Naftiko capability covering one VirusTotal business surface.'
tags:
- VirusTotal
- Threat Graphs
created: '2026-05-29'
modified: '2026-05-29'
binds:
- namespace: env
keys:
VIRUSTOTAL_API_KEY: VIRUSTOTAL_API_KEY
capability:
consumes:
- type: http
namespace: threat-graphs-threat-graphs
baseUri: https://www.virustotal.com/api/v3
description: VirusTotal API v3 - Threat Graphs — Threat Graphs. Self-contained, no shared references.
authentication:
type: apikey
key: x-apikey
value: '{{env.VIRUSTOTAL_API_KEY}}'
placement: header
resources:
- name: graphs
path: /graphs
operations:
- name: graphs
method: GET
description: VirusTotal Search Graphs
inputParameters:
- name: filter
in: query
type: string
required: false
description: Return the graphs matching the given criteria only
- name: limit
in: query
type: integer
required: false
description: Maximum number graphs to retrieve
- name: cursor
in: query
type: string
required: false
description: Continuation cursor
- name: order
in: query
type: string
required: false
description: Sort order
- name: attributes
in: query
type: string
required: false
description: Specific fields to retrieve
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
- name: createGraphs
method: POST
description: VirusTotal Create a Graph
inputParameters:
- name: body
in: body
type: object
required: false
description: Request body payload.
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
- name: graphs-id
path: /graphs/{id}
operations:
- name: graphsDelete
method: DELETE
description: VirusTotal Delete a Graph
inputParameters:
- name: id
in: path
type: string
required: true
description: A 65 char length id which uniquely identify the graph.
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
- name: graphsInfo
method: GET
description: VirusTotal Get a Graph Object
inputParameters:
- name: id
in: path
type: string
required: true
description: A 65 char length id which uniquely identify the graph.
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
- name: graphsUpdate
method: PATCH
description: VirusTotal Update a Graph Object
inputParameters:
- name: id
in: path
type: string
required: true
description: A 65 char length id which uniquely identify the graph.
- name: body
in: body
type: object
required: false
description: Request body payload.
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
- name: graphs-id-comments
path: /graphs/{id}/comments
operations:
- name: getGraphComments
method: GET
description: VirusTotal Get Comments on a Graph
inputParameters:
- name: id
in: path
type: string
required: true
description: A 65 char length id which uniquely identify the graph.
- name: limit
in: query
type: string
required: false
description: Maximum number of related objects to retrieve
- name: cursor
in: query
type: integer
required: false
description: Continuation cursor
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
- name: postGraphsComments
method: POST
description: VirusTotal Add a Comment to a Graph
inputParameters:
- name: id
in: path
type: string
required: true
description: A 65 char length id which uniquely identify the graph.
- name: body
in: body
type: object
required: false
description: Request body payload.
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
- name: graphs-id-relationships-relationship
path: /graphs/{id}/relationships/{relationship}
operations:
- name: graphsRelationshipsIds
method: GET
description: VirusTotal Get Object Descriptors Related to a Graph
inputParameters:
- name: id
in: path
type: string
required: true
description: A 65 char length id which uniquely identify the graph.
- name: relationship
in: path
type: string
required: true
description: Relationship name (see [table](ref:graph-object#relationships))
- name: limit
in: query
type: string
required: false
description: Maximum number of related objects to retrieve
- name: cursor
in: query
type: integer
required: false
description: Continuation cursor
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
- name: graphs-id-relationship
path: /graphs/{id}/{relationship}
operations:
- name: graphsRelationships
method: GET
description: VirusTotal Get Objects Related to a Graph
inputParameters:
- name: id
in: path
type: string
required: true
description: A 65 char length id which uniquely identify the graph.
- name: relationship
in: path
type: string
required: true
description: Relationship name (see [table](ref:graph-object#relationships))
- name: limit
in: query
type: string
required: false
description: Maximum number of related objects to retrieve
- name: cursor
in: query
type: integer
required: false
description: Continuation cursor
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
exposes:
- type: rest
namespace: threat-graphs-threat-graphs-rest
port: 8080
description: REST adapter for VirusTotal API v3 - Threat Graphs — Threat Graphs. One Spectral-compliant resource per consumed operation, prefixed with /v1.
resources:
- path: /v1/graphs
name: graphs
description: REST surface for /graphs.
operations:
- method: GET
name: graphs
description: VirusTotal Search Graphs
call: threat-graphs-threat-graphs.graphs
outputParameters:
- type: object
mapping: $.
with:
filter: rest.filter
limit: rest.limit
cursor: rest.cursor
order: rest.order
attributes: rest.attributes
- method: POST
name: createGraphs
description: VirusTotal Create a Graph
call: threat-graphs-threat-graphs.createGraphs
outputParameters:
- type: object
mapping: $.
with:
body: rest.body
- path: /v1/graphs/{id}
name: graphs-id
description: REST surface for /graphs/{id}.
operations:
- method: DELETE
name: graphsDelete
description: VirusTotal Delete a Graph
call: threat-graphs-threat-graphs.graphsDelete
outputParameters:
- type: object
mapping: $.
with:
id: rest.id
- method: GET
name: graphsInfo
description: VirusTotal Get a Graph Object
call: threat-graphs-threat-graphs.graphsInfo
outputParameters:
- type: object
mapping: $.
with:
id: rest.id
- method: PATCH
name: graphsUpdate
description: VirusTotal Update a Graph Object
call: threat-graphs-threat-graphs.graphsUpdate
outputParameters:
- type: object
mapping: $.
with:
id: rest.id
body: rest.body
- path: /v1/graphs/{id}/comments
name: graphs-id-comments
description: REST surface for /graphs/{id}/comments.
operations:
- method: GET
name: getGraphComments
description: VirusTotal Get Comments on a Graph
call: threat-graphs-threat-graphs.getGraphComments
outputParameters:
- type: object
mapping: $.
with:
id: rest.id
limit: rest.limit
cursor: rest.cursor
- method: POST
name: postGraphsComments
description: VirusTotal Add a Comment to a Graph
call: threat-graphs-threat-graphs.postGraphsComments
outputParameters:
- type: object
mapping: $.
with:
id: rest.id
body: rest.body
- path: /v1/graphs/{id}/relationships/{relationship}
name: graphs-id-relationships-relationship
description: REST surface for /graphs/{id}/relationships/{relationship}.
operations:
- method: GET
name: graphsRelationshipsIds
description: VirusTotal Get Object Descriptors Related to a Graph
call: threat-graphs-threat-graphs.graphsRelationshipsIds
outputParameters:
- type: object
mapping: $.
with:
id: rest.id
relationship: rest.relationship
limit: rest.limit
cursor: rest.cursor
- path: /v1/graphs/{id}/{relationship}
name: graphs-id-relationship
description: REST surface for /graphs/{id}/{relationship}.
operations:
- method: GET
name: graphsRelationships
description: VirusTotal Get Objects Related to a Graph
call: threat-graphs-threat-graphs.graphsRelationships
outputParameters:
- type: object
mapping: $.
with:
id: rest.id
relationship: rest.relationship
limit: rest.limit
cursor: rest.cursor
- type: mcp
namespace: threat-graphs-threat-graphs-mcp
port: 9090
transport: http
description: MCP adapter for VirusTotal API v3 - Threat Graphs — Threat Graphs. One tool per consumed operation, routed inline through this capability's consumes block.
tools:
- name: search-graphs
description: VirusTotal Search Graphs
hints:
readOnly: true
destructive: false
idempotent: true
call: threat-graphs-threat-graphs.graphs
outputParameters:
- type: object
mapping: $.
with:
filter: tools.filter
limit: tools.limit
cursor: tools.cursor
order: tools.order
attributes: tools.attributes
- name: create-graph
description: VirusTotal Create a Graph
hints:
readOnly: false
destructive: false
idempotent: false
call: threat-graphs-threat-graphs.createGraphs
outputParameters:
- type: object
mapping: $.
with:
body: tools.body
- name: delete-graph
description: VirusTotal Delete a Graph
hints:
readOnly: false
destructive: true
idempotent: true
call: threat-graphs-threat-graphs.graphsDelete
outputParameters:
- type: object
mapping: $.
with:
id: tools.id
- name: get-graph-object
description: VirusTotal Get a Graph Object
hints:
readOnly: true
destructive: false
idempotent: true
call: threat-graphs-threat-graphs.graphsInfo
outputParameters:
- type: object
mapping: $.
with:
id: tools.id
- name: update-graph-object
description: VirusTotal Update a Graph Object
hints:
readOnly: false
destructive: false
idempotent: true
call: threat-graphs-threat-graphs.graphsUpdate
outputParameters:
- type: object
mapping: $.
with:
id: tools.id
body: tools.body
- name: get-comments-graph
description: VirusTotal Get Comments on a Graph
hints:
readOnly: true
destructive: false
idempotent: true
call: threat-graphs-threat-graphs.getGraphComments
outputParameters:
- type: object
mapping: $.
with:
id: tools.id
limit: tools.limit
cursor: tools.cursor
- name: add-comment-graph
description: VirusTotal Add a Comment to a Graph
hints:
readOnly: false
destructive: false
idempotent: false
call: threat-graphs-threat-graphs.postGraphsComments
outputParameters:
- type: object
mapping: $.
with:
id: tools.id
body: tools.body
- name: get-object-descriptors-related-graph
description: VirusTotal Get Object Descriptors Related to a Graph
hints:
readOnly: true
destructive: false
idempotent: true
call: threat-graphs-threat-graphs.graphsRelationshipsIds
outputParameters:
- type: object
mapping: $.
with:
id: tools.id
relationship: tools.relationship
limit: tools.limit
cursor: tools.cursor
- name: get-objects-related-graph
description: VirusTotal Get Objects Related to a Graph
hints:
readOnly: true
destructive: false
idempotent: true
call: threat-graphs-threat-graphs.graphsRelationships
outputParameters:
- type: object
mapping: $.
with:
id: tools.id
relationship: tools.relationship
limit: tools.limit
cursor: tools.cursor