VirusTotal · Capability

VirusTotal API v3 - YARA Hunting (Livehunt, Retrohunt, IoC Stream) — YARA Hunting - Rules

VirusTotal API v3 - YARA Hunting (Livehunt, Retrohunt, IoC Stream) — YARA Hunting - Rules. 4 operations. Lead operation: List Crowdsourced YARA Rules. Self-contained Naftiko capability covering one VirusTotal business surface.

Run with Naftiko VirusTotalYARA HuntingRules

What You Can Do

GET
Listcrowdsourcedyararules — VirusTotal List Crowdsourced YARA Rules
/v1/yara_rules
GET
Getacrowdsourcedyararule — VirusTotal Get a Crowdsourced YARA Rule
/v1/yara_rules/{id}
GET
Crowdsourcedyararulerelationshipdescriptorsendpoint — VirusTotal Get Objects Descriptors Related to a Crowdsourced YARA Rule
/v1/yara_rules/{id}/relationships/{relationship}
GET
Crowdsourcedyararulerelationshipendpoint — VirusTotal Get Objects Related to a Crowdsourced YARA Rule
/v1/yara_rules/{id}/{relationship}

MCP Tools

list-crowdsourced-yara-rules

VirusTotal List Crowdsourced YARA Rules

read-only idempotent
get-crowdsourced-yara-rule

VirusTotal Get a Crowdsourced YARA Rule

read-only idempotent
get-objects-descriptors-related-crowdsourced

VirusTotal Get Objects Descriptors Related to a Crowdsourced YARA Rule

read-only idempotent
get-objects-related-crowdsourced-yara

VirusTotal Get Objects Related to a Crowdsourced YARA Rule

read-only idempotent

Capability Spec

yara-hunting-yara-hunting-rules.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: VirusTotal API v3 - YARA Hunting (Livehunt, Retrohunt, IoC Stream) — YARA Hunting - Rules
  description: 'VirusTotal API v3 - YARA Hunting (Livehunt, Retrohunt, IoC Stream) — YARA Hunting - Rules. 4 operations. Lead operation: List Crowdsourced YARA Rules. Self-contained Naftiko capability covering
    one VirusTotal business surface.'
  tags:
  - VirusTotal
  - YARA Hunting
  - Rules
  created: '2026-05-29'
  modified: '2026-05-29'
binds:
- namespace: env
  keys:
    VIRUSTOTAL_API_KEY: VIRUSTOTAL_API_KEY
capability:
  consumes:
  - type: http
    namespace: yara-hunting-yara-hunting-rules
    baseUri: https://www.virustotal.com/api/v3
    description: VirusTotal API v3 - YARA Hunting (Livehunt, Retrohunt, IoC Stream) — YARA Hunting - Rules. Self-contained, no shared references.
    authentication:
      type: apikey
      key: x-apikey
      value: '{{env.VIRUSTOTAL_API_KEY}}'
      placement: header
    resources:
    - name: yara-rules
      path: /yara_rules
      operations:
      - name: listCrowdsourcedYaraRules
        method: GET
        description: VirusTotal List Crowdsourced YARA Rules
        inputParameters:
        - name: limit
          in: query
          type: integer
          required: false
          description: Maximum number of rules to retrieve
        - name: filter
          in: query
          type: string
          required: false
          description: Return the rules matching the given criteria only
        - name: order
          in: query
          type: string
          required: false
          description: Sort order
        - name: cursor
          in: query
          type: string
          required: false
          description: Continuation cursor
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: yara-rules-id
      path: /yara_rules/{id}
      operations:
      - name: getACrowdsourcedYaraRule
        method: GET
        description: VirusTotal Get a Crowdsourced YARA Rule
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
          description: Rule identifier
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: yara-rules-id-relationships-relationship
      path: /yara_rules/{id}/relationships/{relationship}
      operations:
      - name: crowdsourcedYaraRuleRelationshipDescriptorsEndpoint
        method: GET
        description: VirusTotal Get Objects Descriptors Related to a Crowdsourced YARA Rule
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
          description: Rule identifier
        - name: relationship
          in: path
          type: string
          required: true
          description: Relationship name (see [table](ref:yara-rule-object#relationships))
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: yara-rules-id-relationship
      path: /yara_rules/{id}/{relationship}
      operations:
      - name: crowdsourcedYaraRuleRelationshipEndpoint
        method: GET
        description: VirusTotal Get Objects Related to a Crowdsourced YARA Rule
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
          description: Rule identifier
        - name: relationship
          in: path
          type: string
          required: true
          description: Relationship name (see [table](ref:yara-rule-object#relationships))
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
  exposes:
  - type: rest
    namespace: yara-hunting-yara-hunting-rules-rest
    port: 8080
    description: REST adapter for VirusTotal API v3 - YARA Hunting (Livehunt, Retrohunt, IoC Stream) — YARA Hunting - Rules. One Spectral-compliant resource per consumed operation, prefixed with /v1.
    resources:
    - path: /v1/yara_rules
      name: yara-rules
      description: REST surface for /yara_rules.
      operations:
      - method: GET
        name: listCrowdsourcedYaraRules
        description: VirusTotal List Crowdsourced YARA Rules
        call: yara-hunting-yara-hunting-rules.listCrowdsourcedYaraRules
        outputParameters:
        - type: object
          mapping: $.
        with:
          limit: rest.limit
          filter: rest.filter
          order: rest.order
          cursor: rest.cursor
    - path: /v1/yara_rules/{id}
      name: yara-rules-id
      description: REST surface for /yara_rules/{id}.
      operations:
      - method: GET
        name: getACrowdsourcedYaraRule
        description: VirusTotal Get a Crowdsourced YARA Rule
        call: yara-hunting-yara-hunting-rules.getACrowdsourcedYaraRule
        outputParameters:
        - type: object
          mapping: $.
        with:
          id: rest.id
    - path: /v1/yara_rules/{id}/relationships/{relationship}
      name: yara-rules-id-relationships-relationship
      description: REST surface for /yara_rules/{id}/relationships/{relationship}.
      operations:
      - method: GET
        name: crowdsourcedYaraRuleRelationshipDescriptorsEndpoint
        description: VirusTotal Get Objects Descriptors Related to a Crowdsourced YARA Rule
        call: yara-hunting-yara-hunting-rules.crowdsourcedYaraRuleRelationshipDescriptorsEndpoint
        outputParameters:
        - type: object
          mapping: $.
        with:
          id: rest.id
          relationship: rest.relationship
    - path: /v1/yara_rules/{id}/{relationship}
      name: yara-rules-id-relationship
      description: REST surface for /yara_rules/{id}/{relationship}.
      operations:
      - method: GET
        name: crowdsourcedYaraRuleRelationshipEndpoint
        description: VirusTotal Get Objects Related to a Crowdsourced YARA Rule
        call: yara-hunting-yara-hunting-rules.crowdsourcedYaraRuleRelationshipEndpoint
        outputParameters:
        - type: object
          mapping: $.
        with:
          id: rest.id
          relationship: rest.relationship
  - type: mcp
    namespace: yara-hunting-yara-hunting-rules-mcp
    port: 9090
    transport: http
    description: MCP adapter for VirusTotal API v3 - YARA Hunting (Livehunt, Retrohunt, IoC Stream) — YARA Hunting - Rules. One tool per consumed operation, routed inline through this capability's consumes
      block.
    tools:
    - name: list-crowdsourced-yara-rules
      description: VirusTotal List Crowdsourced YARA Rules
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: yara-hunting-yara-hunting-rules.listCrowdsourcedYaraRules
      outputParameters:
      - type: object
        mapping: $.
      with:
        limit: tools.limit
        filter: tools.filter
        order: tools.order
        cursor: tools.cursor
    - name: get-crowdsourced-yara-rule
      description: VirusTotal Get a Crowdsourced YARA Rule
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: yara-hunting-yara-hunting-rules.getACrowdsourcedYaraRule
      outputParameters:
      - type: object
        mapping: $.
      with:
        id: tools.id
    - name: get-objects-descriptors-related-crowdsourced
      description: VirusTotal Get Objects Descriptors Related to a Crowdsourced YARA Rule
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: yara-hunting-yara-hunting-rules.crowdsourcedYaraRuleRelationshipDescriptorsEndpoint
      outputParameters:
      - type: object
        mapping: $.
      with:
        id: tools.id
        relationship: tools.relationship
    - name: get-objects-related-crowdsourced-yara
      description: VirusTotal Get Objects Related to a Crowdsourced YARA Rule
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: yara-hunting-yara-hunting-rules.crowdsourcedYaraRuleRelationshipEndpoint
      outputParameters:
      - type: object
        mapping: $.
      with:
        id: tools.id
        relationship: tools.relationship