WatchGuard · Capability

WatchGuard Endpoint Security Management API — Device Actions

WatchGuard Endpoint Security Management API — Device Actions. 5 operations. Lead operation: Perform Device Action. Self-contained Naftiko capability covering one Watchguard business surface.

Run with Naftiko WatchguardDevice Actions

What You Can Do

POST
Performdeviceaction — Perform Device Action
/v1/accounts/{accountid}/devices/action
POST
Isolatedevices — Isolate Devices
/v1/accounts/{accountid}/devices/isolation
POST
Removedeviceisolation — Remove Device Isolation
/v1/accounts/{accountid}/devices/noisolation
POST
Uninstalldeviceprotection — Uninstall Device Protection
/v1/accounts/{accountid}/devices/uninstall
POST
Startimmediatescan — Start Immediate Scan
/v1/accounts/{accountid}/immediatescan

MCP Tools

perform-device-action

Perform Device Action

isolate-devices

Isolate Devices

remove-device-isolation

Remove Device Isolation

uninstall-device-protection

Uninstall Device Protection

start-immediate-scan

Start Immediate Scan

Capability Spec

endpoint-security-device-actions.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: WatchGuard Endpoint Security Management API — Device Actions
  description: 'WatchGuard Endpoint Security Management API — Device Actions. 5 operations. Lead operation: Perform Device
    Action. Self-contained Naftiko capability covering one Watchguard business surface.'
  tags:
  - Watchguard
  - Device Actions
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    WATCHGUARD_API_KEY: WATCHGUARD_API_KEY
capability:
  consumes:
  - type: http
    namespace: endpoint-security-device-actions
    baseUri: https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1
    description: WatchGuard Endpoint Security Management API — Device Actions business capability. Self-contained, no shared
      references.
    resources:
    - name: accounts-accountId-devices-action
      path: /accounts/{accountId}/devices/action
      operations:
      - name: performdeviceaction
        method: POST
        description: Perform Device Action
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: accounts-accountId-devices-isolation
      path: /accounts/{accountId}/devices/isolation
      operations:
      - name: isolatedevices
        method: POST
        description: Isolate Devices
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: accounts-accountId-devices-noisolation
      path: /accounts/{accountId}/devices/noisolation
      operations:
      - name: removedeviceisolation
        method: POST
        description: Remove Device Isolation
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: accounts-accountId-devices-uninstall
      path: /accounts/{accountId}/devices/uninstall
      operations:
      - name: uninstalldeviceprotection
        method: POST
        description: Uninstall Device Protection
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: accounts-accountId-immediatescan
      path: /accounts/{accountId}/immediatescan
      operations:
      - name: startimmediatescan
        method: POST
        description: Start Immediate Scan
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    authentication:
      type: bearer
      token: '{{env.WATCHGUARD_API_KEY}}'
  exposes:
  - type: rest
    namespace: endpoint-security-device-actions-rest
    port: 8080
    description: REST adapter for WatchGuard Endpoint Security Management API — Device Actions. One Spectral-compliant resource
      per consumed operation, prefixed with /v1.
    resources:
    - path: /v1/accounts/{accountid}/devices/action
      name: accounts-accountid-devices-action
      description: REST surface for accounts-accountId-devices-action.
      operations:
      - method: POST
        name: performdeviceaction
        description: Perform Device Action
        call: endpoint-security-device-actions.performdeviceaction
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/accounts/{accountid}/devices/isolation
      name: accounts-accountid-devices-isolation
      description: REST surface for accounts-accountId-devices-isolation.
      operations:
      - method: POST
        name: isolatedevices
        description: Isolate Devices
        call: endpoint-security-device-actions.isolatedevices
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/accounts/{accountid}/devices/noisolation
      name: accounts-accountid-devices-noisolation
      description: REST surface for accounts-accountId-devices-noisolation.
      operations:
      - method: POST
        name: removedeviceisolation
        description: Remove Device Isolation
        call: endpoint-security-device-actions.removedeviceisolation
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/accounts/{accountid}/devices/uninstall
      name: accounts-accountid-devices-uninstall
      description: REST surface for accounts-accountId-devices-uninstall.
      operations:
      - method: POST
        name: uninstalldeviceprotection
        description: Uninstall Device Protection
        call: endpoint-security-device-actions.uninstalldeviceprotection
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/accounts/{accountid}/immediatescan
      name: accounts-accountid-immediatescan
      description: REST surface for accounts-accountId-immediatescan.
      operations:
      - method: POST
        name: startimmediatescan
        description: Start Immediate Scan
        call: endpoint-security-device-actions.startimmediatescan
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: endpoint-security-device-actions-mcp
    port: 9090
    transport: http
    description: MCP adapter for WatchGuard Endpoint Security Management API — Device Actions. One tool per consumed operation,
      routed inline through this capability's consumes block.
    tools:
    - name: perform-device-action
      description: Perform Device Action
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: endpoint-security-device-actions.performdeviceaction
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: isolate-devices
      description: Isolate Devices
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: endpoint-security-device-actions.isolatedevices
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: remove-device-isolation
      description: Remove Device Isolation
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: endpoint-security-device-actions.removedeviceisolation
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: uninstall-device-protection
      description: Uninstall Device Protection
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: endpoint-security-device-actions.uninstalldeviceprotection
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: start-immediate-scan
      description: Start Immediate Scan
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: endpoint-security-device-actions.startimmediatescan
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.