BAE Systems Capabilities
Naftiko 0.5 capability definitions for BAE Systems - 100 capabilities showing integration workflows and service orchestrations.
Sort
Expand
Access Review Certification Pipeline
▼
security okta servicenow slack
Collects access entitlements, routes for review, revokes expired access, and creates audit records.
naftiko: "0.5"
info:
label: "Access Review Certification Pipeline"
description: "Collects access entitlements, routes for review, revokes expired access, and creates audit records."
tags:
- security
- okta
- servicenow
- slack
capability:
exposes:
- type: mcp
namespace: security
port: 8080
tools:
- name: access_review_certification_pipeline
description: "Orchestrate access review certification pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-okta
type: call
call: "okta.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-servicenow
type: call
call: "servicenow.process-resource"
with:
data: "{{get-okta.result}}"
- name: create-slack
type: call
call: "slack.create-resource"
with:
channel: "{{notification_channel}}"
text: "Access Review Certification Pipeline step 3 complete."
consumes:
- type: http
namespace: okta
baseUri: "https://bae-systems.okta.com/api/v1"
authentication:
type: apiKey
key: "$secrets.okta_api_token"
header: "Authorization"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: okta-op
method: POST
- type: http
namespace: servicenow
baseUri: "https://bae-systems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: servicenow-op
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: slack-op
method: POST
Ansible Playbook Execution Status
▼
automation configuration-management ansible-automation-platform
Checks the execution status of an Ansible Automation Platform job template run. Returns job status, host summary, and elapsed time.
naftiko: "0.5"
info:
label: "Ansible Playbook Execution Status"
description: "Checks the execution status of an Ansible Automation Platform job template run. Returns job status, host summary, and elapsed time."
tags:
- automation
- configuration-management
- ansible-automation-platform
capability:
exposes:
- type: mcp
namespace: ansible-jobs
port: 8080
tools:
- name: get-job-status
description: "Get the status of an Ansible Automation Platform job by ID. Returns status, elapsed time, and host counts."
inputParameters:
- name: job_id
in: body
type: string
description: "The Ansible Automation Platform job ID."
call: "ansible.get-job"
with:
job_id: "{{job_id}}"
outputParameters:
- name: status
type: string
mapping: "$.status"
- name: elapsed
type: number
mapping: "$.elapsed"
- name: host_status_counts
type: object
mapping: "$.host_status_counts"
consumes:
- type: http
namespace: ansible
baseUri: "https://ansible-tower.baesystems.com/api/v2"
authentication:
type: bearer
token: "$secrets.ansible_tower_token"
resources:
- name: jobs
path: "/jobs/{{job_id}}"
inputParameters:
- name: job_id
in: path
operations:
- name: get-job
method: GET
API Deprecation Notice Pipeline
▼
engineering datadog jira slack
Identifies deprecated API consumers, sends migration notices, tracks adoption, and reports progress.
naftiko: "0.5"
info:
label: "API Deprecation Notice Pipeline"
description: "Identifies deprecated API consumers, sends migration notices, tracks adoption, and reports progress."
tags:
- engineering
- datadog
- jira
- slack
capability:
exposes:
- type: mcp
namespace: engineering
port: 8080
tools:
- name: api_deprecation_notice_pipeline
description: "Orchestrate api deprecation notice pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-datadog
type: call
call: "datadog.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-jira
type: call
call: "jira.process-resource"
with:
data: "{{get-datadog.result}}"
- name: create-slack
type: call
call: "slack.create-resource"
with:
channel: "{{notification_channel}}"
text: "API Deprecation Notice Pipeline step 3 complete."
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apiKey
key: "$secrets.datadog_api_key"
header: "DD-API-KEY"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: datadog-op
method: POST
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: jira-op
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: slack-op
method: POST
Automated ITAR Compliance Check Pipeline
▼
compliance itar sharepoint microsoft-defender servicenow microsoft-teams
When a new document is uploaded to SharePoint, scans content with Microsoft Defender for classification, checks ITAR export control markings, logs compliance status in ServiceNow, and alerts the export compliance officer in Teams.
naftiko: "0.5"
info:
label: "Automated ITAR Compliance Check Pipeline"
description: "When a new document is uploaded to SharePoint, scans content with Microsoft Defender for classification, checks ITAR export control markings, logs compliance status in ServiceNow, and alerts the export compliance officer in Teams."
tags:
- compliance
- itar
- sharepoint
- microsoft-defender
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: itar-compliance
port: 8080
tools:
- name: check-itar-compliance
description: "Given a SharePoint document URL, scan for classification markings, verify ITAR compliance, log results, and notify the compliance officer."
inputParameters:
- name: site_id
in: body
type: string
description: "The SharePoint site ID."
- name: document_path
in: body
type: string
description: "The document path within the SharePoint site."
steps:
- name: get-document-metadata
type: call
call: "sharepoint.get-item"
with:
site_id: "{{site_id}}"
item_path: "{{document_path}}"
- name: scan-classification
type: call
call: "defender.scan-content"
with:
content_url: "{{get-document-metadata.download_url}}"
- name: log-compliance-check
type: call
call: "servicenow.create-record"
with:
table: "u_itar_compliance_log"
fields:
document_name: "{{get-document-metadata.name}}"
classification: "{{scan-classification.classification_label}}"
itar_markings_found: "{{scan-classification.itar_detected}}"
- name: notify-compliance-officer
type: call
call: "msteams.send-channel-message"
with:
channel_id: "export-compliance"
text: "ITAR Check: {{get-document-metadata.name}}. Classification: {{scan-classification.classification_label}}. ITAR: {{scan-classification.itar_detected}}. Log: {{log-compliance-check.sys_id}}."
consumes:
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: items
path: "/{{site_id}}/drive/root:/{{item_path}}"
inputParameters:
- name: site_id
in: path
- name: item_path
in: path
operations:
- name: get-item
method: GET
- type: http
namespace: defender
baseUri: "https://api.securitycenter.microsoft.com/api"
authentication:
type: bearer
token: "$secrets.defender_token"
resources:
- name: content-scan
path: "/files/scan"
operations:
- name: scan-content
method: POST
- type: http
namespace: servicenow
baseUri: "https://baesystems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: records
path: "/table/{{table}}"
inputParameters:
- name: table
in: path
operations:
- name: create-record
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Automated Penetration Test Report Pipeline
▼
cybersecurity penetration-testing burp-suite nessus jira microsoft-teams
Pulls penetration test findings from Burp Suite, correlates with Nessus vulnerability data, creates Jira remediation stories for each critical finding, and posts a summary to the security engineering Teams channel.
naftiko: "0.5"
info:
label: "Automated Penetration Test Report Pipeline"
description: "Pulls penetration test findings from Burp Suite, correlates with Nessus vulnerability data, creates Jira remediation stories for each critical finding, and posts a summary to the security engineering Teams channel."
tags:
- cybersecurity
- penetration-testing
- burp-suite
- nessus
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: pentest-reporting
port: 8080
tools:
- name: process-pentest-findings
description: "Given a Burp Suite scan ID and Nessus scan ID, correlate findings, create Jira stories for critical items, and notify security engineering."
inputParameters:
- name: burp_scan_id
in: body
type: string
description: "The Burp Suite Enterprise scan identifier."
- name: nessus_scan_id
in: body
type: string
description: "The Nessus scan identifier for the same target."
steps:
- name: get-burp-findings
type: call
call: "burpsuite.get-scan-results"
with:
scan_id: "{{burp_scan_id}}"
- name: get-nessus-findings
type: call
call: "nessus.get-scan-results"
with:
scan_id: "{{nessus_scan_id}}"
- name: create-remediation-story
type: call
call: "jira.create-issue"
with:
project: "SECENG"
issuetype: "Story"
summary: "Pentest finding: {{get-burp-findings.top_issue_name}}"
description: "Burp severity: {{get-burp-findings.top_issue_severity}}. Nessus correlated: {{get-nessus-findings.correlated_count}} findings."
- name: notify-seceng
type: call
call: "msteams.send-channel-message"
with:
channel_id: "security-engineering"
text: "Pentest complete: {{get-burp-findings.total_issues}} Burp findings, {{get-nessus-findings.finding_count}} Nessus findings. Jira: {{create-remediation-story.key}}."
consumes:
- type: http
namespace: burpsuite
baseUri: "https://burp-enterprise.baesystems.com/api"
authentication:
type: apikey
header: "Authorization"
value: "$secrets.burpsuite_api_key"
resources:
- name: scans
path: "/scans/{{scan_id}}/results"
inputParameters:
- name: scan_id
in: path
operations:
- name: get-scan-results
method: GET
- type: http
namespace: nessus
baseUri: "https://nessus.baesystems.com/scans"
authentication:
type: apikey
header: "X-ApiKeys"
value: "$secrets.nessus_api_keys"
resources:
- name: scan-results
path: "/{{scan_id}}"
inputParameters:
- name: scan_id
in: path
operations:
- name: get-scan-results
method: GET
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Azure Data Factory to Databricks Analytics Pipeline
▼
data-engineering analytics azure-data-factory databricks microsoft-teams
Triggers an Azure Data Factory pipeline for defense data lake ingestion, monitors completion, launches a Databricks analytics job on the ingested data, and notifies the data team in Teams.
naftiko: "0.5"
info:
label: "Azure Data Factory to Databricks Analytics Pipeline"
description: "Triggers an Azure Data Factory pipeline for defense data lake ingestion, monitors completion, launches a Databricks analytics job on the ingested data, and notifies the data team in Teams."
tags:
- data-engineering
- analytics
- azure-data-factory
- databricks
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: adf-databricks-pipeline
port: 8080
tools:
- name: run-ingestion-analytics
description: "Given an ADF pipeline name and Databricks job ID, trigger ingestion, run analytics, and notify the data team."
inputParameters:
- name: factory_name
in: body
type: string
description: "The Azure Data Factory name."
- name: pipeline_name
in: body
type: string
description: "The ADF pipeline name."
- name: databricks_job_id
in: body
type: string
description: "The Databricks job ID for downstream analytics."
steps:
- name: trigger-adf
type: call
call: "adf.trigger-pipeline"
with:
factory_name: "{{factory_name}}"
pipeline_name: "{{pipeline_name}}"
- name: run-analytics
type: call
call: "databricks.run-job"
with:
job_id: "{{databricks_job_id}}"
parameters:
adf_run_id: "{{trigger-adf.run_id}}"
- name: notify-team
type: call
call: "msteams.send-channel-message"
with:
channel_id: "data-engineering"
text: "Ingestion pipeline {{pipeline_name}} triggered (run: {{trigger-adf.run_id}}). Databricks analytics job: {{run-analytics.run_id}}."
consumes:
- type: http
namespace: adf
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_mgmt_token"
resources:
- name: pipelines
path: "/subscriptions/default/resourceGroups/data-rg/providers/Microsoft.DataFactory/factories/{{factory_name}}/pipelines/{{pipeline_name}}/createRun"
inputParameters:
- name: factory_name
in: path
- name: pipeline_name
in: path
operations:
- name: trigger-pipeline
method: POST
- type: http
namespace: databricks
baseUri: "https://baesystems.cloud.databricks.com/api/2.1"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: jobs
path: "/jobs/run-now"
operations:
- name: run-job
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Azure DevOps Build Status
▼
engineering ci-cd azure-devops
Checks the latest Azure DevOps pipeline build status for a defense software project. Returns build result, duration, and triggering commit.
naftiko: "0.5"
info:
label: "Azure DevOps Build Status"
description: "Checks the latest Azure DevOps pipeline build status for a defense software project. Returns build result, duration, and triggering commit."
tags:
- engineering
- ci-cd
- azure-devops
capability:
exposes:
- type: mcp
namespace: devops-builds
port: 8080
tools:
- name: get-latest-build
description: "Get the latest Azure DevOps build for a given pipeline definition. Returns build status, result, and source commit."
inputParameters:
- name: project_name
in: body
type: string
description: "The Azure DevOps project name."
- name: definition_id
in: body
type: string
description: "The pipeline definition ID."
call: "azuredevops.get-builds"
with:
project: "{{project_name}}"
definitions: "{{definition_id}}"
top: "1"
outputParameters:
- name: build_number
type: string
mapping: "$.value[0].buildNumber"
- name: result
type: string
mapping: "$.value[0].result"
- name: source_version
type: string
mapping: "$.value[0].sourceVersion"
consumes:
- type: http
namespace: azuredevops
baseUri: "https://dev.azure.com/baesystems"
authentication:
type: basic
username: ""
password: "$secrets.azure_devops_pat"
resources:
- name: builds
path: "/{{project}}/_apis/build/builds"
inputParameters:
- name: project
in: path
operations:
- name: get-builds
method: GET
Azure Monitor Alert Resolution Pipeline
▼
monitoring incident-response azure-monitor datadog servicenow jira microsoft-teams
When Azure Monitor fires a critical alert, correlates with Datadog metrics, creates a ServiceNow incident, assigns to SRE via Jira, and notifies the operations channel in Teams.
naftiko: "0.5"
info:
label: "Azure Monitor Alert Resolution Pipeline"
description: "When Azure Monitor fires a critical alert, correlates with Datadog metrics, creates a ServiceNow incident, assigns to SRE via Jira, and notifies the operations channel in Teams."
tags:
- monitoring
- incident-response
- azure-monitor
- datadog
- servicenow
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: alert-resolution
port: 8080
tools:
- name: resolve-azure-alert
description: "Given an Azure Monitor alert ID, correlate with Datadog, create ServiceNow incident, assign via Jira, and notify ops."
inputParameters:
- name: alert_id
in: body
type: string
description: "The Azure Monitor alert rule ID."
- name: resource_id
in: body
type: string
description: "The affected Azure resource ID."
steps:
- name: get-alert-details
type: call
call: "azuremonitor.get-alert"
with:
alert_id: "{{alert_id}}"
- name: get-correlated-metrics
type: call
call: "datadog.query-metrics"
with:
query: "avg:system.cpu.user{resource_id:{{resource_id}}}"
- name: create-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "Azure Alert: {{get-alert-details.alert_name}}"
category: "infrastructure"
priority: "{{get-alert-details.severity}}"
- name: assign-oncall
type: call
call: "jira.create-issue"
with:
project: "OPS"
issuetype: "Task"
summary: "On-call: {{get-alert-details.alert_name}}"
description: "ServiceNow: {{create-incident.number}}. Resource: {{resource_id}}."
- name: notify-ops
type: call
call: "msteams.send-channel-message"
with:
channel_id: "infrastructure-ops"
text: "ALERT: {{get-alert-details.alert_name}}. Severity: {{get-alert-details.severity}}. ServiceNow: {{create-incident.number}}. Jira: {{assign-oncall.key}}."
consumes:
- type: http
namespace: azuremonitor
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_mgmt_token"
resources:
- name: alerts
path: "/{{alert_id}}"
inputParameters:
- name: alert_id
in: path
operations:
- name: get-alert
method: GET
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
header: "DD-API-KEY"
value: "$secrets.datadog_api_key"
resources:
- name: metrics
path: "/query"
operations:
- name: query-metrics
method: GET
- type: http
namespace: servicenow
baseUri: "https://baesystems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
BAE Systems Alert Status Check
▼
defense powerbi
Retrieves current monitoring alert status. Used by BAE Systems teams.
naftiko: "0.5"
info:
label: "BAE Systems Alert Status Check"
description: "Retrieves current monitoring alert status. Used by BAE Systems teams."
tags:
- defense
- powerbi
capability:
exposes:
- type: mcp
namespace: powerbi
port: 8080
tools:
- name: get-alert_status_check
description: "Retrieves current monitoring alert status. Used by BAE Systems teams."
inputParameters:
- name: alert_id
in: body
type: string
description: "The alert_id to look up."
call: "powerbi.get-alert_id"
with:
alert_id: "{{alert_id}}"
consumes:
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: bae_alert_status_check
method: GET
BAE Systems API Endpoint Status
▼
defense elasticsearch
Checks availability of an API endpoint. Used by BAE Systems teams.
naftiko: "0.5"
info:
label: "BAE Systems API Endpoint Status"
description: "Checks availability of an API endpoint. Used by BAE Systems teams."
tags:
- defense
- elasticsearch
capability:
exposes:
- type: mcp
namespace: elasticsearc
port: 8080
tools:
- name: get-api_endpoint_status
description: "Checks availability of an API endpoint. Used by BAE Systems teams."
inputParameters:
- name: endpoint_url
in: body
type: string
description: "The endpoint_url to look up."
call: "elasticsearch.get-endpoint_url"
with:
endpoint_url: "{{endpoint_url}}"
consumes:
- type: http
namespace: elasticsearch
baseUri: "https://bae-systems-es.com:9200"
authentication:
type: bearer
token: "$secrets.elasticsearch_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: bae_api_endpoint_status
method: GET
Classified Document Access Pipeline
▼
security servicenow okta slack
Processes access requests, validates need-to-know, grants permissions, and creates audit records.
naftiko: "0.5"
info:
label: "Classified Document Access Pipeline"
description: "Processes access requests, validates need-to-know, grants permissions, and creates audit records."
tags:
- security
- servicenow
- okta
- slack
capability:
exposes:
- type: mcp
namespace: security
port: 8080
tools:
- name: bae_classified_document_access_pipeline
description: "Orchestrate classified document access pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-servicenow
type: call
call: "servicenow.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-okta
type: call
call: "okta.process-resource"
with:
data: "{{get-servicenow.result}}"
- name: create-slack
type: call
call: "slack.create-resource"
with:
channel: "{{notification_channel}}"
text: "Classified Document Access Pipeline step 3 complete."
consumes:
- type: http
namespace: servicenow
baseUri: "https://bae-systems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: servicenow-op
method: POST
- type: http
namespace: okta
baseUri: "https://bae-systems.okta.com/api/v1"
authentication:
type: apiKey
key: "$secrets.okta_api_token"
header: "Authorization"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: okta-op
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: slack-op
method: POST
BAE Systems Compliance Check Status
▼
defense pagerduty
Retrieves compliance check status. Used by BAE Systems teams.
naftiko: "0.5"
info:
label: "BAE Systems Compliance Check Status"
description: "Retrieves compliance check status. Used by BAE Systems teams."
tags:
- defense
- pagerduty
capability:
exposes:
- type: mcp
namespace: pagerduty
port: 8080
tools:
- name: get-compliance_check_status
description: "Retrieves compliance check status. Used by BAE Systems teams."
inputParameters:
- name: check_id
in: body
type: string
description: "The check_id to look up."
call: "pagerduty.get-check_id"
with:
check_id: "{{check_id}}"
consumes:
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: bae_compliance_check_status
method: GET
BAE Systems Log Search Query
▼
defense confluence
Searches application logs for matching patterns. Used by BAE Systems teams.
naftiko: "0.5"
info:
label: "BAE Systems Log Search Query"
description: "Searches application logs for matching patterns. Used by BAE Systems teams."
tags:
- defense
- confluence
capability:
exposes:
- type: mcp
namespace: confluence
port: 8080
tools:
- name: get-log_search_query
description: "Searches application logs for matching patterns. Used by BAE Systems teams."
inputParameters:
- name: search_query
in: body
type: string
description: "The search_query to look up."
call: "confluence.get-search_query"
with:
search_query: "{{search_query}}"
consumes:
- type: http
namespace: confluence
baseUri: "https://bae-systems.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: bae_confluence_log_search_quer
method: GET
BAE Systems Cost Report Query
▼
defense workday
Queries cost and spending data. Used by BAE Systems teams.
naftiko: "0.5"
info:
label: "BAE Systems Cost Report Query"
description: "Queries cost and spending data. Used by BAE Systems teams."
tags:
- defense
- workday
capability:
exposes:
- type: mcp
namespace: workday
port: 8080
tools:
- name: get-cost_report_query
description: "Queries cost and spending data. Used by BAE Systems teams."
inputParameters:
- name: cost_center
in: body
type: string
description: "The cost_center to look up."
call: "workday.get-cost_center"
with:
cost_center: "{{cost_center}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-impl-services1.workday.com/ccx/api/v1/bae-systems"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: bae_cost_report_query
method: GET
Cybersecurity Threat Hunt Pipeline
▼
cybersecurity splunk servicenow slack
Executes threat hunting queries, analyzes indicators, creates investigation cases, and alerts SOC.
naftiko: "0.5"
info:
label: "Cybersecurity Threat Hunt Pipeline"
description: "Executes threat hunting queries, analyzes indicators, creates investigation cases, and alerts SOC."
tags:
- cybersecurity
- splunk
- servicenow
- slack
capability:
exposes:
- type: mcp
namespace: cybersecurity
port: 8080
tools:
- name: bae_cybersecurity_threat_hunt_pipeline
description: "Orchestrate cybersecurity threat hunt pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-splunk
type: call
call: "splunk.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-servicenow
type: call
call: "servicenow.process-resource"
with:
data: "{{get-splunk.result}}"
- name: create-slack
type: call
call: "slack.create-resource"
with:
channel: "{{notification_channel}}"
text: "Cybersecurity Threat Hunt Pipeline step 3 complete."
consumes:
- type: http
namespace: splunk
baseUri: "https://bae-systems-splunk.com/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: splunk-op
method: POST
- type: http
namespace: servicenow
baseUri: "https://bae-systems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: servicenow-op
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: slack-op
method: POST
BAE Systems Database Query Runner
▼
defense kubernetes
Executes a read-only analytics query. Used by BAE Systems teams.
naftiko: "0.5"
info:
label: "BAE Systems Database Query Runner"
description: "Executes a read-only analytics query. Used by BAE Systems teams."
tags:
- defense
- kubernetes
capability:
exposes:
- type: mcp
namespace: kubernetes
port: 8080
tools:
- name: get-database_query_runner
description: "Executes a read-only analytics query. Used by BAE Systems teams."
inputParameters:
- name: sql_query
in: body
type: string
description: "The sql_query to look up."
call: "kubernetes.get-sql_query"
with:
sql_query: "{{sql_query}}"
consumes:
- type: http
namespace: k8s
baseUri: "https://bae-systems-k8s.com/api/v1"
authentication:
type: bearer
token: "$secrets.k8s_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: bae_database_query_runner
method: GET
Defense Contract Milestone Pipeline
▼
programs jira confluence powerbi
Tracks contract deliverables, validates completions, generates progress reports, and notifies program managers.
naftiko: "0.5"
info:
label: "Defense Contract Milestone Pipeline"
description: "Tracks contract deliverables, validates completions, generates progress reports, and notifies program managers."
tags:
- programs
- jira
- confluence
- powerbi
capability:
exposes:
- type: mcp
namespace: programs
port: 8080
tools:
- name: bae_defense_contract_milestone_pipeline
description: "Orchestrate defense contract milestone pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-jira
type: call
call: "jira.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-confluence
type: call
call: "confluence.process-resource"
with:
data: "{{get-jira.result}}"
- name: create-powerbi
type: call
call: "powerbi.create-resource"
with:
channel: "{{notification_channel}}"
text: "Defense Contract Milestone Pipeline step 3 complete."
consumes:
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: jira-op
method: POST
- type: http
namespace: confluence
baseUri: "https://bae-systems.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: confluence-op
method: POST
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: powerbi-op
method: POST
BAE Systems Deployment Status Check
▼
defense salesforce
Checks status of a recent deployment. Used by BAE Systems teams.
naftiko: "0.5"
info:
label: "BAE Systems Deployment Status Check"
description: "Checks status of a recent deployment. Used by BAE Systems teams."
tags:
- defense
- salesforce
capability:
exposes:
- type: mcp
namespace: salesforce
port: 8080
tools:
- name: get-deployment_status_check
description: "Checks status of a recent deployment. Used by BAE Systems teams."
inputParameters:
- name: deployment_id
in: body
type: string
description: "The deployment_id to look up."
call: "salesforce.get-deployment_id"
with:
deployment_id: "{{deployment_id}}"
consumes:
- type: http
namespace: salesforce
baseUri: "https://bae-systems.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: bae_deployment_status_check
method: GET
BAE Systems Document Retrieval
▼
defense github
Retrieves a document from knowledge management. Used by BAE Systems teams.
naftiko: "0.5"
info:
label: "BAE Systems Document Retrieval"
description: "Retrieves a document from knowledge management. Used by BAE Systems teams."
tags:
- defense
- github
capability:
exposes:
- type: mcp
namespace: github
port: 8080
tools:
- name: get-document_retrieval
description: "Retrieves a document from knowledge management. Used by BAE Systems teams."
inputParameters:
- name: document_id
in: body
type: string
description: "The document_id to look up."
call: "github.get-document_id"
with:
document_id: "{{document_id}}"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: bae_document_retrieval
method: GET
Employee Onboarding Automation Pipeline
▼
hr workday servicenow slack
Provisions new employee accounts, assigns training, creates IT tickets, and notifies managers.
naftiko: "0.5"
info:
label: "Employee Onboarding Automation Pipeline"
description: "Provisions new employee accounts, assigns training, creates IT tickets, and notifies managers."
tags:
- hr
- workday
- servicenow
- slack
capability:
exposes:
- type: mcp
namespace: hr
port: 8080
tools:
- name: bae_employee_onboarding_automation
description: "Orchestrate employee onboarding automation pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-workday
type: call
call: "workday.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-servicenow
type: call
call: "servicenow.process-resource"
with:
data: "{{get-workday.result}}"
- name: create-slack
type: call
call: "slack.create-resource"
with:
channel: "{{notification_channel}}"
text: "Employee Onboarding Automation Pipeline step 3 complete."
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-impl-services1.workday.com/ccx/api/v1/bae-systems"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: workday-op
method: POST
- type: http
namespace: servicenow
baseUri: "https://bae-systems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: servicenow-op
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: slack-op
method: POST
BAE Systems Service Health Check
▼
defense jira
Checks the health status of a monitored service. Used by BAE Systems teams.
naftiko: "0.5"
info:
label: "BAE Systems Service Health Check"
description: "Checks the health status of a monitored service. Used by BAE Systems teams."
tags:
- defense
- jira
capability:
exposes:
- type: mcp
namespace: jira
port: 8080
tools:
- name: get-service_health_check
description: "Checks the health status of a monitored service. Used by BAE Systems teams."
inputParameters:
- name: health_target
in: body
type: string
description: "The health_target to look up."
call: "jira.get-health_target"
with:
health_target: "{{health_target}}"
consumes:
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: bae_jira_service_health_check
method: GET
BAE Systems Log Search Query
▼
defense confluence
Searches application logs for matching patterns. Used by BAE Systems teams.
naftiko: "0.5"
info:
label: "BAE Systems Log Search Query"
description: "Searches application logs for matching patterns. Used by BAE Systems teams."
tags:
- defense
- confluence
capability:
exposes:
- type: mcp
namespace: confluence
port: 8080
tools:
- name: get-log_search_query
description: "Searches application logs for matching patterns. Used by BAE Systems teams."
inputParameters:
- name: search_query
in: body
type: string
description: "The search_query to look up."
call: "confluence.get-search_query"
with:
search_query: "{{search_query}}"
consumes:
- type: http
namespace: confluence
baseUri: "https://bae-systems.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: bae_log_search_query
method: GET
BAE Systems Metric Dashboard Query
▼
defense servicenow
Queries metric values from a monitoring dashboard. Used by BAE Systems teams.
naftiko: "0.5"
info:
label: "BAE Systems Metric Dashboard Query"
description: "Queries metric values from a monitoring dashboard. Used by BAE Systems teams."
tags:
- defense
- servicenow
capability:
exposes:
- type: mcp
namespace: servicenow
port: 8080
tools:
- name: get-metric_dashboard_query
description: "Queries metric values from a monitoring dashboard. Used by BAE Systems teams."
inputParameters:
- name: metric_name
in: body
type: string
description: "The metric_name to look up."
call: "servicenow.get-metric_name"
with:
metric_name: "{{metric_name}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://bae-systems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: bae_metric_dashboard_query
method: GET
BAE Systems Project Status Check
▼
defense grafana
Checks the current status of a project. Used by BAE Systems teams.
naftiko: "0.5"
info:
label: "BAE Systems Project Status Check"
description: "Checks the current status of a project. Used by BAE Systems teams."
tags:
- defense
- grafana
capability:
exposes:
- type: mcp
namespace: grafana
port: 8080
tools:
- name: get-project_status_check
description: "Checks the current status of a project. Used by BAE Systems teams."
inputParameters:
- name: project_key
in: body
type: string
description: "The project_key to look up."
call: "grafana.get-project_key"
with:
project_key: "{{project_key}}"
consumes:
- type: http
namespace: grafana
baseUri: "https://bae-systems-grafana.com/api"
authentication:
type: bearer
token: "$secrets.grafana_api_key"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: bae_project_status_check
method: GET
BAE Systems Repository Info Lookup
▼
defense okta
Retrieves code repository information. Used by BAE Systems teams.
naftiko: "0.5"
info:
label: "BAE Systems Repository Info Lookup"
description: "Retrieves code repository information. Used by BAE Systems teams."
tags:
- defense
- okta
capability:
exposes:
- type: mcp
namespace: okta
port: 8080
tools:
- name: get-repository_info_lookup
description: "Retrieves code repository information. Used by BAE Systems teams."
inputParameters:
- name: repo_name
in: body
type: string
description: "The repo_name to look up."
call: "okta.get-repo_name"
with:
repo_name: "{{repo_name}}"
consumes:
- type: http
namespace: okta
baseUri: "https://bae-systems.okta.com/api/v1"
authentication:
type: apiKey
key: "$secrets.okta_api_token"
header: "Authorization"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: bae_repository_info_lookup
method: GET
Security Clearance Verification Pipeline
▼
security servicenow okta slack
Validates clearance status, checks access requirements, updates access control, and notifies security.
naftiko: "0.5"
info:
label: "Security Clearance Verification Pipeline"
description: "Validates clearance status, checks access requirements, updates access control, and notifies security."
tags:
- security
- servicenow
- okta
- slack
capability:
exposes:
- type: mcp
namespace: security
port: 8080
tools:
- name: bae_security_clearance_verification_pipe
description: "Orchestrate security clearance verification pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-servicenow
type: call
call: "servicenow.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-okta
type: call
call: "okta.process-resource"
with:
data: "{{get-servicenow.result}}"
- name: create-slack
type: call
call: "slack.create-resource"
with:
channel: "{{notification_channel}}"
text: "Security Clearance Verification Pipeline step 3 complete."
consumes:
- type: http
namespace: servicenow
baseUri: "https://bae-systems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: servicenow-op
method: POST
- type: http
namespace: okta
baseUri: "https://bae-systems.okta.com/api/v1"
authentication:
type: apiKey
key: "$secrets.okta_api_token"
header: "Authorization"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: okta-op
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: slack-op
method: POST
Security Incident Response Pipeline
▼
security splunk servicenow pagerduty
Detects security incidents, enriches with context, creates response tickets, and notifies the SOC.
naftiko: "0.5"
info:
label: "Security Incident Response Pipeline"
description: "Detects security incidents, enriches with context, creates response tickets, and notifies the SOC."
tags:
- security
- splunk
- servicenow
- pagerduty
capability:
exposes:
- type: mcp
namespace: security
port: 8080
tools:
- name: bae_security_incident_response_pipeline
description: "Orchestrate security incident response pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-splunk
type: call
call: "splunk.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-servicenow
type: call
call: "servicenow.process-resource"
with:
data: "{{get-splunk.result}}"
- name: create-pagerduty
type: call
call: "pagerduty.create-resource"
with:
channel: "{{notification_channel}}"
text: "Security Incident Response Pipeline step 3 complete."
consumes:
- type: http
namespace: splunk
baseUri: "https://bae-systems-splunk.com/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: splunk-op
method: POST
- type: http
namespace: servicenow
baseUri: "https://bae-systems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: servicenow-op
method: POST
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: pagerduty-op
method: POST
BAE Systems Security Scan Results
▼
defense slack
Retrieves vulnerability scan results. Used by BAE Systems teams.
naftiko: "0.5"
info:
label: "BAE Systems Security Scan Results"
description: "Retrieves vulnerability scan results. Used by BAE Systems teams."
tags:
- defense
- slack
capability:
exposes:
- type: mcp
namespace: slack
port: 8080
tools:
- name: get-security_scan_results
description: "Retrieves vulnerability scan results. Used by BAE Systems teams."
inputParameters:
- name: scan_id
in: body
type: string
description: "The scan_id to look up."
call: "slack.get-scan_id"
with:
scan_id: "{{scan_id}}"
consumes:
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: bae_security_scan_results
method: GET
BAE Systems Service Health Check
▼
defense jira
Checks the health status of a monitored service. Used by BAE Systems teams.
naftiko: "0.5"
info:
label: "BAE Systems Service Health Check"
description: "Checks the health status of a monitored service. Used by BAE Systems teams."
tags:
- defense
- jira
capability:
exposes:
- type: mcp
namespace: jira
port: 8080
tools:
- name: get-service_health_check
description: "Checks the health status of a monitored service. Used by BAE Systems teams."
inputParameters:
- name: health_target
in: body
type: string
description: "The health_target to look up."
call: "jira.get-health_target"
with:
health_target: "{{health_target}}"
consumes:
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: bae_service_health_check
method: GET
BAE Systems Metric Dashboard Query
▼
defense servicenow
Queries metric values from a monitoring dashboard. Used by BAE Systems teams.
naftiko: "0.5"
info:
label: "BAE Systems Metric Dashboard Query"
description: "Queries metric values from a monitoring dashboard. Used by BAE Systems teams."
tags:
- defense
- servicenow
capability:
exposes:
- type: mcp
namespace: servicenow
port: 8080
tools:
- name: get-metric_dashboard_query
description: "Queries metric values from a monitoring dashboard. Used by BAE Systems teams."
inputParameters:
- name: metric_name
in: body
type: string
description: "The metric_name to look up."
call: "servicenow.get-metric_name"
with:
metric_name: "{{metric_name}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://bae-systems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: bae_servicenow_metric_dashboar
method: GET
System Integration Test Pipeline
▼
engineering jira confluence slack
Orchestrates integration tests, collects results, flags failures, and notifies test engineers.
naftiko: "0.5"
info:
label: "System Integration Test Pipeline"
description: "Orchestrates integration tests, collects results, flags failures, and notifies test engineers."
tags:
- engineering
- jira
- confluence
- slack
capability:
exposes:
- type: mcp
namespace: engineering
port: 8080
tools:
- name: bae_system_integration_test_pipeline
description: "Orchestrate system integration test pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-jira
type: call
call: "jira.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-confluence
type: call
call: "confluence.process-resource"
with:
data: "{{get-jira.result}}"
- name: create-slack
type: call
call: "slack.create-resource"
with:
channel: "{{notification_channel}}"
text: "System Integration Test Pipeline step 3 complete."
consumes:
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: jira-op
method: POST
- type: http
namespace: confluence
baseUri: "https://bae-systems.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: confluence-op
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: slack-op
method: POST
BAE Systems Ticket Details Lookup
▼
defense datadog
Retrieves the details of a support ticket. Used by BAE Systems teams.
naftiko: "0.5"
info:
label: "BAE Systems Ticket Details Lookup"
description: "Retrieves the details of a support ticket. Used by BAE Systems teams."
tags:
- defense
- datadog
capability:
exposes:
- type: mcp
namespace: datadog
port: 8080
tools:
- name: get-ticket_details_lookup
description: "Retrieves the details of a support ticket. Used by BAE Systems teams."
inputParameters:
- name: ticket_id
in: body
type: string
description: "The ticket_id to look up."
call: "datadog.get-ticket_id"
with:
ticket_id: "{{ticket_id}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apiKey
key: "$secrets.datadog_api_key"
header: "DD-API-KEY"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: bae_ticket_details_lookup
method: GET
BAE Systems User Account Lookup
▼
defense splunk
Retrieves user account details from the directory. Used by BAE Systems teams.
naftiko: "0.5"
info:
label: "BAE Systems User Account Lookup"
description: "Retrieves user account details from the directory. Used by BAE Systems teams."
tags:
- defense
- splunk
capability:
exposes:
- type: mcp
namespace: splunk
port: 8080
tools:
- name: get-user_account_lookup
description: "Retrieves user account details from the directory. Used by BAE Systems teams."
inputParameters:
- name: user_id
in: body
type: string
description: "The user_id to look up."
call: "splunk.get-user_id"
with:
user_id: "{{user_id}}"
consumes:
- type: http
namespace: splunk
baseUri: "https://bae-systems-splunk.com/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: bae_user_account_lookup
method: GET
Capacity Planning Forecast Pipeline
▼
infrastructure grafana snowflake powerbi
Analyzes resource utilization trends, forecasts capacity needs, creates procurement requests, and reports.
naftiko: "0.5"
info:
label: "Capacity Planning Forecast Pipeline"
description: "Analyzes resource utilization trends, forecasts capacity needs, creates procurement requests, and reports."
tags:
- infrastructure
- grafana
- snowflake
- powerbi
capability:
exposes:
- type: mcp
namespace: infrastructure
port: 8080
tools:
- name: capacity_planning_forecast_pipeline
description: "Orchestrate capacity planning forecast pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-grafana
type: call
call: "grafana.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-confluence
type: call
call: "confluence.process-resource"
with:
data: "{{get-grafana.result}}"
- name: create-powerbi
type: call
call: "powerbi.create-resource"
with:
channel: "{{notification_channel}}"
text: "Capacity Planning Forecast Pipeline step 3 complete."
consumes:
- type: http
namespace: grafana
baseUri: "https://bae-systems-grafana.com/api"
authentication:
type: bearer
token: "$secrets.grafana_api_key"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: grafana-op
method: POST
- type: http
namespace: confluence
baseUri: "https://bae-systems.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: confluence-op
method: POST
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: powerbi-op
method: POST
Change Management Approval Pipeline
▼
itsm servicenow jira slack
Validates change requests, routes for approval, schedules implementation, and notifies stakeholders.
naftiko: "0.5"
info:
label: "Change Management Approval Pipeline"
description: "Validates change requests, routes for approval, schedules implementation, and notifies stakeholders."
tags:
- itsm
- servicenow
- jira
- slack
capability:
exposes:
- type: mcp
namespace: itsm
port: 8080
tools:
- name: change_management_approval_pipeline
description: "Orchestrate change management approval pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-servicenow
type: call
call: "servicenow.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-jira
type: call
call: "jira.process-resource"
with:
data: "{{get-servicenow.result}}"
- name: create-slack
type: call
call: "slack.create-resource"
with:
channel: "{{notification_channel}}"
text: "Change Management Approval Pipeline step 3 complete."
consumes:
- type: http
namespace: servicenow
baseUri: "https://bae-systems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: servicenow-op
method: POST
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: jira-op
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: slack-op
method: POST
CI/CD Pipeline Failure Triage
▼
ci-cd engineering github-actions jira microsoft-teams
When a GitHub Actions workflow fails, fetches failure logs, creates a Jira bug ticket assigned to the committing developer, and notifies the engineering team in Microsoft Teams with failure details.
naftiko: "0.5"
info:
label: "CI/CD Pipeline Failure Triage"
description: "When a GitHub Actions workflow fails, fetches failure logs, creates a Jira bug ticket assigned to the committing developer, and notifies the engineering team in Microsoft Teams with failure details."
tags:
- ci-cd
- engineering
- github-actions
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: cicd-triage
port: 8080
tools:
- name: triage-pipeline-failure
description: "Given a GitHub Actions workflow run ID, fetch failure details, create a Jira bug, and notify the team."
inputParameters:
- name: owner
in: body
type: string
description: "The GitHub repository owner."
- name: repo
in: body
type: string
description: "The GitHub repository name."
- name: run_id
in: body
type: string
description: "The GitHub Actions workflow run ID."
steps:
- name: get-run
type: call
call: "github.get-workflow-run"
with:
owner: "{{owner}}"
repo: "{{repo}}"
run_id: "{{run_id}}"
- name: create-bug
type: call
call: "jira.create-issue"
with:
project: "ENG"
issuetype: "Bug"
summary: "CI Failure: {{get-run.name}} on {{get-run.head_branch}}"
description: "Workflow {{get-run.name}} failed at {{get-run.updated_at}}. Commit: {{get-run.head_sha}}. Author: {{get-run.actor_login}}."
- name: notify-team
type: call
call: "msteams.send-channel-message"
with:
channel_id: "engineering-ci"
text: "CI FAILURE: {{get-run.name}} on {{repo}}/{{get-run.head_branch}}. Author: {{get-run.actor_login}}. Jira: {{create-bug.key}}."
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: workflow-runs
path: "/repos/{{owner}}/{{repo}}/actions/runs/{{run_id}}"
inputParameters:
- name: owner
in: path
- name: repo
in: path
- name: run_id
in: path
operations:
- name: get-workflow-run
method: GET
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Classified Document Access Pipeline
▼
security servicenow okta slack
Processes access requests, validates need-to-know, grants permissions, and creates audit records.
naftiko: "0.5"
info:
label: "Classified Document Access Pipeline"
description: "Processes access requests, validates need-to-know, grants permissions, and creates audit records."
tags:
- security
- servicenow
- okta
- slack
capability:
exposes:
- type: mcp
namespace: security
port: 8080
tools:
- name: classified_document_access_pipeline
description: "Orchestrate classified document access pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-servicenow
type: call
call: "servicenow.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-okta
type: call
call: "okta.process-resource"
with:
data: "{{get-servicenow.result}}"
- name: create-slack
type: call
call: "slack.create-resource"
with:
channel: "{{notification_channel}}"
text: "Classified Document Access Pipeline step 3 complete."
consumes:
- type: http
namespace: servicenow
baseUri: "https://bae-systems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: servicenow-op
method: POST
- type: http
namespace: okta
baseUri: "https://bae-systems.okta.com/api/v1"
authentication:
type: apiKey
key: "$secrets.okta_api_token"
header: "Authorization"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: okta-op
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: slack-op
method: POST
Classified Environment Access Request
▼
security access-control azure-active-directory servicenow microsoft-teams
When a cleared employee requests access to a classified environment, validates clearance in Azure Active Directory, opens a ServiceNow access request, and notifies the security officer in Microsoft Teams.
naftiko: "0.5"
info:
label: "Classified Environment Access Request"
description: "When a cleared employee requests access to a classified environment, validates clearance in Azure Active Directory, opens a ServiceNow access request, and notifies the security officer in Microsoft Teams."
tags:
- security
- access-control
- azure-active-directory
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: classified-access
port: 8080
tools:
- name: request-classified-access
description: "Given an employee UPN and environment name, validate clearance attributes in Azure AD, open a ServiceNow access request, and notify the facility security officer."
inputParameters:
- name: employee_upn
in: body
type: string
description: "The employee Azure AD user principal name."
- name: environment_name
in: body
type: string
description: "The classified environment identifier."
- name: justification
in: body
type: string
description: "Business justification for the access request."
steps:
- name: get-user-clearance
type: call
call: "azuread.get-user"
with:
upn: "{{employee_upn}}"
- name: open-access-request
type: call
call: "servicenow.create-request"
with:
short_description: "Classified access request: {{environment_name}} — {{get-user-clearance.display_name}}"
description: "Employee {{employee_upn}} requests access to {{environment_name}}. Clearance level: {{get-user-clearance.extension_clearanceLevel}}. Justification: {{justification}}"
category: "security_access"
assigned_group: "Facility_Security"
- name: notify-fso
type: call
call: "msteams.send-channel-message"
with:
channel_id: "facility-security"
text: "Access Request: {{get-user-clearance.display_name}} requesting {{environment_name}} access. Clearance: {{get-user-clearance.extension_clearanceLevel}}. Ticket: {{open-access-request.number}}."
consumes:
- type: http
namespace: azuread
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: users
path: "/users/{{upn}}"
inputParameters:
- name: upn
in: path
operations:
- name: get-user
method: GET
- type: http
namespace: servicenow
baseUri: "https://baesystems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: requests
path: "/table/sc_request"
operations:
- name: create-request
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Compliance Audit Trail Pipeline
▼
compliance elasticsearch confluence slack
Collects audit events, validates against policies, generates compliance reports, and notifies auditors.
naftiko: "0.5"
info:
label: "Compliance Audit Trail Pipeline"
description: "Collects audit events, validates against policies, generates compliance reports, and notifies auditors."
tags:
- compliance
- elasticsearch
- confluence
- slack
capability:
exposes:
- type: mcp
namespace: compliance
port: 8080
tools:
- name: compliance_audit_trail_pipeline
description: "Orchestrate compliance audit trail pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-elasticsearch
type: call
call: "elasticsearch.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-confluence
type: call
call: "confluence.process-resource"
with:
data: "{{get-elasticsearch.result}}"
- name: create-slack
type: call
call: "slack.create-resource"
with:
channel: "{{notification_channel}}"
text: "Compliance Audit Trail Pipeline step 3 complete."
consumes:
- type: http
namespace: elasticsearch
baseUri: "https://bae-systems-es.com:9200"
authentication:
type: bearer
token: "$secrets.elasticsearch_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: elasticsearch-op
method: POST
- type: http
namespace: confluence
baseUri: "https://bae-systems.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: confluence-op
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: slack-op
method: POST
Confluence Engineering Document Lookup
▼
engineering documentation confluence
Searches Confluence for engineering documents by keyword and returns page titles, space keys, and URLs. Used by systems engineers to find technical documentation.
naftiko: "0.5"
info:
label: "Confluence Engineering Document Lookup"
description: "Searches Confluence for engineering documents by keyword and returns page titles, space keys, and URLs. Used by systems engineers to find technical documentation."
tags:
- engineering
- documentation
- confluence
capability:
exposes:
- type: mcp
namespace: eng-docs
port: 8080
tools:
- name: search-confluence
description: "Search Confluence for engineering documentation by keyword. Returns matching page titles, space keys, and direct URLs."
inputParameters:
- name: search_term
in: body
type: string
description: "The search keyword or phrase."
call: "confluence.search-content"
with:
cql: "text~\"{{search_term}}\" AND type=page"
outputParameters:
- name: results
type: array
mapping: "$.results"
- name: total_size
type: integer
mapping: "$.totalSize"
consumes:
- type: http
namespace: confluence
baseUri: "https://bae-systems.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: search
path: "/content/search"
operations:
- name: search-content
method: GET
Cost Center Budget Tracking Pipeline
▼
finance snowflake powerbi slack
Tracks spending against budgets, forecasts overruns, creates alerts, and notifies finance leaders.
naftiko: "0.5"
info:
label: "Cost Center Budget Tracking Pipeline"
description: "Tracks spending against budgets, forecasts overruns, creates alerts, and notifies finance leaders."
tags:
- finance
- snowflake
- powerbi
- slack
capability:
exposes:
- type: mcp
namespace: finance
port: 8080
tools:
- name: cost_center_budget_tracking
description: "Orchestrate cost center budget tracking pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-jira
type: call
call: "jira.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-powerbi
type: call
call: "powerbi.process-resource"
with:
data: "{{get-jira.result}}"
- name: create-slack
type: call
call: "slack.create-resource"
with:
channel: "{{notification_channel}}"
text: "Cost Center Budget Tracking Pipeline step 3 complete."
consumes:
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: jira-op
method: POST
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: powerbi-op
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: slack-op
method: POST
Customer 360 Data Sync Pipeline
▼
data snowflake salesforce slack
Aggregates customer data from multiple sources, deduplicates, enriches profiles, and syncs to CRM.
naftiko: "0.5"
info:
label: "Customer 360 Data Sync Pipeline"
description: "Aggregates customer data from multiple sources, deduplicates, enriches profiles, and syncs to CRM."
tags:
- data
- snowflake
- salesforce
- slack
capability:
exposes:
- type: mcp
namespace: data
port: 8080
tools:
- name: customer_360_data_sync_pipeline
description: "Orchestrate customer 360 data sync pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-jira
type: call
call: "jira.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-salesforce
type: call
call: "salesforce.process-resource"
with:
data: "{{get-jira.result}}"
- name: create-slack
type: call
call: "slack.create-resource"
with:
channel: "{{notification_channel}}"
text: "Customer 360 Data Sync Pipeline step 3 complete."
consumes:
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: jira-op
method: POST
- type: http
namespace: salesforce
baseUri: "https://bae-systems.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: salesforce-op
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: slack-op
method: POST
Cybersecurity Incident Response Orchestrator
▼
cybersecurity incident-response tanium palo-alto-networks jira servicenow microsoft-teams
On detection of a security incident, isolates the affected endpoint via Tanium, blocks malicious IPs in Palo Alto Networks firewall, creates a forensic investigation ticket in Jira, logs the incident in ServiceNow, and alerts the CIRT in Teams.
naftiko: "0.5"
info:
label: "Cybersecurity Incident Response Orchestrator"
description: "On detection of a security incident, isolates the affected endpoint via Tanium, blocks malicious IPs in Palo Alto Networks firewall, creates a forensic investigation ticket in Jira, logs the incident in ServiceNow, and alerts the CIRT in Teams."
tags:
- cybersecurity
- incident-response
- tanium
- palo-alto-networks
- jira
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: incident-response
port: 8080
tools:
- name: orchestrate-incident-response
description: "Given an affected hostname and malicious IP, isolate the endpoint, block the IP, create investigation and incident tickets, and alert the CIRT."
inputParameters:
- name: hostname
in: body
type: string
description: "The affected endpoint hostname."
- name: malicious_ip
in: body
type: string
description: "The malicious IP address to block."
- name: incident_summary
in: body
type: string
description: "Brief description of the security incident."
steps:
- name: isolate-endpoint
type: call
call: "tanium.isolate-host"
with:
hostname: "{{hostname}}"
- name: block-ip
type: call
call: "paloalto.add-to-blocklist"
with:
ip_address: "{{malicious_ip}}"
description: "Blocked due to incident: {{incident_summary}}"
- name: create-investigation
type: call
call: "jira.create-issue"
with:
project: "CIRT"
issuetype: "Task"
summary: "Forensic investigation: {{hostname}} — {{incident_summary}}"
description: "Endpoint {{hostname}} isolated. IP {{malicious_ip}} blocked. Tanium: {{isolate-endpoint.action_id}}."
- name: log-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "Security Incident: {{incident_summary}}"
category: "security"
priority: "1"
description: "Host: {{hostname}}. IP: {{malicious_ip}}. Jira: {{create-investigation.key}}."
- name: alert-cirt
type: call
call: "msteams.send-channel-message"
with:
channel_id: "cirt-alerts"
text: "INCIDENT: {{incident_summary}}. Host: {{hostname}} (isolated). IP: {{malicious_ip}} (blocked). Jira: {{create-investigation.key}}. ServiceNow: {{log-incident.number}}."
consumes:
- type: http
namespace: tanium
baseUri: "https://tanium.baesystems.com/api/v2"
authentication:
type: bearer
token: "$secrets.tanium_token"
resources:
- name: actions
path: "/actions"
operations:
- name: isolate-host
method: POST
- type: http
namespace: paloalto
baseUri: "https://firewall.baesystems.com/restapi/v10.2"
authentication:
type: apikey
header: "X-PAN-KEY"
value: "$secrets.paloalto_firewall_key"
resources:
- name: blocklist
path: "/Objects/AddressObjects"
operations:
- name: add-to-blocklist
method: POST
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: servicenow
baseUri: "https://baesystems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Cybersecurity Threat Hunt Pipeline
▼
cybersecurity splunk servicenow slack
Executes threat hunting queries, analyzes indicators, creates investigation cases, and alerts SOC.
naftiko: "0.5"
info:
label: "Cybersecurity Threat Hunt Pipeline"
description: "Executes threat hunting queries, analyzes indicators, creates investigation cases, and alerts SOC."
tags:
- cybersecurity
- splunk
- servicenow
- slack
capability:
exposes:
- type: mcp
namespace: cybersecurity
port: 8080
tools:
- name: cybersecurity_threat_hunt_pipeline
description: "Orchestrate cybersecurity threat hunt pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-splunk
type: call
call: "splunk.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-servicenow
type: call
call: "servicenow.process-resource"
with:
data: "{{get-splunk.result}}"
- name: create-slack
type: call
call: "slack.create-resource"
with:
channel: "{{notification_channel}}"
text: "Cybersecurity Threat Hunt Pipeline step 3 complete."
consumes:
- type: http
namespace: splunk
baseUri: "https://bae-systems-splunk.com/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: splunk-op
method: POST
- type: http
namespace: servicenow
baseUri: "https://bae-systems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: servicenow-op
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: slack-op
method: POST
Cybersecurity Vulnerability Triage Pipeline
▼
cybersecurity vulnerability-management nessus servicenow jira microsoft-teams
Pulls critical vulnerabilities from Nessus scans, creates ServiceNow security incidents for each, assigns to the appropriate remediation team via Jira, and alerts the CISO team in Microsoft Teams.
naftiko: "0.5"
info:
label: "Cybersecurity Vulnerability Triage Pipeline"
description: "Pulls critical vulnerabilities from Nessus scans, creates ServiceNow security incidents for each, assigns to the appropriate remediation team via Jira, and alerts the CISO team in Microsoft Teams."
tags:
- cybersecurity
- vulnerability-management
- nessus
- servicenow
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: vuln-triage
port: 8080
tools:
- name: triage-critical-vulnerabilities
description: "Given a Nessus scan ID, retrieve critical findings, open ServiceNow incidents, create Jira remediation tasks, and notify the CISO team."
inputParameters:
- name: scan_id
in: body
type: string
description: "The Nessus scan identifier."
- name: severity_threshold
in: body
type: string
description: "Minimum severity level to triage (e.g., critical, high)."
steps:
- name: get-scan-results
type: call
call: "nessus.get-scan-results"
with:
scan_id: "{{scan_id}}"
severity: "{{severity_threshold}}"
- name: create-security-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "Critical vulnerability: {{get-scan-results.top_finding_name}}"
category: "security"
priority: "1"
description: "Nessus scan {{scan_id}} found {{get-scan-results.finding_count}} critical vulnerabilities. Top finding: {{get-scan-results.top_finding_name}} on {{get-scan-results.affected_hosts_count}} hosts."
- name: create-remediation-task
type: call
call: "jira.create-issue"
with:
project: "SECREM"
issuetype: "Task"
summary: "Remediate: {{get-scan-results.top_finding_name}}"
description: "ServiceNow incident: {{create-security-incident.number}}. Affected hosts: {{get-scan-results.affected_hosts_count}}."
- name: notify-ciso
type: call
call: "msteams.send-channel-message"
with:
channel_id: "ciso-alerts"
text: "CRITICAL: {{get-scan-results.finding_count}} vulnerabilities found in scan {{scan_id}}. Incident {{create-security-incident.number}} opened. Jira task: {{create-remediation-task.key}}."
consumes:
- type: http
namespace: nessus
baseUri: "https://nessus.baesystems.com/scans"
authentication:
type: apikey
header: "X-ApiKeys"
value: "$secrets.nessus_api_keys"
resources:
- name: scan-results
path: "/{{scan_id}}"
inputParameters:
- name: scan_id
in: path
operations:
- name: get-scan-results
method: GET
- type: http
namespace: servicenow
baseUri: "https://baesystems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Data Quality Monitoring Pipeline
▼
data-quality snowflake jira grafana
Runs data quality checks, scores datasets, creates remediation tickets, and publishes scorecards.
naftiko: "0.5"
info:
label: "Data Quality Monitoring Pipeline"
description: "Runs data quality checks, scores datasets, creates remediation tickets, and publishes scorecards."
tags:
- data-quality
- snowflake
- jira
- grafana
capability:
exposes:
- type: mcp
namespace: data-quality
port: 8080
tools:
- name: data_quality_monitoring_pipeline
description: "Orchestrate data quality monitoring pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-jira
type: call
call: "jira.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-jira
type: call
call: "jira.process-resource"
with:
data: "{{get-jira.result}}"
- name: create-grafana
type: call
call: "grafana.create-resource"
with:
channel: "{{notification_channel}}"
text: "Data Quality Monitoring Pipeline step 3 complete."
consumes:
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: jira-op
method: POST
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: jira-op
method: POST
- type: http
namespace: grafana
baseUri: "https://bae-systems-grafana.com/api"
authentication:
type: bearer
token: "$secrets.grafana_api_key"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: grafana-op
method: POST
Databricks Defense Analytics Pipeline
▼
data-science machine-learning databricks amazon-s3 power-bi microsoft-teams
Triggers a Databricks ML pipeline for defense sensor data analysis, stores results in Amazon S3, refreshes the Power BI analytics dashboard, and notifies the data science team in Teams.
naftiko: "0.5"
info:
label: "Databricks Defense Analytics Pipeline"
description: "Triggers a Databricks ML pipeline for defense sensor data analysis, stores results in Amazon S3, refreshes the Power BI analytics dashboard, and notifies the data science team in Teams."
tags:
- data-science
- machine-learning
- databricks
- amazon-s3
- power-bi
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: ml-pipeline
port: 8080
tools:
- name: run-analytics-pipeline
description: "Given a Databricks job ID and data parameters, run the ML pipeline, store results, refresh dashboard, and notify the team."
inputParameters:
- name: job_id
in: body
type: string
description: "The Databricks job identifier."
- name: input_path
in: body
type: string
description: "The S3 path to input sensor data."
steps:
- name: run-job
type: call
call: "databricks.run-job"
with:
job_id: "{{job_id}}"
parameters:
input_path: "{{input_path}}"
- name: store-results
type: call
call: "s3.put-object"
with:
bucket: "bae-analytics-results"
key: "ml-output/{{run-job.run_id}}/results.parquet"
- name: refresh-dashboard
type: call
call: "powerbi.trigger-refresh"
with:
workspace_id: "defense-analytics"
dataset_id: "sensor-analysis"
- name: notify-team
type: call
call: "msteams.send-channel-message"
with:
channel_id: "data-science"
text: "ML Pipeline complete. Job: {{run-job.run_id}}. Results: s3://bae-analytics-results/ml-output/{{run-job.run_id}}/. Dashboard refreshed."
consumes:
- type: http
namespace: databricks
baseUri: "https://baesystems.cloud.databricks.com/api/2.1"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: jobs
path: "/jobs/run-now"
operations:
- name: run-job
method: POST
- type: http
namespace: s3
baseUri: "https://bae-analytics-results.s3.amazonaws.com"
authentication:
type: aws-sigv4
region: "us-east-1"
access_key: "$secrets.aws_access_key"
secret_key: "$secrets.aws_secret_key"
resources:
- name: objects
path: "/{{key}}"
inputParameters:
- name: key
in: path
operations:
- name: put-object
method: PUT
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/groups/{{workspace_id}}/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: workspace_id
in: path
- name: dataset_id
in: path
operations:
- name: trigger-refresh
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Datadog Infrastructure Monitor
▼
monitoring infrastructure datadog
Queries Datadog for current host metrics including CPU, memory, and disk utilization for a given infrastructure tag. Used by SRE teams managing defense application infrastructure.
naftiko: "0.5"
info:
label: "Datadog Infrastructure Monitor"
description: "Queries Datadog for current host metrics including CPU, memory, and disk utilization for a given infrastructure tag. Used by SRE teams managing defense application infrastructure."
tags:
- monitoring
- infrastructure
- datadog
capability:
exposes:
- type: mcp
namespace: infra-monitoring
port: 8080
tools:
- name: get-host-metrics
description: "Query Datadog for host-level CPU, memory, and disk metrics filtered by infrastructure tag."
inputParameters:
- name: host_tag
in: body
type: string
description: "The Datadog host tag to filter by (e.g., env:production)."
call: "datadog.query-metrics"
with:
query: "avg:system.cpu.user{{{host_tag}}}"
from: "-1h"
outputParameters:
- name: series
type: array
mapping: "$.series"
- name: query
type: string
mapping: "$.query"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
header: "DD-API-KEY"
value: "$secrets.datadog_api_key"
resources:
- name: metrics
path: "/query"
operations:
- name: query-metrics
method: GET
Defense Contract Deliverable Tracking
▼
contract-management defense sap microsoft-project jira microsoft-teams
Pulls contract deliverable status from SAP, correlates with Microsoft Project schedule milestones, updates Jira tracking epics, and sends a summary to the contracts team in Microsoft Teams.
naftiko: "0.5"
info:
label: "Defense Contract Deliverable Tracking"
description: "Pulls contract deliverable status from SAP, correlates with Microsoft Project schedule milestones, updates Jira tracking epics, and sends a summary to the contracts team in Microsoft Teams."
tags:
- contract-management
- defense
- sap
- microsoft-project
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: contract-deliverables
port: 8080
tools:
- name: track-contract-deliverables
description: "Given a contract number, pull deliverable status from SAP, check schedule adherence, update Jira tracking, and notify the contracts team."
inputParameters:
- name: contract_number
in: body
type: string
description: "The defense contract number."
- name: program_id
in: body
type: string
description: "The associated program identifier."
steps:
- name: get-contract-items
type: call
call: "sap.get-contract-items"
with:
contract_number: "{{contract_number}}"
- name: get-schedule
type: call
call: "msproject.get-project-tasks"
with:
project_id: "{{program_id}}"
- name: update-tracking
type: call
call: "jira.update-issue"
with:
issue_key: "{{program_id}}-CDRL"
fields:
description: "Contract {{contract_number}}: {{get-contract-items.delivered_count}}/{{get-contract-items.total_count}} deliverables complete. Schedule variance: {{get-schedule.variance_days}} days."
- name: notify-contracts
type: call
call: "msteams.send-channel-message"
with:
channel_id: "contracts-management"
text: "Contract {{contract_number}} deliverable update: {{get-contract-items.delivered_count}}/{{get-contract-items.total_count}} complete. Schedule variance: {{get-schedule.variance_days}} days."
consumes:
- type: http
namespace: sap
baseUri: "https://bae-s4.sap.com/sap/opu/odata/sap/API_SALES_CONTRACT_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: contract-items
path: "/A_SalesContract('{{contract_number}}')/to_Item"
inputParameters:
- name: contract_number
in: path
operations:
- name: get-contract-items
method: GET
- type: http
namespace: msproject
baseUri: "https://graph.microsoft.com/v1.0/planner"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: project-tasks
path: "/plans/{{project_id}}/tasks"
inputParameters:
- name: project_id
in: path
operations:
- name: get-project-tasks
method: GET
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue/{{issue_key}}"
inputParameters:
- name: issue_key
in: path
operations:
- name: update-issue
method: PUT
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Defense Contract Milestone Pipeline
▼
programs jira confluence powerbi
Tracks contract deliverables, validates completions, generates progress reports, and notifies program managers.
naftiko: "0.5"
info:
label: "Defense Contract Milestone Pipeline"
description: "Tracks contract deliverables, validates completions, generates progress reports, and notifies program managers."
tags:
- programs
- jira
- confluence
- powerbi
capability:
exposes:
- type: mcp
namespace: programs
port: 8080
tools:
- name: defense_contract_milestone_pipeline
description: "Orchestrate defense contract milestone pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-jira
type: call
call: "jira.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-confluence
type: call
call: "confluence.process-resource"
with:
data: "{{get-jira.result}}"
- name: create-powerbi
type: call
call: "powerbi.create-resource"
with:
channel: "{{notification_channel}}"
text: "Defense Contract Milestone Pipeline step 3 complete."
consumes:
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: jira-op
method: POST
- type: http
namespace: confluence
baseUri: "https://bae-systems.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: confluence-op
method: POST
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: powerbi-op
method: POST
Defense Program Earned Value Analysis
▼
program-management earned-value sap microsoft-project power-bi microsoft-teams
Pulls earned value management data from SAP for a defense contract, compares with Microsoft Project schedule data, generates a CPI/SPI dashboard refresh in Power BI, and notifies program leadership in Teams.
naftiko: "0.5"
info:
label: "Defense Program Earned Value Analysis"
description: "Pulls earned value management data from SAP for a defense contract, compares with Microsoft Project schedule data, generates a CPI/SPI dashboard refresh in Power BI, and notifies program leadership in Teams."
tags:
- program-management
- earned-value
- sap
- microsoft-project
- power-bi
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: evm-analysis
port: 8080
tools:
- name: analyze-earned-value
description: "Given a contract number, pull EVM data from SAP, correlate with schedule, refresh Power BI dashboard, and notify leadership."
inputParameters:
- name: contract_number
in: body
type: string
description: "The defense contract number."
- name: reporting_period
in: body
type: string
description: "The reporting period in YYYY-MM format."
steps:
- name: get-evm-data
type: call
call: "sap.get-evm-metrics"
with:
contract_number: "{{contract_number}}"
period: "{{reporting_period}}"
- name: get-schedule-status
type: call
call: "msproject.get-project-summary"
with:
project_id: "{{contract_number}}"
- name: refresh-dashboard
type: call
call: "powerbi.trigger-refresh"
with:
workspace_id: "evm-dashboards"
dataset_id: "{{contract_number}}-evm"
- name: notify-leadership
type: call
call: "msteams.send-channel-message"
with:
channel_id: "program-leadership"
text: "EVM Report for {{contract_number}} ({{reporting_period}}): CPI={{get-evm-data.cpi}}, SPI={{get-evm-data.spi}}. BCWP=${{get-evm-data.bcwp}}. Schedule: {{get-schedule-status.overall_status}}."
consumes:
- type: http
namespace: sap
baseUri: "https://bae-s4.sap.com/sap/opu/odata/sap/API_PROJECT_COST_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: evm-metrics
path: "/A_ProjectEVMData(contract='{{contract_number}}',period='{{period}}')"
inputParameters:
- name: contract_number
in: path
- name: period
in: path
operations:
- name: get-evm-metrics
method: GET
- type: http
namespace: msproject
baseUri: "https://graph.microsoft.com/v1.0/planner"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: project-summary
path: "/plans/{{project_id}}"
inputParameters:
- name: project_id
in: path
operations:
- name: get-project-summary
method: GET
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/groups/{{workspace_id}}/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: workspace_id
in: path
- name: dataset_id
in: path
operations:
- name: trigger-refresh
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Defense Program Milestone Tracker
▼
program-management defense microsoft-project jira microsoft-teams
Retrieves program milestone data from Microsoft Project, cross-references with Jira epics for engineering deliverables, and posts a consolidated status update to Microsoft Teams for the program management office.
naftiko: "0.5"
info:
label: "Defense Program Milestone Tracker"
description: "Retrieves program milestone data from Microsoft Project, cross-references with Jira epics for engineering deliverables, and posts a consolidated status update to Microsoft Teams for the program management office."
tags:
- program-management
- defense
- microsoft-project
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: program-milestones
port: 8080
tools:
- name: track-program-milestones
description: "Given a program ID, pull milestone schedule from Microsoft Project, correlate with Jira epic status, and post a consolidated update to the program management Teams channel."
inputParameters:
- name: program_id
in: body
type: string
description: "The internal BAE Systems program identifier."
- name: teams_channel_id
in: body
type: string
description: "The Microsoft Teams channel ID for the program management office."
steps:
- name: get-milestones
type: call
call: "msproject.get-project-tasks"
with:
project_id: "{{program_id}}"
- name: get-epics
type: call
call: "jira.search-issues"
with:
jql: "project={{program_id}} AND issuetype=Epic"
- name: post-status
type: call
call: "msteams.send-channel-message"
with:
channel_id: "{{teams_channel_id}}"
text: "Program {{program_id}} Milestone Update: {{get-milestones.summary}}. Engineering Epics: {{get-epics.total}} total, {{get-epics.done_count}} complete."
consumes:
- type: http
namespace: msproject
baseUri: "https://graph.microsoft.com/v1.0/planner"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: project-tasks
path: "/plans/{{project_id}}/tasks"
inputParameters:
- name: project_id
in: path
operations:
- name: get-project-tasks
method: GET
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: search
path: "/search"
operations:
- name: search-issues
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Defense Subcontractor Compliance Audit Pipeline
▼
compliance supply-chain nist sap sharepoint splunk servicenow microsoft-teams
Pulls subcontractor data from SAP, verifies NIST 800-171 compliance attestation in SharePoint, checks for cybersecurity incidents via Splunk, and generates an audit record in ServiceNow with Teams notification.
naftiko: "0.5"
info:
label: "Defense Subcontractor Compliance Audit Pipeline"
description: "Pulls subcontractor data from SAP, verifies NIST 800-171 compliance attestation in SharePoint, checks for cybersecurity incidents via Splunk, and generates an audit record in ServiceNow with Teams notification."
tags:
- compliance
- supply-chain
- nist
- sap
- sharepoint
- splunk
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: subcontractor-audit
port: 8080
tools:
- name: audit-subcontractor-compliance
description: "Given a SAP vendor number, verify NIST compliance docs, check for security incidents, and file an audit record."
inputParameters:
- name: vendor_number
in: body
type: string
description: "The SAP vendor number for the subcontractor."
- name: contract_number
in: body
type: string
description: "The associated prime contract number."
steps:
- name: get-vendor-info
type: call
call: "sap.get-vendor"
with:
vendor_number: "{{vendor_number}}"
- name: check-nist-attestation
type: call
call: "sharepoint.search-files"
with:
query: "{{get-vendor-info.company_name}} NIST 800-171"
site_id: "supplier-compliance"
- name: check-security-events
type: call
call: "splunk.create-search"
with:
search: "index=security sourcetype=vendor_incidents vendor=\"{{get-vendor-info.company_name}}\""
earliest_time: "-90d"
latest_time: "now"
- name: create-audit-record
type: call
call: "servicenow.create-record"
with:
table: "u_compliance_audit"
fields:
vendor_name: "{{get-vendor-info.company_name}}"
contract: "{{contract_number}}"
nist_docs_found: "{{check-nist-attestation.total_count}}"
security_incidents: "{{check-security-events.event_count}}"
- name: notify-compliance
type: call
call: "msteams.send-channel-message"
with:
channel_id: "compliance-audits"
text: "Subcontractor Audit: {{get-vendor-info.company_name}}. NIST docs: {{check-nist-attestation.total_count}}. Incidents: {{check-security-events.event_count}}. Audit: {{create-audit-record.sys_id}}."
consumes:
- type: http
namespace: sap
baseUri: "https://bae-s4.sap.com/sap/opu/odata/sap/API_BUSINESS_PARTNER"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: vendors
path: "/A_Supplier('{{vendor_number}}')"
inputParameters:
- name: vendor_number
in: path
operations:
- name: get-vendor
method: GET
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: search
path: "/{{site_id}}/drive/root/search(q='{{query}}')"
inputParameters:
- name: site_id
in: path
- name: query
in: path
operations:
- name: search-files
method: GET
- type: http
namespace: splunk
baseUri: "https://splunk.baesystems.com:8089/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: searches
path: "/search/jobs"
operations:
- name: create-search
method: POST
- type: http
namespace: servicenow
baseUri: "https://baesystems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: records
path: "/table/{{table}}"
inputParameters:
- name: table
in: path
operations:
- name: create-record
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Defense Supplier Risk Assessment Pipeline
▼
supply-chain risk-management sap sharepoint palo-alto-networks servicenow
Evaluates a supplier by pulling vendor data from SAP, checking compliance records in SharePoint, querying Palo Alto Networks for threat indicators, and filing a risk assessment in ServiceNow.
naftiko: "0.5"
info:
label: "Defense Supplier Risk Assessment Pipeline"
description: "Evaluates a supplier by pulling vendor data from SAP, checking compliance records in SharePoint, querying Palo Alto Networks for threat indicators, and filing a risk assessment in ServiceNow."
tags:
- supply-chain
- risk-management
- sap
- sharepoint
- palo-alto-networks
- servicenow
capability:
exposes:
- type: mcp
namespace: supplier-risk
port: 8080
tools:
- name: assess-supplier-risk
description: "Given a SAP vendor number and supplier domain, pull vendor data, check compliance docs, scan for threats, and file a risk assessment."
inputParameters:
- name: vendor_number
in: body
type: string
description: "The SAP vendor master number."
- name: supplier_domain
in: body
type: string
description: "The supplier primary internet domain."
steps:
- name: get-vendor
type: call
call: "sap.get-vendor"
with:
vendor_number: "{{vendor_number}}"
- name: get-compliance-docs
type: call
call: "sharepoint.search-files"
with:
query: "{{get-vendor.company_name}} compliance"
site_id: "supplier-compliance"
- name: check-threat-intel
type: call
call: "paloalto.query-domain"
with:
domain: "{{supplier_domain}}"
- name: file-assessment
type: call
call: "servicenow.create-assessment"
with:
short_description: "Supplier Risk Assessment: {{get-vendor.company_name}}"
description: "Vendor: {{vendor_number}}. Compliance docs found: {{get-compliance-docs.total_count}}. Threat score: {{check-threat-intel.risk_score}}. Domain: {{supplier_domain}}."
category: "vendor_risk"
assigned_group: "Supply_Chain_Risk"
consumes:
- type: http
namespace: sap
baseUri: "https://bae-s4.sap.com/sap/opu/odata/sap/API_BUSINESS_PARTNER"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: vendors
path: "/A_Supplier('{{vendor_number}}')"
inputParameters:
- name: vendor_number
in: path
operations:
- name: get-vendor
method: GET
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: search
path: "/{{site_id}}/drive/root/search(q='{{query}}')"
inputParameters:
- name: site_id
in: path
- name: query
in: path
operations:
- name: search-files
method: GET
- type: http
namespace: paloalto
baseUri: "https://autofocus.paloaltonetworks.com/api/v1.0"
authentication:
type: apikey
header: "apiKey"
value: "$secrets.paloalto_api_key"
resources:
- name: domains
path: "/tic?indicatorType=domain&indicatorValue={{domain}}"
inputParameters:
- name: domain
in: query
operations:
- name: query-domain
method: POST
- type: http
namespace: servicenow
baseUri: "https://baesystems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: assessments
path: "/table/asmt_assessment"
operations:
- name: create-assessment
method: POST
Defense System Requirements Traceability
▼
systems-engineering requirements-management jira azure-devops confluence
Pulls system requirements from Jira, maps to test cases in Azure DevOps, and generates a traceability gap report in Confluence.
naftiko: "0.5"
info:
label: "Defense System Requirements Traceability"
description: "Pulls system requirements from Jira, maps to test cases in Azure DevOps, and generates a traceability gap report in Confluence."
tags:
- systems-engineering
- requirements-management
- jira
- azure-devops
- confluence
capability:
exposes:
- type: mcp
namespace: requirements-trace
port: 8080
tools:
- name: trace-requirements
description: "Given a Jira project key, map requirements to test cases and publish a gap report to Confluence."
inputParameters:
- name: jira_project
in: body
type: string
description: "The Jira project key containing system requirements."
- name: devops_project
in: body
type: string
description: "The Azure DevOps project containing test cases."
- name: confluence_space
in: body
type: string
description: "The Confluence space key for the traceability report."
steps:
- name: get-requirements
type: call
call: "jira.search-issues"
with:
jql: "project={{jira_project}} AND issuetype=Requirement"
- name: get-test-cases
type: call
call: "azuredevops.get-test-plans"
with:
project: "{{devops_project}}"
- name: publish-report
type: call
call: "confluence.create-page"
with:
space_key: "{{confluence_space}}"
title: "Requirements Traceability Report — {{jira_project}}"
body: "Total requirements: {{get-requirements.total}}. Test cases: {{get-test-cases.count}}. Coverage: {{get-test-cases.coverage_percentage}}%."
consumes:
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: search
path: "/search"
operations:
- name: search-issues
method: GET
- type: http
namespace: azuredevops
baseUri: "https://dev.azure.com/baesystems"
authentication:
type: basic
username: ""
password: "$secrets.azure_devops_pat"
resources:
- name: test-plans
path: "/{{project}}/_apis/test/plans"
inputParameters:
- name: project
in: path
operations:
- name: get-test-plans
method: GET
- type: http
namespace: confluence
baseUri: "https://bae-systems.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: content
path: "/content"
operations:
- name: create-page
method: POST
Defense Travel Request Pipeline
▼
travel compliance sap-concur workday sharepoint microsoft-teams
When a cleared employee submits a travel request through SAP Concur, validates against Workday employment data, checks travel destination against export control lists via SharePoint, and routes approval through Microsoft Teams.
naftiko: "0.5"
info:
label: "Defense Travel Request Pipeline"
description: "When a cleared employee submits a travel request through SAP Concur, validates against Workday employment data, checks travel destination against export control lists via SharePoint, and routes approval through Microsoft Teams."
tags:
- travel
- compliance
- sap-concur
- workday
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: travel-requests
port: 8080
tools:
- name: process-travel-request
description: "Given a Concur travel request ID and employee ID, validate employment, check export compliance, and route for approval."
inputParameters:
- name: request_id
in: body
type: string
description: "The SAP Concur travel request ID."
- name: employee_id
in: body
type: string
description: "The Workday employee ID of the traveler."
steps:
- name: get-travel-request
type: call
call: "concur.get-travel-request"
with:
request_id: "{{request_id}}"
- name: get-employee
type: call
call: "workday.get-worker"
with:
worker_id: "{{employee_id}}"
- name: check-export-controls
type: call
call: "sharepoint.search-files"
with:
query: "{{get-travel-request.destination_country}} export control"
site_id: "export-compliance"
- name: route-approval
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{get-employee.manager_email}}"
text: "Travel Approval Required: {{get-employee.full_name}} to {{get-travel-request.destination_country}} ({{get-travel-request.travel_dates}}). Export control docs: {{check-export-controls.total_count}}."
consumes:
- type: http
namespace: concur
baseUri: "https://www.concursolutions.com/api/v3.0"
authentication:
type: bearer
token: "$secrets.concur_token"
resources:
- name: travel-requests
path: "/travelrequest/requests/{{request_id}}"
inputParameters:
- name: request_id
in: path
operations:
- name: get-travel-request
method: GET
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: search
path: "/{{site_id}}/drive/root/search(q='{{query}}')"
inputParameters:
- name: site_id
in: path
- name: query
in: path
operations:
- name: search-files
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Disaster Recovery Readiness Pipeline
▼
disaster-recovery servicenow confluence pagerduty
Tests DR procedures, validates backup integrity, generates readiness reports, and notifies leadership.
naftiko: "0.5"
info:
label: "Disaster Recovery Readiness Pipeline"
description: "Tests DR procedures, validates backup integrity, generates readiness reports, and notifies leadership."
tags:
- disaster-recovery
- servicenow
- confluence
- pagerduty
capability:
exposes:
- type: mcp
namespace: disaster-recovery
port: 8080
tools:
- name: disaster_recovery_readiness_pipeline
description: "Orchestrate disaster recovery readiness pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-servicenow
type: call
call: "servicenow.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-confluence
type: call
call: "confluence.process-resource"
with:
data: "{{get-servicenow.result}}"
- name: create-pagerduty
type: call
call: "pagerduty.create-resource"
with:
channel: "{{notification_channel}}"
text: "Disaster Recovery Readiness Pipeline step 3 complete."
consumes:
- type: http
namespace: servicenow
baseUri: "https://bae-systems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: servicenow-op
method: POST
- type: http
namespace: confluence
baseUri: "https://bae-systems.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: confluence-op
method: POST
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: pagerduty-op
method: POST
Docker Image Promotion Pipeline
▼
devsecops container-security docker nessus jira microsoft-teams
Promotes a Docker container image from staging to production registry, runs a Nessus vulnerability scan on the image, creates a Jira release ticket, and notifies the release management team in Teams.
naftiko: "0.5"
info:
label: "Docker Image Promotion Pipeline"
description: "Promotes a Docker container image from staging to production registry, runs a Nessus vulnerability scan on the image, creates a Jira release ticket, and notifies the release management team in Teams."
tags:
- devsecops
- container-security
- docker
- nessus
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: image-promotion
port: 8080
tools:
- name: promote-container-image
description: "Given an image repository and tag, scan for vulnerabilities, create a release ticket, and notify the team."
inputParameters:
- name: repository
in: body
type: string
description: "The container image repository name."
- name: tag
in: body
type: string
description: "The image tag to promote."
- name: target_environment
in: body
type: string
description: "The target environment (e.g., production)."
steps:
- name: scan-image
type: call
call: "nessus.scan-container"
with:
repository: "{{repository}}"
tag: "{{tag}}"
- name: create-release-ticket
type: call
call: "jira.create-issue"
with:
project: "REL"
issuetype: "Task"
summary: "Promote {{repository}}:{{tag}} to {{target_environment}}"
description: "Vulnerability scan: {{scan-image.critical_count}} critical, {{scan-image.high_count}} high. Total: {{scan-image.total_count}}."
- name: notify-release-mgmt
type: call
call: "msteams.send-channel-message"
with:
channel_id: "release-management"
text: "Image promotion: {{repository}}:{{tag}} to {{target_environment}}. Vulns: {{scan-image.critical_count}} critical. Jira: {{create-release-ticket.key}}."
consumes:
- type: http
namespace: nessus
baseUri: "https://nessus.baesystems.com"
authentication:
type: apikey
header: "X-ApiKeys"
value: "$secrets.nessus_api_keys"
resources:
- name: container-scans
path: "/container/scan"
operations:
- name: scan-container
method: POST
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Elasticsearch Log Search
▼
observability log-management elasticsearch
Searches Elasticsearch for application or security logs by index pattern and query string. Returns matching log entries for defense systems troubleshooting.
naftiko: "0.5"
info:
label: "Elasticsearch Log Search"
description: "Searches Elasticsearch for application or security logs by index pattern and query string. Returns matching log entries for defense systems troubleshooting."
tags:
- observability
- log-management
- elasticsearch
capability:
exposes:
- type: mcp
namespace: log-search
port: 8080
tools:
- name: search-logs
description: "Search Elasticsearch for log entries matching a query. Returns hits with timestamps and message content."
inputParameters:
- name: index_pattern
in: body
type: string
description: "The Elasticsearch index pattern (e.g., logs-defense-*)."
- name: query_string
in: body
type: string
description: "The Lucene query string to search for."
call: "elasticsearch.search"
with:
index: "{{index_pattern}}"
q: "{{query_string}}"
outputParameters:
- name: total_hits
type: integer
mapping: "$.hits.total.value"
- name: hits
type: array
mapping: "$.hits.hits"
consumes:
- type: http
namespace: elasticsearch
baseUri: "https://elasticsearch.baesystems.com:9200"
authentication:
type: basic
username: "$secrets.elasticsearch_user"
password: "$secrets.elasticsearch_password"
resources:
- name: search
path: "/{{index}}/_search"
inputParameters:
- name: index
in: path
operations:
- name: search
method: GET
Employee Clearance Onboarding Pipeline
▼
hr onboarding security-clearance workday azure-active-directory servicenow sharepoint microsoft-teams
On new cleared hire creation in Workday, provisions Azure AD account with clearance attributes, opens a ServiceNow onboarding ticket, creates a SharePoint folder for personnel security documents, and sends a Teams welcome message.
naftiko: "0.5"
info:
label: "Employee Clearance Onboarding Pipeline"
description: "On new cleared hire creation in Workday, provisions Azure AD account with clearance attributes, opens a ServiceNow onboarding ticket, creates a SharePoint folder for personnel security documents, and sends a Teams welcome message."
tags:
- hr
- onboarding
- security-clearance
- workday
- azure-active-directory
- servicenow
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: clearance-onboarding
port: 8080
tools:
- name: onboard-cleared-employee
description: "Given a Workday employee ID and clearance level, provision Azure AD account, open onboarding ticket, create document folder, and send welcome message."
inputParameters:
- name: workday_employee_id
in: body
type: string
description: "The Workday worker ID for the new hire."
- name: clearance_level
in: body
type: string
description: "The security clearance level (e.g., Secret, Top Secret)."
- name: start_date
in: body
type: string
description: "The employee start date in YYYY-MM-DD format."
steps:
- name: get-employee
type: call
call: "workday.get-worker"
with:
worker_id: "{{workday_employee_id}}"
- name: provision-ad
type: call
call: "azuread.create-user"
with:
display_name: "{{get-employee.full_name}}"
mail: "{{get-employee.work_email}}"
clearance_level: "{{clearance_level}}"
- name: open-ticket
type: call
call: "servicenow.create-incident"
with:
short_description: "Cleared employee onboarding: {{get-employee.full_name}}"
category: "hr_onboarding"
assigned_group: "IT_Security_Onboarding"
description: "Cleared onboarding for {{get-employee.full_name}} starting {{start_date}}. Clearance: {{clearance_level}}."
- name: create-folder
type: call
call: "sharepoint.create-folder"
with:
site_id: "personnel-security"
folder_path: "ClearedPersonnel/{{get-employee.full_name}}_{{start_date}}"
- name: send-welcome
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{get-employee.work_email}}"
text: "Welcome to BAE Systems, {{get-employee.first_name}}! Your onboarding ticket is {{open-ticket.number}}. Personnel security docs folder: {{create-folder.url}}."
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: azuread
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: users
path: "/users"
operations:
- name: create-user
method: POST
- type: http
namespace: servicenow
baseUri: "https://baesystems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: drive-items
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-folder
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Employee Onboarding Automation Pipeline
▼
hr workday servicenow slack
Provisions new employee accounts, assigns training, creates IT tickets, and notifies managers.
naftiko: "0.5"
info:
label: "Employee Onboarding Automation Pipeline"
description: "Provisions new employee accounts, assigns training, creates IT tickets, and notifies managers."
tags:
- hr
- workday
- servicenow
- slack
capability:
exposes:
- type: mcp
namespace: hr
port: 8080
tools:
- name: employee_onboarding_automation
description: "Orchestrate employee onboarding automation pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-workday
type: call
call: "workday.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-servicenow
type: call
call: "servicenow.process-resource"
with:
data: "{{get-workday.result}}"
- name: create-slack
type: call
call: "slack.create-resource"
with:
channel: "{{notification_channel}}"
text: "Employee Onboarding Automation Pipeline step 3 complete."
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-impl-services1.workday.com/ccx/api/v1/bae-systems"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: workday-op
method: POST
- type: http
namespace: servicenow
baseUri: "https://bae-systems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: servicenow-op
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: slack-op
method: POST
Engineering Change Order Workflow
▼
systems-engineering change-management sparx-enterprise-architect jira sharepoint microsoft-teams
When an engineering change order is created in Sparx Enterprise Architect, creates a Jira epic for implementation tracking, uploads the change package to SharePoint, and notifies the configuration control board in Microsoft Teams.
naftiko: "0.5"
info:
label: "Engineering Change Order Workflow"
description: "When an engineering change order is created in Sparx Enterprise Architect, creates a Jira epic for implementation tracking, uploads the change package to SharePoint, and notifies the configuration control board in Microsoft Teams."
tags:
- systems-engineering
- change-management
- sparx-enterprise-architect
- jira
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: eng-change-orders
port: 8080
tools:
- name: process-change-order
description: "Given an engineering change order ID and affected system, create a Jira epic, upload change documentation to SharePoint, and notify the CCB."
inputParameters:
- name: eco_id
in: body
type: string
description: "The engineering change order identifier."
- name: affected_system
in: body
type: string
description: "The system or subsystem affected by the change."
- name: change_description
in: body
type: string
description: "Summary description of the engineering change."
steps:
- name: create-epic
type: call
call: "jira.create-issue"
with:
project: "ENGCHG"
issuetype: "Epic"
summary: "ECO {{eco_id}}: {{affected_system}} — {{change_description}}"
description: "Engineering Change Order {{eco_id}} for {{affected_system}}. {{change_description}}"
- name: upload-docs
type: call
call: "sharepoint.upload-file"
with:
site_id: "engineering-config"
folder_path: "ChangeOrders/{{eco_id}}"
file_name: "ECO_{{eco_id}}_package.pdf"
- name: notify-ccb
type: call
call: "msteams.send-channel-message"
with:
channel_id: "config-control-board"
text: "New ECO {{eco_id}} submitted for {{affected_system}}. Jira: {{create-epic.key}}. Docs: {{upload-docs.url}}. Description: {{change_description}}"
consumes:
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: drive-items
path: "/{{site_id}}/drive/root:/{{folder_path}}/{{file_name}}:/content"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
- name: file_name
in: path
operations:
- name: upload-file
method: PUT
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
GitHub Repository Security Scan
▼
application-security github code-scanning
Retrieves GitHub Advanced Security alerts for a repository including code scanning findings. Used by AppSec teams to audit defense software repos.
naftiko: "0.5"
info:
label: "GitHub Repository Security Scan"
description: "Retrieves GitHub Advanced Security alerts for a repository including code scanning findings. Used by AppSec teams to audit defense software repos."
tags:
- application-security
- github
- code-scanning
capability:
exposes:
- type: mcp
namespace: appsec-github
port: 8080
tools:
- name: get-security-alerts
description: "Get GitHub Advanced Security code scanning alerts for a repository. Returns alert count and severities."
inputParameters:
- name: owner
in: body
type: string
description: "The GitHub organization or owner name."
- name: repo
in: body
type: string
description: "The repository name."
call: "github.get-code-scanning-alerts"
with:
owner: "{{owner}}"
repo: "{{repo}}"
outputParameters:
- name: alerts
type: array
mapping: "$"
- name: open_count
type: integer
mapping: "$.length"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: code-scanning
path: "/repos/{{owner}}/{{repo}}/code-scanning/alerts"
inputParameters:
- name: owner
in: path
- name: repo
in: path
operations:
- name: get-code-scanning-alerts
method: GET
GitLab Merge Request Security Gate
▼
devsecops code-review gitlab sonarqube
When a GitLab merge request is opened, triggers SonarQube analysis, checks for secret leaks in the diff, and posts a security summary comment back on the merge request via GitLab API.
naftiko: "0.5"
info:
label: "GitLab Merge Request Security Gate"
description: "When a GitLab merge request is opened, triggers SonarQube analysis, checks for secret leaks in the diff, and posts a security summary comment back on the merge request via GitLab API."
tags:
- devsecops
- code-review
- gitlab
- sonarqube
capability:
exposes:
- type: mcp
namespace: mr-security-gate
port: 8080
tools:
- name: gate-merge-request
description: "Given a GitLab project ID and merge request IID, run security checks and post results as a comment."
inputParameters:
- name: project_id
in: body
type: string
description: "The GitLab project ID."
- name: mr_iid
in: body
type: string
description: "The merge request internal ID."
steps:
- name: get-mr-details
type: call
call: "gitlab.get-merge-request"
with:
project_id: "{{project_id}}"
mr_iid: "{{mr_iid}}"
- name: run-sonar-analysis
type: call
call: "sonarqube.get-quality-gate"
with:
projectKey: "{{get-mr-details.source_branch}}"
- name: post-comment
type: call
call: "gitlab.create-mr-note"
with:
project_id: "{{project_id}}"
mr_iid: "{{mr_iid}}"
body: "Security Gate: Quality gate {{run-sonar-analysis.status}}. Branch: {{get-mr-details.source_branch}}."
consumes:
- type: http
namespace: gitlab
baseUri: "https://gitlab.baesystems.com/api/v4"
authentication:
type: bearer
token: "$secrets.gitlab_token"
resources:
- name: merge-requests
path: "/projects/{{project_id}}/merge_requests/{{mr_iid}}"
inputParameters:
- name: project_id
in: path
- name: mr_iid
in: path
operations:
- name: get-merge-request
method: GET
- name: mr-notes
path: "/projects/{{project_id}}/merge_requests/{{mr_iid}}/notes"
inputParameters:
- name: project_id
in: path
- name: mr_iid
in: path
operations:
- name: create-mr-note
method: POST
- type: http
namespace: sonarqube
baseUri: "https://sonarqube.baesystems.com/api"
authentication:
type: bearer
token: "$secrets.sonarqube_token"
resources:
- name: quality-gates
path: "/qualitygates/project_status"
operations:
- name: get-quality-gate
method: GET
Grafana Alert Status Query
▼
monitoring alerting grafana
Retrieves current firing alerts from Grafana for a given dashboard. Used by SRE teams to get a quick view of active alerts across defense infrastructure.
naftiko: "0.5"
info:
label: "Grafana Alert Status Query"
description: "Retrieves current firing alerts from Grafana for a given dashboard. Used by SRE teams to get a quick view of active alerts across defense infrastructure."
tags:
- monitoring
- alerting
- grafana
capability:
exposes:
- type: mcp
namespace: grafana-alerts
port: 8080
tools:
- name: get-firing-alerts
description: "Query Grafana for currently firing alerts. Returns alert names, states, and affected dashboards."
inputParameters:
- name: dashboard_uid
in: body
type: string
description: "Optional Grafana dashboard UID to filter alerts."
call: "grafana.get-alerts"
with:
dashboardId: "{{dashboard_uid}}"
state: "alerting"
outputParameters:
- name: alerts
type: array
mapping: "$.data"
- name: total_count
type: integer
mapping: "$.data.length"
consumes:
- type: http
namespace: grafana
baseUri: "https://grafana.baesystems.com/api"
authentication:
type: bearer
token: "$secrets.grafana_token"
resources:
- name: alerts
path: "/alerts"
operations:
- name: get-alerts
method: GET
Helm Chart Deployment Pipeline
▼
deployment kubernetes helm azure-kubernetes-service sonarqube microsoft-teams
Deploys a Helm chart to an AKS cluster, verifies pod health via Kubernetes API, runs SonarQube quality check on the release, and posts deployment status to the engineering Teams channel.
naftiko: "0.5"
info:
label: "Helm Chart Deployment Pipeline"
description: "Deploys a Helm chart to an AKS cluster, verifies pod health via Kubernetes API, runs SonarQube quality check on the release, and posts deployment status to the engineering Teams channel."
tags:
- deployment
- kubernetes
- helm
- azure-kubernetes-service
- sonarqube
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: helm-deploy
port: 8080
tools:
- name: deploy-helm-chart
description: "Given a Helm chart name, version, and target namespace, deploy to AKS, verify pods, check code quality, and notify the team."
inputParameters:
- name: chart_name
in: body
type: string
description: "The Helm chart name."
- name: chart_version
in: body
type: string
description: "The chart version to deploy."
- name: namespace
in: body
type: string
description: "The Kubernetes namespace for deployment."
steps:
- name: deploy-chart
type: call
call: "aks.create-helm-release"
with:
chart: "{{chart_name}}"
version: "{{chart_version}}"
namespace: "{{namespace}}"
- name: check-pods
type: call
call: "aks.list-pods"
with:
namespace: "{{namespace}}"
label_selector: "app={{chart_name}}"
- name: check-quality
type: call
call: "sonarqube.get-quality-gate"
with:
projectKey: "{{chart_name}}"
- name: notify-team
type: call
call: "msteams.send-channel-message"
with:
channel_id: "deployments"
text: "Deployed {{chart_name}} v{{chart_version}} to {{namespace}}. Pods: {{check-pods.ready_count}}/{{check-pods.total_count}}. Quality gate: {{check-quality.status}}."
consumes:
- type: http
namespace: aks
baseUri: "https://aks-cluster.baesystems.com"
authentication:
type: bearer
token: "$secrets.aks_token"
resources:
- name: helm-releases
path: "/apis/helm.toolkit.fluxcd.io/v2beta1/namespaces/{{namespace}}/helmreleases"
inputParameters:
- name: namespace
in: path
operations:
- name: create-helm-release
method: POST
- name: pods
path: "/api/v1/namespaces/{{namespace}}/pods"
inputParameters:
- name: namespace
in: path
operations:
- name: list-pods
method: GET
- type: http
namespace: sonarqube
baseUri: "https://sonarqube.baesystems.com/api"
authentication:
type: bearer
token: "$secrets.sonarqube_token"
resources:
- name: quality-gates
path: "/qualitygates/project_status"
operations:
- name: get-quality-gate
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Informatica ETL Pipeline Failure Recovery
▼
data-engineering etl informatica servicenow microsoft-teams
When an Informatica ETL job fails, fetches error details, creates a ServiceNow incident, restarts the job via Informatica API, and notifies the data engineering team in Teams.
naftiko: "0.5"
info:
label: "Informatica ETL Pipeline Failure Recovery"
description: "When an Informatica ETL job fails, fetches error details, creates a ServiceNow incident, restarts the job via Informatica API, and notifies the data engineering team in Teams."
tags:
- data-engineering
- etl
- informatica
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: etl-recovery
port: 8080
tools:
- name: recover-failed-etl
description: "Given a failed Informatica run ID, fetch error details, create an incident, restart the job, and notify the team."
inputParameters:
- name: run_id
in: body
type: string
description: "The failed Informatica job run identifier."
- name: task_id
in: body
type: string
description: "The Informatica task identifier for restart."
steps:
- name: get-failure-details
type: call
call: "informatica.get-activity-log"
with:
runId: "{{run_id}}"
- name: create-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "ETL Failure: {{get-failure-details.task_name}}"
category: "data_engineering"
description: "Run {{run_id}} failed. Error rows: {{get-failure-details.failedRows}}. Status: {{get-failure-details.executionState}}."
- name: restart-job
type: call
call: "informatica.restart-task"
with:
taskId: "{{task_id}}"
- name: notify-team
type: call
call: "msteams.send-channel-message"
with:
channel_id: "data-engineering"
text: "ETL Recovery: {{get-failure-details.task_name}} failed ({{get-failure-details.failedRows}} error rows). Restarted. ServiceNow: {{create-incident.number}}."
consumes:
- type: http
namespace: informatica
baseUri: "https://dm-us.informaticacloud.com/saas/api/v2"
authentication:
type: bearer
token: "$secrets.informatica_token"
resources:
- name: activity-logs
path: "/activity/activityLog/{{runId}}"
inputParameters:
- name: runId
in: path
operations:
- name: get-activity-log
method: GET
- name: tasks
path: "/task/{{taskId}}/restart"
inputParameters:
- name: taskId
in: path
operations:
- name: restart-task
method: POST
- type: http
namespace: servicenow
baseUri: "https://baesystems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Infrastructure Drift Detection Pipeline
▼
devops github jira slack
Compares deployed state against desired config, identifies drift, creates remediation tickets, and alerts ops.
naftiko: "0.5"
info:
label: "Infrastructure Drift Detection Pipeline"
description: "Compares deployed state against desired config, identifies drift, creates remediation tickets, and alerts ops."
tags:
- devops
- github
- jira
- slack
capability:
exposes:
- type: mcp
namespace: devops
port: 8080
tools:
- name: infrastructure_drift_detection
description: "Orchestrate infrastructure drift detection pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-github
type: call
call: "github.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-jira
type: call
call: "jira.process-resource"
with:
data: "{{get-github.result}}"
- name: create-slack
type: call
call: "slack.create-resource"
with:
channel: "{{notification_channel}}"
text: "Infrastructure Drift Detection Pipeline step 3 complete."
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: github-op
method: POST
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: jira-op
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: slack-op
method: POST
IT Asset Lifecycle Pipeline
▼
operations servicenow snowflake slack
Tracks asset lifecycle stages, schedules replacements, manages disposal, and updates CMDB.
naftiko: "0.5"
info:
label: "IT Asset Lifecycle Pipeline"
description: "Tracks asset lifecycle stages, schedules replacements, manages disposal, and updates CMDB."
tags:
- operations
- servicenow
- snowflake
- slack
capability:
exposes:
- type: mcp
namespace: operations
port: 8080
tools:
- name: it_asset_lifecycle_pipeline
description: "Orchestrate it asset lifecycle pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-servicenow
type: call
call: "servicenow.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-confluence
type: call
call: "confluence.process-resource"
with:
data: "{{get-servicenow.result}}"
- name: create-slack
type: call
call: "slack.create-resource"
with:
channel: "{{notification_channel}}"
text: "IT Asset Lifecycle Pipeline step 3 complete."
consumes:
- type: http
namespace: servicenow
baseUri: "https://bae-systems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: servicenow-op
method: POST
- type: http
namespace: confluence
baseUri: "https://bae-systems.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: confluence-op
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: slack-op
method: POST
Jira Engineering Task Lookup
▼
engineering project-management jira
Retrieves a Jira issue by key and returns summary, status, assignee, and priority. Used by engineering leads to quickly check task progress.
naftiko: "0.5"
info:
label: "Jira Engineering Task Lookup"
description: "Retrieves a Jira issue by key and returns summary, status, assignee, and priority. Used by engineering leads to quickly check task progress."
tags:
- engineering
- project-management
- jira
capability:
exposes:
- type: mcp
namespace: engineering-tasks
port: 8080
tools:
- name: get-jira-issue
description: "Look up a Jira issue by key. Returns summary, status, assignee display name, and priority."
inputParameters:
- name: issue_key
in: body
type: string
description: "The Jira issue key (e.g., ENG-1234)."
call: "jira.get-issue"
with:
issue_key: "{{issue_key}}"
outputParameters:
- name: summary
type: string
mapping: "$.fields.summary"
- name: status
type: string
mapping: "$.fields.status.name"
- name: assignee
type: string
mapping: "$.fields.assignee.displayName"
- name: priority
type: string
mapping: "$.fields.priority.name"
consumes:
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue/{{issue_key}}"
inputParameters:
- name: issue_key
in: path
operations:
- name: get-issue
method: GET
Knowledge Base Freshness Pipeline
▼
knowledge confluence jira slack
Identifies stale articles, assigns review tasks, tracks updates, and publishes freshness reports.
naftiko: "0.5"
info:
label: "Knowledge Base Freshness Pipeline"
description: "Identifies stale articles, assigns review tasks, tracks updates, and publishes freshness reports."
tags:
- knowledge
- confluence
- jira
- slack
capability:
exposes:
- type: mcp
namespace: knowledge
port: 8080
tools:
- name: knowledge_base_freshness_pipeline
description: "Orchestrate knowledge base freshness pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-confluence
type: call
call: "confluence.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-jira
type: call
call: "jira.process-resource"
with:
data: "{{get-confluence.result}}"
- name: create-slack
type: call
call: "slack.create-resource"
with:
channel: "{{notification_channel}}"
text: "Knowledge Base Freshness Pipeline step 3 complete."
consumes:
- type: http
namespace: confluence
baseUri: "https://bae-systems.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: confluence-op
method: POST
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: jira-op
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: slack-op
method: POST
Kubernetes Cluster Health Check
▼
platform-engineering kubernetes azure-kubernetes-service
Queries Azure Kubernetes Service for cluster node status, pod health, and resource utilization. Used by platform engineers managing defense application workloads.
naftiko: "0.5"
info:
label: "Kubernetes Cluster Health Check"
description: "Queries Azure Kubernetes Service for cluster node status, pod health, and resource utilization. Used by platform engineers managing defense application workloads."
tags:
- platform-engineering
- kubernetes
- azure-kubernetes-service
capability:
exposes:
- type: mcp
namespace: k8s-health
port: 8080
tools:
- name: get-cluster-health
description: "Get AKS cluster health including provisioning state, Kubernetes version, and node count."
inputParameters:
- name: subscription_id
in: body
type: string
description: "The Azure subscription ID."
- name: resource_group
in: body
type: string
description: "The Azure resource group name."
- name: cluster_name
in: body
type: string
description: "The AKS cluster name."
call: "aks.get-cluster"
with:
subscription_id: "{{subscription_id}}"
resource_group: "{{resource_group}}"
cluster_name: "{{cluster_name}}"
outputParameters:
- name: provisioning_state
type: string
mapping: "$.properties.provisioningState"
- name: kubernetes_version
type: string
mapping: "$.properties.kubernetesVersion"
- name: node_count
type: integer
mapping: "$.properties.agentPoolProfiles[0].count"
consumes:
- type: http
namespace: aks
baseUri: "https://management.azure.com/subscriptions"
authentication:
type: bearer
token: "$secrets.azure_mgmt_token"
resources:
- name: clusters
path: "/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.ContainerService/managedClusters/{{cluster_name}}"
inputParameters:
- name: subscription_id
in: path
- name: resource_group
in: path
- name: cluster_name
in: path
operations:
- name: get-cluster
method: GET
MATLAB Simulation Job Submission
▼
simulation engineering matlab microsoft-azure sharepoint microsoft-teams
Submits a MATLAB simulation job to the Azure Batch compute cluster for defense systems modeling, uploads results to the engineering SharePoint site, and notifies the team in Microsoft Teams.
naftiko: "0.5"
info:
label: "MATLAB Simulation Job Submission"
description: "Submits a MATLAB simulation job to the Azure Batch compute cluster for defense systems modeling, uploads results to the engineering SharePoint site, and notifies the team in Microsoft Teams."
tags:
- simulation
- engineering
- matlab
- microsoft-azure
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: simulation-jobs
port: 8080
tools:
- name: submit-simulation
description: "Given a MATLAB script name and program ID, submit a simulation job, upload results to SharePoint, and notify the engineering team."
inputParameters:
- name: script_name
in: body
type: string
description: "The MATLAB simulation script name."
- name: program_id
in: body
type: string
description: "The defense program identifier."
steps:
- name: submit-job
type: call
call: "azure-batch.create-job"
with:
pool_id: "matlab-compute"
job_id: "sim-{{program_id}}-{{script_name}}"
command_line: "matlab -batch {{script_name}}"
- name: upload-results
type: call
call: "sharepoint.upload-file"
with:
site_id: "engineering-simulations"
folder_path: "{{program_id}}/results"
file_name: "{{script_name}}_results.mat"
- name: notify-team
type: call
call: "msteams.send-channel-message"
with:
channel_id: "simulation-results"
text: "Simulation submitted: {{script_name}} for program {{program_id}}. Job: {{submit-job.job_id}}. Results: {{upload-results.url}}"
consumes:
- type: http
namespace: azure-batch
baseUri: "https://baesystems-batch.eastus.batch.azure.com"
authentication:
type: bearer
token: "$secrets.azure_batch_token"
resources:
- name: jobs
path: "/jobs"
operations:
- name: create-job
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: drive-items
path: "/{{site_id}}/drive/root:/{{folder_path}}/{{file_name}}:/content"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
- name: file_name
in: path
operations:
- name: upload-file
method: PUT
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Microsoft Entra Conditional Access Review
▼
identity-security zero-trust microsoft-entra servicenow
Queries Microsoft Entra for conditional access policies applied to a defense application, verifies MFA enforcement, and generates a compliance report in ServiceNow.
naftiko: "0.5"
info:
label: "Microsoft Entra Conditional Access Review"
description: "Queries Microsoft Entra for conditional access policies applied to a defense application, verifies MFA enforcement, and generates a compliance report in ServiceNow."
tags:
- identity-security
- zero-trust
- microsoft-entra
- servicenow
capability:
exposes:
- type: mcp
namespace: identity-compliance
port: 8080
tools:
- name: review-conditional-access
description: "Given an application ID, review conditional access policies, check MFA enforcement, and file a compliance report."
inputParameters:
- name: app_id
in: body
type: string
description: "The Azure AD application ID."
steps:
- name: get-policies
type: call
call: "entra.list-conditional-access-policies"
with:
app_id: "{{app_id}}"
- name: file-compliance-report
type: call
call: "servicenow.create-record"
with:
table: "u_identity_compliance"
fields:
application_id: "{{app_id}}"
policy_count: "{{get-policies.total_count}}"
mfa_enforced: "{{get-policies.mfa_required}}"
compliant: "{{get-policies.all_compliant}}"
consumes:
- type: http
namespace: entra
baseUri: "https://graph.microsoft.com/v1.0/identity"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: conditional-access
path: "/conditionalAccess/policies"
operations:
- name: list-conditional-access-policies
method: GET
- type: http
namespace: servicenow
baseUri: "https://baesystems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: records
path: "/table/{{table}}"
inputParameters:
- name: table
in: path
operations:
- name: create-record
method: POST
OpenShift Application Deployment with Security Gate
▼
platform-engineering deployment openshift sonarqube microsoft-teams
Deploys a defense application to OpenShift, runs a SonarQube quality gate check, verifies deployment health, and notifies the platform engineering team in Teams with deployment status.
naftiko: "0.5"
info:
label: "OpenShift Application Deployment with Security Gate"
description: "Deploys a defense application to OpenShift, runs a SonarQube quality gate check, verifies deployment health, and notifies the platform engineering team in Teams with deployment status."
tags:
- platform-engineering
- deployment
- openshift
- sonarqube
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: openshift-deploy-gate
port: 8080
tools:
- name: deploy-with-gate
description: "Given an OpenShift namespace and deployment config, check code quality, deploy, verify health, and notify the team."
inputParameters:
- name: namespace
in: body
type: string
description: "The OpenShift namespace."
- name: deployment_name
in: body
type: string
description: "The deployment name."
- name: image_tag
in: body
type: string
description: "The container image tag to deploy."
steps:
- name: check-quality
type: call
call: "sonarqube.get-quality-gate"
with:
projectKey: "{{deployment_name}}"
- name: deploy-app
type: call
call: "openshift.update-deployment"
with:
namespace: "{{namespace}}"
deployment_name: "{{deployment_name}}"
image_tag: "{{image_tag}}"
- name: verify-health
type: call
call: "openshift.get-deployment"
with:
namespace: "{{namespace}}"
deployment_name: "{{deployment_name}}"
- name: notify-team
type: call
call: "msteams.send-channel-message"
with:
channel_id: "platform-deployments"
text: "Deployed {{deployment_name}}:{{image_tag}} to {{namespace}}. Quality gate: {{check-quality.status}}. Replicas: {{verify-health.available_replicas}}/{{verify-health.replicas}}."
consumes:
- type: http
namespace: sonarqube
baseUri: "https://sonarqube.baesystems.com/api"
authentication:
type: bearer
token: "$secrets.sonarqube_token"
resources:
- name: quality-gates
path: "/qualitygates/project_status"
operations:
- name: get-quality-gate
method: GET
- type: http
namespace: openshift
baseUri: "https://openshift.baesystems.com/apis/apps/v1"
authentication:
type: bearer
token: "$secrets.openshift_token"
resources:
- name: deployments
path: "/namespaces/{{namespace}}/deployments/{{deployment_name}}"
inputParameters:
- name: namespace
in: path
- name: deployment_name
in: path
operations:
- name: update-deployment
method: PATCH
- name: get-deployment
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Palo Alto Networks Firewall Rule Audit Pipeline
▼
network-security compliance palo-alto-networks sharepoint servicenow microsoft-teams
Pulls firewall rule configurations from Palo Alto Networks, validates against NIST security baseline in SharePoint, logs findings in ServiceNow, and notifies the network security team in Teams.
naftiko: "0.5"
info:
label: "Palo Alto Networks Firewall Rule Audit Pipeline"
description: "Pulls firewall rule configurations from Palo Alto Networks, validates against NIST security baseline in SharePoint, logs findings in ServiceNow, and notifies the network security team in Teams."
tags:
- network-security
- compliance
- palo-alto-networks
- sharepoint
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: firewall-audit
port: 8080
tools:
- name: audit-firewall-rules
description: "Given a firewall device group, pull rules, validate against baselines, log findings, and notify the team."
inputParameters:
- name: device_group
in: body
type: string
description: "The Palo Alto Networks device group name."
steps:
- name: get-rules
type: call
call: "paloalto.get-security-rules"
with:
device_group: "{{device_group}}"
- name: get-baseline
type: call
call: "sharepoint.search-files"
with:
query: "NIST firewall baseline {{device_group}}"
site_id: "security-baselines"
- name: log-audit
type: call
call: "servicenow.create-record"
with:
table: "u_firewall_audit"
fields:
device_group: "{{device_group}}"
total_rules: "{{get-rules.total_count}}"
baseline_doc: "{{get-baseline.results[0].name}}"
- name: notify-netsec
type: call
call: "msteams.send-channel-message"
with:
channel_id: "network-security"
text: "Firewall Audit: {{device_group}}. Total rules: {{get-rules.total_count}}. Audit: {{log-audit.sys_id}}."
consumes:
- type: http
namespace: paloalto
baseUri: "https://firewall.baesystems.com/restapi/v10.2"
authentication:
type: apikey
header: "X-PAN-KEY"
value: "$secrets.paloalto_firewall_key"
resources:
- name: security-rules
path: "/Policies/SecurityRules?location=device-group&device-group={{device_group}}"
inputParameters:
- name: device_group
in: query
operations:
- name: get-security-rules
method: GET
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: search
path: "/{{site_id}}/drive/root/search(q='{{query}}')"
inputParameters:
- name: site_id
in: path
- name: query
in: path
operations:
- name: search-files
method: GET
- type: http
namespace: servicenow
baseUri: "https://baesystems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: records
path: "/table/{{table}}"
inputParameters:
- name: table
in: path
operations:
- name: create-record
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Performance Review Cycle Pipeline
▼
hr workday confluence slack
Initiates review cycles, collects feedback, aggregates scores, and distributes to managers.
naftiko: "0.5"
info:
label: "Performance Review Cycle Pipeline"
description: "Initiates review cycles, collects feedback, aggregates scores, and distributes to managers."
tags:
- hr
- workday
- confluence
- slack
capability:
exposes:
- type: mcp
namespace: hr
port: 8080
tools:
- name: performance_review_cycle_pipeline
description: "Orchestrate performance review cycle pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-workday
type: call
call: "workday.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-confluence
type: call
call: "confluence.process-resource"
with:
data: "{{get-workday.result}}"
- name: create-slack
type: call
call: "slack.create-resource"
with:
channel: "{{notification_channel}}"
text: "Performance Review Cycle Pipeline step 3 complete."
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-impl-services1.workday.com/ccx/api/v1/bae-systems"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: workday-op
method: POST
- type: http
namespace: confluence
baseUri: "https://bae-systems.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: confluence-op
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: slack-op
method: POST
Power BI Defense Dashboard Refresh
▼
analytics reporting power-bi
Triggers a Power BI dataset refresh for a specified defense analytics workspace and returns the refresh status.
naftiko: "0.5"
info:
label: "Power BI Defense Dashboard Refresh"
description: "Triggers a Power BI dataset refresh for a specified defense analytics workspace and returns the refresh status."
tags:
- analytics
- reporting
- power-bi
capability:
exposes:
- type: mcp
namespace: analytics-refresh
port: 8080
tools:
- name: refresh-dataset
description: "Trigger a Power BI dataset refresh in the specified workspace and return the refresh operation status."
inputParameters:
- name: workspace_id
in: body
type: string
description: "The Power BI workspace (group) ID."
- name: dataset_id
in: body
type: string
description: "The Power BI dataset ID to refresh."
call: "powerbi.trigger-refresh"
with:
workspace_id: "{{workspace_id}}"
dataset_id: "{{dataset_id}}"
outputParameters:
- name: request_id
type: string
mapping: "$.requestId"
consumes:
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/groups/{{workspace_id}}/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: workspace_id
in: path
- name: dataset_id
in: path
operations:
- name: trigger-refresh
method: POST
Program Risk Register Pipeline
▼
program-management risk-management jira databricks sharepoint microsoft-teams
Pulls open program risks from Jira, generates a risk heat map in Databricks, uploads the report to SharePoint, and sends the weekly risk summary to program leadership in Microsoft Teams.
naftiko: "0.5"
info:
label: "Program Risk Register Pipeline"
description: "Pulls open program risks from Jira, generates a risk heat map in Databricks, uploads the report to SharePoint, and sends the weekly risk summary to program leadership in Microsoft Teams."
tags:
- program-management
- risk-management
- jira
- databricks
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: risk-register
port: 8080
tools:
- name: generate-risk-report
description: "Given a Jira project key for the program, pull risks, generate analytics, upload report, and notify leadership."
inputParameters:
- name: program_project_key
in: body
type: string
description: "The Jira project key containing program risk issues."
- name: program_name
in: body
type: string
description: "The program display name."
steps:
- name: get-risks
type: call
call: "jira.search-issues"
with:
jql: "project={{program_project_key}} AND issuetype=Risk AND status!=Closed"
- name: generate-heatmap
type: call
call: "databricks.run-job"
with:
job_id: "risk-heatmap-generator"
parameters:
risk_data: "{{get-risks.issues}}"
program_name: "{{program_name}}"
- name: upload-report
type: call
call: "sharepoint.upload-file"
with:
site_id: "program-risk-mgmt"
folder_path: "{{program_name}}/RiskReports"
file_name: "risk_heatmap_weekly.pdf"
- name: notify-leadership
type: call
call: "msteams.send-channel-message"
with:
channel_id: "program-{{program_project_key}}-leadership"
text: "Weekly Risk Report for {{program_name}}: {{get-risks.total}} open risks. High: {{get-risks.high_count}}. Report: {{upload-report.url}}"
consumes:
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: search
path: "/search"
operations:
- name: search-issues
method: GET
- type: http
namespace: databricks
baseUri: "https://baesystems.cloud.databricks.com/api/2.1"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: jobs
path: "/jobs/run-now"
operations:
- name: run-job
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: drive-items
path: "/{{site_id}}/drive/root:/{{folder_path}}/{{file_name}}:/content"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
- name: file_name
in: path
operations:
- name: upload-file
method: PUT
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
QRadar Security Offense Lookup
▼
cybersecurity siem qradar
Retrieves a QRadar security offense by ID and returns magnitude, status, offense type, and source count. Used by SOC analysts for offense investigation.
naftiko: "0.5"
info:
label: "QRadar Security Offense Lookup"
description: "Retrieves a QRadar security offense by ID and returns magnitude, status, offense type, and source count. Used by SOC analysts for offense investigation."
tags:
- cybersecurity
- siem
- qradar
capability:
exposes:
- type: mcp
namespace: qradar-offenses
port: 8080
tools:
- name: get-offense
description: "Look up a QRadar offense by ID. Returns magnitude, status, offense type, and source count."
inputParameters:
- name: offense_id
in: body
type: string
description: "The QRadar offense ID."
call: "qradar.get-offense"
with:
offense_id: "{{offense_id}}"
outputParameters:
- name: magnitude
type: integer
mapping: "$.magnitude"
- name: status
type: string
mapping: "$.status"
- name: offense_type
type: string
mapping: "$.offense_type_str"
- name: source_count
type: integer
mapping: "$.source_count"
consumes:
- type: http
namespace: qradar
baseUri: "https://qradar.baesystems.com/api"
authentication:
type: apikey
header: "SEC"
value: "$secrets.qradar_token"
resources:
- name: offenses
path: "/siem/offenses/{{offense_id}}"
inputParameters:
- name: offense_id
in: path
operations:
- name: get-offense
method: GET
Red Hat Satellite Patch Compliance Pipeline
▼
patch-management compliance red-hat-satellite servicenow ansible-automation-platform microsoft-teams
Queries Red Hat Satellite for host patch compliance, creates ServiceNow change requests for non-compliant systems, schedules patching via Ansible Automation Platform, and notifies the infrastructure team in Teams.
naftiko: "0.5"
info:
label: "Red Hat Satellite Patch Compliance Pipeline"
description: "Queries Red Hat Satellite for host patch compliance, creates ServiceNow change requests for non-compliant systems, schedules patching via Ansible Automation Platform, and notifies the infrastructure team in Teams."
tags:
- patch-management
- compliance
- red-hat-satellite
- servicenow
- ansible-automation-platform
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: patch-compliance
port: 8080
tools:
- name: enforce-patch-compliance
description: "Given a Satellite host group, check patch compliance, create change requests, schedule remediation, and notify the team."
inputParameters:
- name: host_group
in: body
type: string
description: "The Red Hat Satellite host group name."
- name: errata_type
in: body
type: string
description: "The errata type to check (security, bugfix, enhancement)."
steps:
- name: get-compliance
type: call
call: "satellite.get-host-errata"
with:
host_group: "{{host_group}}"
type: "{{errata_type}}"
- name: create-change-request
type: call
call: "servicenow.create-change"
with:
short_description: "Patch non-compliant hosts: {{host_group}}"
description: "{{get-compliance.non_compliant_count}} hosts need {{errata_type}} patches."
category: "patching"
assigned_group: "Infrastructure_Ops"
- name: schedule-patching
type: call
call: "ansible.launch-job-template"
with:
job_template_id: "patch-hosts"
extra_vars:
host_group: "{{host_group}}"
errata_type: "{{errata_type}}"
- name: notify-infra
type: call
call: "msteams.send-channel-message"
with:
channel_id: "infrastructure-patching"
text: "Patch compliance: {{host_group}}. Non-compliant: {{get-compliance.non_compliant_count}}. Change: {{create-change-request.number}}. Ansible: {{schedule-patching.job_id}}."
consumes:
- type: http
namespace: satellite
baseUri: "https://satellite.baesystems.com/api/v2"
authentication:
type: basic
username: "$secrets.satellite_user"
password: "$secrets.satellite_password"
resources:
- name: host-errata
path: "/hostgroups/{{host_group}}/errata"
inputParameters:
- name: host_group
in: path
operations:
- name: get-host-errata
method: GET
- type: http
namespace: servicenow
baseUri: "https://baesystems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-change
method: POST
- type: http
namespace: ansible
baseUri: "https://ansible-tower.baesystems.com/api/v2"
authentication:
type: bearer
token: "$secrets.ansible_tower_token"
resources:
- name: job-templates
path: "/job_templates/{{job_template_id}}/launch/"
inputParameters:
- name: job_template_id
in: path
operations:
- name: launch-job-template
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
SAP Purchase Order Status
▼
supply-chain procurement sap erp
Looks up a SAP purchase order by number and returns header status, vendor, total value, and delivery date. Used by defense supply chain teams to check PO health.
naftiko: "0.5"
info:
label: "SAP Purchase Order Status"
description: "Looks up a SAP purchase order by number and returns header status, vendor, total value, and delivery date. Used by defense supply chain teams to check PO health."
tags:
- supply-chain
- procurement
- sap
- erp
capability:
exposes:
- type: mcp
namespace: supply-chain-erp
port: 8080
tools:
- name: get-purchase-order
description: "Look up a SAP purchase order by PO number. Returns header status, vendor, total value, currency, and delivery date."
inputParameters:
- name: po_number
in: body
type: string
description: "The SAP purchase order number (10-digit)."
call: "sap.get-po"
with:
po_number: "{{po_number}}"
outputParameters:
- name: status
type: string
mapping: "$.d.OverallStatus"
- name: vendor
type: string
mapping: "$.d.Supplier.CompanyName"
- name: total_value
type: string
mapping: "$.d.TotalAmount"
- name: currency
type: string
mapping: "$.d.TransactionCurrency"
- name: delivery_date
type: string
mapping: "$.d.DeliveryDate"
consumes:
- type: http
namespace: sap
baseUri: "https://bae-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
inputParameters:
- name: Accept
in: header
value: "application/json"
- name: sap-client
in: header
value: "100"
resources:
- name: purchase-orders
path: "/A_PurchaseOrder('{{po_number}}')"
inputParameters:
- name: po_number
in: path
operations:
- name: get-po
method: GET
Security Clearance Verification Pipeline
▼
security servicenow okta slack
Validates clearance status, checks access requirements, updates access control, and notifies security.
naftiko: "0.5"
info:
label: "Security Clearance Verification Pipeline"
description: "Validates clearance status, checks access requirements, updates access control, and notifies security."
tags:
- security
- servicenow
- okta
- slack
capability:
exposes:
- type: mcp
namespace: security
port: 8080
tools:
- name: security_clearance_verification_pipeline
description: "Orchestrate security clearance verification pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-servicenow
type: call
call: "servicenow.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-okta
type: call
call: "okta.process-resource"
with:
data: "{{get-servicenow.result}}"
- name: create-slack
type: call
call: "slack.create-resource"
with:
channel: "{{notification_channel}}"
text: "Security Clearance Verification Pipeline step 3 complete."
consumes:
- type: http
namespace: servicenow
baseUri: "https://bae-systems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: servicenow-op
method: POST
- type: http
namespace: okta
baseUri: "https://bae-systems.okta.com/api/v1"
authentication:
type: apiKey
key: "$secrets.okta_api_token"
header: "Authorization"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: okta-op
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: slack-op
method: POST
Security Incident Response Pipeline
▼
security splunk servicenow pagerduty
Detects security incidents, enriches with context, creates response tickets, and notifies the SOC.
naftiko: "0.5"
info:
label: "Security Incident Response Pipeline"
description: "Detects security incidents, enriches with context, creates response tickets, and notifies the SOC."
tags:
- security
- splunk
- servicenow
- pagerduty
capability:
exposes:
- type: mcp
namespace: security
port: 8080
tools:
- name: security_incident_response_pipeline
description: "Orchestrate security incident response pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-splunk
type: call
call: "splunk.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-servicenow
type: call
call: "servicenow.process-resource"
with:
data: "{{get-splunk.result}}"
- name: create-pagerduty
type: call
call: "pagerduty.create-resource"
with:
channel: "{{notification_channel}}"
text: "Security Incident Response Pipeline step 3 complete."
consumes:
- type: http
namespace: splunk
baseUri: "https://bae-systems-splunk.com/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: splunk-op
method: POST
- type: http
namespace: servicenow
baseUri: "https://bae-systems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: servicenow-op
method: POST
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: pagerduty-op
method: POST
Selenium Regression Test Report Pipeline
▼
qa test-automation selenium jenkins jira microsoft-teams
Triggers Selenium test execution via Jenkins, collects results, creates Jira defects for failures, and posts the test report summary to the QA Teams channel.
naftiko: "0.5"
info:
label: "Selenium Regression Test Report Pipeline"
description: "Triggers Selenium test execution via Jenkins, collects results, creates Jira defects for failures, and posts the test report summary to the QA Teams channel."
tags:
- qa
- test-automation
- selenium
- jenkins
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: regression-testing
port: 8080
tools:
- name: run-regression-suite
description: "Given a Jenkins job name for the Selenium suite, trigger the run, create defects for failures, and notify QA."
inputParameters:
- name: job_name
in: body
type: string
description: "The Jenkins job name for the Selenium test suite."
- name: environment
in: body
type: string
description: "The target test environment (e.g., staging, pre-prod)."
steps:
- name: trigger-tests
type: call
call: "jenkins.build-job"
with:
job_name: "{{job_name}}"
- name: create-defect
type: call
call: "jira.create-issue"
with:
project: "QA"
issuetype: "Bug"
summary: "Regression failure: {{job_name}} on {{environment}}"
description: "Jenkins build: {{trigger-tests.queue_url}}. Environment: {{environment}}."
- name: notify-qa
type: call
call: "msteams.send-channel-message"
with:
channel_id: "qa-automation"
text: "Regression suite {{job_name}} triggered on {{environment}}. Jenkins: {{trigger-tests.queue_url}}. Defect: {{create-defect.key}}."
consumes:
- type: http
namespace: jenkins
baseUri: "https://jenkins.baesystems.com"
authentication:
type: basic
username: "$secrets.jenkins_user"
password: "$secrets.jenkins_api_token"
resources:
- name: jobs
path: "/job/{{job_name}}/build"
inputParameters:
- name: job_name
in: path
operations:
- name: build-job
method: POST
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
# === SIMPLE (call) CAPABILITIES: 15 entries ===
ServiceNow Incident Lookup
▼
it-operations incident-management servicenow
Retrieves a ServiceNow incident by number and returns priority, state, assigned group, and short description. Used by IT operations to quickly check incident status.
naftiko: "0.5"
info:
label: "ServiceNow Incident Lookup"
description: "Retrieves a ServiceNow incident by number and returns priority, state, assigned group, and short description. Used by IT operations to quickly check incident status."
tags:
- it-operations
- incident-management
- servicenow
capability:
exposes:
- type: mcp
namespace: it-incidents
port: 8080
tools:
- name: get-incident
description: "Look up a ServiceNow incident by number. Returns priority, state, assigned group, and description."
inputParameters:
- name: incident_number
in: body
type: string
description: "The ServiceNow incident number (e.g., INC0012345)."
call: "servicenow.get-incident"
with:
incident_number: "{{incident_number}}"
outputParameters:
- name: priority
type: string
mapping: "$.result.priority"
- name: state
type: string
mapping: "$.result.state"
- name: assigned_group
type: string
mapping: "$.result.assignment_group.display_value"
- name: short_description
type: string
mapping: "$.result.short_description"
consumes:
- type: http
namespace: servicenow
baseUri: "https://baesystems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident?sysparm_query=number={{incident_number}}"
inputParameters:
- name: incident_number
in: query
operations:
- name: get-incident
method: GET
SIEM Incident Escalation Pipeline
▼
cybersecurity siem microsoft-sentinel azure-active-directory jira servicenow microsoft-teams
When Microsoft Sentinel detects a high-severity incident, enriches the alert with Azure AD user context, creates a Jira security incident, escalates via ServiceNow, and notifies the SOC lead in Teams.
naftiko: "0.5"
info:
label: "SIEM Incident Escalation Pipeline"
description: "When Microsoft Sentinel detects a high-severity incident, enriches the alert with Azure AD user context, creates a Jira security incident, escalates via ServiceNow, and notifies the SOC lead in Teams."
tags:
- cybersecurity
- siem
- microsoft-sentinel
- azure-active-directory
- jira
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: siem-escalation
port: 8080
tools:
- name: escalate-sentinel-incident
description: "Given a Sentinel incident ID, enrich with user context, create Jira and ServiceNow tickets, and alert the SOC lead."
inputParameters:
- name: incident_id
in: body
type: string
description: "The Microsoft Sentinel incident ID."
- name: workspace_id
in: body
type: string
description: "The Log Analytics workspace ID."
steps:
- name: get-sentinel-incident
type: call
call: "sentinel.get-incident"
with:
workspace_id: "{{workspace_id}}"
incident_id: "{{incident_id}}"
- name: get-affected-user
type: call
call: "azuread.get-user"
with:
upn: "{{get-sentinel-incident.owner_upn}}"
- name: create-jira-incident
type: call
call: "jira.create-issue"
with:
project: "SECINC"
issuetype: "Bug"
summary: "Sentinel Alert: {{get-sentinel-incident.title}}"
description: "Severity: {{get-sentinel-incident.severity}}. Affected user: {{get-affected-user.display_name}}. Tactics: {{get-sentinel-incident.tactics}}."
- name: escalate-servicenow
type: call
call: "servicenow.create-incident"
with:
short_description: "SIEM Escalation: {{get-sentinel-incident.title}}"
category: "security"
priority: "1"
description: "Sentinel incident {{incident_id}}. Severity: {{get-sentinel-incident.severity}}. Jira: {{create-jira-incident.key}}."
- name: notify-soc-lead
type: call
call: "msteams.send-channel-message"
with:
channel_id: "soc-escalations"
text: "HIGH SEVERITY: {{get-sentinel-incident.title}}. Affected: {{get-affected-user.display_name}}. Jira: {{create-jira-incident.key}}. ServiceNow: {{escalate-servicenow.number}}."
consumes:
- type: http
namespace: sentinel
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_mgmt_token"
resources:
- name: incidents
path: "/subscriptions/{{workspace_id}}/providers/Microsoft.SecurityInsights/incidents/{{incident_id}}"
inputParameters:
- name: workspace_id
in: path
- name: incident_id
in: path
operations:
- name: get-incident
method: GET
- type: http
namespace: azuread
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: users
path: "/users/{{upn}}"
inputParameters:
- name: upn
in: path
operations:
- name: get-user
method: GET
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: servicenow
baseUri: "https://baesystems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
SLA Compliance Monitoring Pipeline
▼
operations datadog servicenow powerbi
Monitors service levels, detects SLA breaches, creates escalation tickets, and reports to management.
naftiko: "0.5"
info:
label: "SLA Compliance Monitoring Pipeline"
description: "Monitors service levels, detects SLA breaches, creates escalation tickets, and reports to management."
tags:
- operations
- datadog
- servicenow
- powerbi
capability:
exposes:
- type: mcp
namespace: operations
port: 8080
tools:
- name: sla_compliance_monitoring_pipeline
description: "Orchestrate sla compliance monitoring pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-datadog
type: call
call: "datadog.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-servicenow
type: call
call: "servicenow.process-resource"
with:
data: "{{get-datadog.result}}"
- name: create-powerbi
type: call
call: "powerbi.create-resource"
with:
channel: "{{notification_channel}}"
text: "SLA Compliance Monitoring Pipeline step 3 complete."
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apiKey
key: "$secrets.datadog_api_key"
header: "DD-API-KEY"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: datadog-op
method: POST
- type: http
namespace: servicenow
baseUri: "https://bae-systems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: servicenow-op
method: POST
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: powerbi-op
method: POST
Software License Optimization Pipeline
▼
operations servicenow snowflake slack
Audits license usage, identifies underutilized licenses, recommends optimization, and notifies IT.
naftiko: "0.5"
info:
label: "Software License Optimization Pipeline"
description: "Audits license usage, identifies underutilized licenses, recommends optimization, and notifies IT."
tags:
- operations
- servicenow
- snowflake
- slack
capability:
exposes:
- type: mcp
namespace: operations
port: 8080
tools:
- name: software_license_optimization
description: "Orchestrate software license optimization pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-servicenow
type: call
call: "servicenow.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-confluence
type: call
call: "confluence.process-resource"
with:
data: "{{get-servicenow.result}}"
- name: create-slack
type: call
call: "slack.create-resource"
with:
channel: "{{notification_channel}}"
text: "Software License Optimization Pipeline step 3 complete."
consumes:
- type: http
namespace: servicenow
baseUri: "https://bae-systems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: servicenow-op
method: POST
- type: http
namespace: confluence
baseUri: "https://bae-systems.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: confluence-op
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: slack-op
method: POST
Splunk Security Event Query
▼
cybersecurity siem splunk
Runs a Splunk search for security events within a time range and returns matching event count and categories. Used by the SOC for rapid threat triage.
naftiko: "0.5"
info:
label: "Splunk Security Event Query"
description: "Runs a Splunk search for security events within a time range and returns matching event count and categories. Used by the SOC for rapid threat triage."
tags:
- cybersecurity
- siem
- splunk
capability:
exposes:
- type: mcp
namespace: soc-splunk
port: 8080
tools:
- name: search-security-events
description: "Execute a Splunk search query for security events and return summary results."
inputParameters:
- name: search_query
in: body
type: string
description: "The Splunk SPL search query string."
- name: earliest_time
in: body
type: string
description: "Start of time range (e.g., -24h)."
call: "splunk.create-search"
with:
search: "{{search_query}}"
earliest_time: "{{earliest_time}}"
outputParameters:
- name: event_count
type: integer
mapping: "$.entry[0].content.eventCount"
- name: results
type: array
mapping: "$.entry[0].content.results"
consumes:
- type: http
namespace: splunk
baseUri: "https://splunk.baesystems.com:8089/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: searches
path: "/search/jobs"
operations:
- name: create-search
method: POST
Splunk SOC Alert Enrichment Pipeline
▼
cybersecurity siem splunk azure-active-directory tanium servicenow microsoft-teams
When Splunk detects a notable security event, enriches it with Azure AD user context and Tanium endpoint data, then creates a ServiceNow security incident and alerts the SOC in Teams.
naftiko: "0.5"
info:
label: "Splunk SOC Alert Enrichment Pipeline"
description: "When Splunk detects a notable security event, enriches it with Azure AD user context and Tanium endpoint data, then creates a ServiceNow security incident and alerts the SOC in Teams."
tags:
- cybersecurity
- siem
- splunk
- azure-active-directory
- tanium
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: soc-enrichment
port: 8080
tools:
- name: enrich-splunk-alert
description: "Given a Splunk notable event ID, enrich with user and endpoint context, create an incident, and alert the SOC."
inputParameters:
- name: notable_event_id
in: body
type: string
description: "The Splunk notable event ID."
- name: user_upn
in: body
type: string
description: "The affected user principal name."
- name: hostname
in: body
type: string
description: "The affected endpoint hostname."
steps:
- name: get-notable-event
type: call
call: "splunk.get-notable"
with:
event_id: "{{notable_event_id}}"
- name: get-user-context
type: call
call: "azuread.get-user"
with:
upn: "{{user_upn}}"
- name: get-endpoint-data
type: call
call: "tanium.get-endpoint"
with:
hostname: "{{hostname}}"
- name: create-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "SOC Alert: {{get-notable-event.rule_name}}"
category: "security"
priority: "{{get-notable-event.urgency}}"
description: "User: {{get-user-context.display_name}} ({{get-user-context.department}}). Endpoint: {{hostname}} (OS: {{get-endpoint-data.os_version}})."
- name: alert-soc
type: call
call: "msteams.send-channel-message"
with:
channel_id: "soc-alerts"
text: "SOC Alert: {{get-notable-event.rule_name}}. User: {{get-user-context.display_name}}. Host: {{hostname}}. ServiceNow: {{create-incident.number}}."
consumes:
- type: http
namespace: splunk
baseUri: "https://splunk.baesystems.com:8089/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: notable-events
path: "/notable/{{event_id}}"
inputParameters:
- name: event_id
in: path
operations:
- name: get-notable
method: GET
- type: http
namespace: azuread
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: users
path: "/users/{{upn}}"
inputParameters:
- name: upn
in: path
operations:
- name: get-user
method: GET
- type: http
namespace: tanium
baseUri: "https://tanium.baesystems.com/api/v2"
authentication:
type: bearer
token: "$secrets.tanium_token"
resources:
- name: endpoints
path: "/endpoints?hostname={{hostname}}"
inputParameters:
- name: hostname
in: query
operations:
- name: get-endpoint
method: GET
- type: http
namespace: servicenow
baseUri: "https://baesystems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Supply Chain Parts Shortage Escalation
▼
supply-chain procurement sap oracle jira sharepoint microsoft-teams
When SAP detects a critical parts shortage for a defense program, queries Oracle for alternate suppliers, creates a Jira procurement task, updates the SharePoint supply chain tracker, and alerts the program manager in Teams.
naftiko: "0.5"
info:
label: "Supply Chain Parts Shortage Escalation"
description: "When SAP detects a critical parts shortage for a defense program, queries Oracle for alternate suppliers, creates a Jira procurement task, updates the SharePoint supply chain tracker, and alerts the program manager in Teams."
tags:
- supply-chain
- procurement
- sap
- oracle
- jira
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: supply-chain-escalation
port: 8080
tools:
- name: escalate-parts-shortage
description: "Given a SAP material number and program ID, find alternate suppliers, create a procurement task, update the tracker, and notify the PM."
inputParameters:
- name: material_number
in: body
type: string
description: "The SAP material master number."
- name: program_id
in: body
type: string
description: "The defense program identifier."
- name: quantity_needed
in: body
type: integer
description: "The quantity of parts needed."
steps:
- name: get-material
type: call
call: "sap.get-material"
with:
material_number: "{{material_number}}"
- name: find-alternates
type: call
call: "oracle.search-suppliers"
with:
commodity_code: "{{get-material.commodity_code}}"
- name: create-procurement-task
type: call
call: "jira.create-issue"
with:
project: "PROCURE"
issuetype: "Task"
summary: "Parts shortage: {{get-material.description}} ({{material_number}})"
description: "Program {{program_id}} needs {{quantity_needed}} units. Lead time: {{get-material.lead_time_days}} days. Alternates: {{find-alternates.supplier_count}}."
- name: update-tracker
type: call
call: "sharepoint.update-list-item"
with:
site_id: "supply-chain-ops"
list_name: "ShortageTracker"
fields:
MaterialNumber: "{{material_number}}"
ProgramID: "{{program_id}}"
Status: "Escalated"
- name: notify-pm
type: call
call: "msteams.send-channel-message"
with:
channel_id: "program-{{program_id}}"
text: "PARTS SHORTAGE: {{get-material.description}} ({{material_number}}). Need {{quantity_needed}} units. {{find-alternates.supplier_count}} alternates found. Jira: {{create-procurement-task.key}}."
consumes:
- type: http
namespace: sap
baseUri: "https://bae-s4.sap.com/sap/opu/odata/sap/API_PRODUCT_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: materials
path: "/A_Product('{{material_number}}')"
inputParameters:
- name: material_number
in: path
operations:
- name: get-material
method: GET
- type: http
namespace: oracle
baseUri: "https://oracle-procurement.baesystems.com/fscmRestApi/resources/v2"
authentication:
type: basic
username: "$secrets.oracle_user"
password: "$secrets.oracle_password"
resources:
- name: suppliers
path: "/suppliers"
operations:
- name: search-suppliers
method: GET
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: list-items
path: "/{{site_id}}/lists/{{list_name}}/items"
inputParameters:
- name: site_id
in: path
- name: list_name
in: path
operations:
- name: update-list-item
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
System Integration Test Pipeline
▼
engineering jira confluence slack
Orchestrates integration tests, collects results, flags failures, and notifies test engineers.
naftiko: "0.5"
info:
label: "System Integration Test Pipeline"
description: "Orchestrates integration tests, collects results, flags failures, and notifies test engineers."
tags:
- engineering
- jira
- confluence
- slack
capability:
exposes:
- type: mcp
namespace: engineering
port: 8080
tools:
- name: system_integration_test_pipeline
description: "Orchestrate system integration test pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-jira
type: call
call: "jira.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-confluence
type: call
call: "confluence.process-resource"
with:
data: "{{get-jira.result}}"
- name: create-slack
type: call
call: "slack.create-resource"
with:
channel: "{{notification_channel}}"
text: "System Integration Test Pipeline step 3 complete."
consumes:
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: jira-op
method: POST
- type: http
namespace: confluence
baseUri: "https://bae-systems.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: confluence-op
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: slack-op
method: POST
Terraform Infrastructure Drift Remediation
▼
infrastructure iac terraform servicenow ansible-automation-platform microsoft-teams
Checks Terraform Cloud for workspace drift, creates a ServiceNow change request if drift is detected, triggers an Ansible remediation playbook, and notifies the platform team in Teams.
naftiko: "0.5"
info:
label: "Terraform Infrastructure Drift Remediation"
description: "Checks Terraform Cloud for workspace drift, creates a ServiceNow change request if drift is detected, triggers an Ansible remediation playbook, and notifies the platform team in Teams."
tags:
- infrastructure
- iac
- terraform
- servicenow
- ansible-automation-platform
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: drift-remediation
port: 8080
tools:
- name: remediate-drift
description: "Given a Terraform workspace, check for drift, create a change request, trigger remediation, and notify the team."
inputParameters:
- name: organization
in: body
type: string
description: "The Terraform Cloud organization."
- name: workspace_name
in: body
type: string
description: "The Terraform workspace name."
steps:
- name: check-drift
type: call
call: "terraform.get-workspace"
with:
organization: "{{organization}}"
workspace_name: "{{workspace_name}}"
- name: create-change
type: call
call: "servicenow.create-change"
with:
short_description: "Terraform drift remediation: {{workspace_name}}"
description: "Drift detected in {{workspace_name}}. Resources: {{check-drift.resource_count}}."
category: "infrastructure"
- name: trigger-remediation
type: call
call: "ansible.launch-job-template"
with:
job_template_id: "terraform-apply"
extra_vars:
workspace: "{{workspace_name}}"
- name: notify-platform
type: call
call: "msteams.send-channel-message"
with:
channel_id: "platform-engineering"
text: "Drift detected in {{workspace_name}}. Change: {{create-change.number}}. Remediation job: {{trigger-remediation.job_id}}."
consumes:
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: workspaces
path: "/organizations/{{organization}}/workspaces/{{workspace_name}}"
inputParameters:
- name: organization
in: path
- name: workspace_name
in: path
operations:
- name: get-workspace
method: GET
- type: http
namespace: servicenow
baseUri: "https://baesystems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-change
method: POST
- type: http
namespace: ansible
baseUri: "https://ansible-tower.baesystems.com/api/v2"
authentication:
type: bearer
token: "$secrets.ansible_tower_token"
resources:
- name: job-templates
path: "/job_templates/{{job_template_id}}/launch/"
inputParameters:
- name: job_template_id
in: path
operations:
- name: launch-job-template
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Third-Party Integration Health Pipeline
▼
integrations datadog servicenow slack
Monitors integration endpoints, detects failures, creates support tickets, and notifies integration team.
naftiko: "0.5"
info:
label: "Third-Party Integration Health Pipeline"
description: "Monitors integration endpoints, detects failures, creates support tickets, and notifies integration team."
tags:
- integrations
- datadog
- servicenow
- slack
capability:
exposes:
- type: mcp
namespace: integrations
port: 8080
tools:
- name: third_party_integration_health_pipeline
description: "Orchestrate third-party integration health pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-datadog
type: call
call: "datadog.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-servicenow
type: call
call: "servicenow.process-resource"
with:
data: "{{get-datadog.result}}"
- name: create-slack
type: call
call: "slack.create-resource"
with:
channel: "{{notification_channel}}"
text: "Third-Party Integration Health Pipeline step 3 complete."
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apiKey
key: "$secrets.datadog_api_key"
header: "DD-API-KEY"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: datadog-op
method: POST
- type: http
namespace: servicenow
baseUri: "https://bae-systems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: servicenow-op
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: slack-op
method: POST
Training Compliance Tracker Pipeline
▼
compliance workday servicenow slack
Tracks mandatory training completion, sends reminders, escalates non-compliance, and reports status.
naftiko: "0.5"
info:
label: "Training Compliance Tracker Pipeline"
description: "Tracks mandatory training completion, sends reminders, escalates non-compliance, and reports status."
tags:
- compliance
- workday
- servicenow
- slack
capability:
exposes:
- type: mcp
namespace: compliance
port: 8080
tools:
- name: training_compliance_tracker_pipeline
description: "Orchestrate training compliance tracker pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-workday
type: call
call: "workday.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-servicenow
type: call
call: "servicenow.process-resource"
with:
data: "{{get-workday.result}}"
- name: create-slack
type: call
call: "slack.create-resource"
with:
channel: "{{notification_channel}}"
text: "Training Compliance Tracker Pipeline step 3 complete."
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-impl-services1.workday.com/ccx/api/v1/bae-systems"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: workday-op
method: POST
- type: http
namespace: servicenow
baseUri: "https://bae-systems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: servicenow-op
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: slack-op
method: POST
Vendor Risk Assessment Pipeline
▼
procurement servicenow confluence slack
Evaluates vendor security posture, scores risk, creates assessment records, and notifies procurement.
naftiko: "0.5"
info:
label: "Vendor Risk Assessment Pipeline"
description: "Evaluates vendor security posture, scores risk, creates assessment records, and notifies procurement."
tags:
- procurement
- servicenow
- confluence
- slack
capability:
exposes:
- type: mcp
namespace: procurement
port: 8080
tools:
- name: vendor_risk_assessment_pipeline
description: "Orchestrate vendor risk assessment pipeline workflow."
inputParameters:
- name: resource_id
in: body
type: string
description: "Primary resource identifier."
steps:
- name: get-servicenow
type: call
call: "servicenow.get-resource"
with:
resource_id: "{{resource_id}}"
- name: process-confluence
type: call
call: "confluence.process-resource"
with:
data: "{{get-servicenow.result}}"
- name: create-slack
type: call
call: "slack.create-resource"
with:
channel: "{{notification_channel}}"
text: "Vendor Risk Assessment Pipeline step 3 complete."
consumes:
- type: http
namespace: servicenow
baseUri: "https://bae-systems.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: servicenow-op
method: POST
- type: http
namespace: confluence
baseUri: "https://bae-systems.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: confluence-op
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: resources
path: "/resources/{{resource_id}}"
operations:
- name: slack-op
method: POST
VMware Infrastructure Capacity Planning
▼
infrastructure capacity-planning vmware databricks sharepoint microsoft-teams
Queries VMware vCenter for cluster resource utilization, generates a capacity forecast in Databricks, uploads the report to SharePoint, and alerts the infrastructure team in Teams.
naftiko: "0.5"
info:
label: "VMware Infrastructure Capacity Planning"
description: "Queries VMware vCenter for cluster resource utilization, generates a capacity forecast in Databricks, uploads the report to SharePoint, and alerts the infrastructure team in Teams."
tags:
- infrastructure
- capacity-planning
- vmware
- databricks
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: capacity-planning
port: 8080
tools:
- name: forecast-capacity
description: "Given a vCenter cluster name, collect utilization data, generate a forecast, upload the report, and notify the team."
inputParameters:
- name: cluster_name
in: body
type: string
description: "The vCenter cluster name."
steps:
- name: get-cluster-utilization
type: call
call: "vcenter.get-cluster-stats"
with:
cluster: "{{cluster_name}}"
- name: run-forecast
type: call
call: "databricks.run-job"
with:
job_id: "capacity-forecaster"
parameters:
cluster: "{{cluster_name}}"
cpu_util: "{{get-cluster-utilization.cpu_percent}}"
mem_util: "{{get-cluster-utilization.memory_percent}}"
- name: upload-report
type: call
call: "sharepoint.upload-file"
with:
site_id: "infrastructure-planning"
folder_path: "CapacityReports/{{cluster_name}}"
file_name: "capacity_forecast.pdf"
- name: notify-infra
type: call
call: "msteams.send-channel-message"
with:
channel_id: "infrastructure-capacity"
text: "Capacity Report: {{cluster_name}}. CPU: {{get-cluster-utilization.cpu_percent}}%. Memory: {{get-cluster-utilization.memory_percent}}%. Forecast: {{upload-report.url}}"
consumes:
- type: http
namespace: vcenter
baseUri: "https://vcenter.baesystems.com/api/vcenter"
authentication:
type: bearer
token: "$secrets.vcenter_session_token"
resources:
- name: cluster-stats
path: "/clusters/{{cluster}}/stats"
inputParameters:
- name: cluster
in: path
operations:
- name: get-cluster-stats
method: GET
- type: http
namespace: databricks
baseUri: "https://baesystems.cloud.databricks.com/api/2.1"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: jobs
path: "/jobs/run-now"
operations:
- name: run-job
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: drive-items
path: "/{{site_id}}/drive/root:/{{folder_path}}/{{file_name}}:/content"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
- name: file_name
in: path
operations:
- name: upload-file
method: PUT
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Wireshark Packet Capture Analysis Trigger
▼
network-security forensics wireshark amazon-s3 jira
Triggers a remote packet capture session on a defense network segment, stores the capture in Amazon S3, and creates a Jira analysis task for the network security team.
naftiko: "0.5"
info:
label: "Wireshark Packet Capture Analysis Trigger"
description: "Triggers a remote packet capture session on a defense network segment, stores the capture in Amazon S3, and creates a Jira analysis task for the network security team."
tags:
- network-security
- forensics
- wireshark
- amazon-s3
- jira
capability:
exposes:
- type: mcp
namespace: packet-capture
port: 8080
tools:
- name: trigger-packet-capture
description: "Given a network interface and duration, trigger a capture, store in S3, and create a Jira analysis task."
inputParameters:
- name: interface_id
in: body
type: string
description: "The network interface identifier for capture."
- name: duration_seconds
in: body
type: integer
description: "Capture duration in seconds."
- name: filter_expression
in: body
type: string
description: "BPF filter expression for the capture."
steps:
- name: start-capture
type: call
call: "netmon.start-capture"
with:
interface: "{{interface_id}}"
duration: "{{duration_seconds}}"
filter: "{{filter_expression}}"
- name: upload-to-s3
type: call
call: "s3.put-object"
with:
bucket: "bae-network-forensics"
key: "captures/{{start-capture.capture_id}}.pcap"
- name: create-analysis-task
type: call
call: "jira.create-issue"
with:
project: "NETSEC"
issuetype: "Task"
summary: "Analyze capture: {{start-capture.capture_id}}"
description: "Interface: {{interface_id}}. Duration: {{duration_seconds}}s. Filter: {{filter_expression}}. S3: s3://bae-network-forensics/captures/{{start-capture.capture_id}}.pcap"
consumes:
- type: http
namespace: netmon
baseUri: "https://netmon.baesystems.com/api/v1"
authentication:
type: bearer
token: "$secrets.netmon_token"
resources:
- name: captures
path: "/captures"
operations:
- name: start-capture
method: POST
- type: http
namespace: s3
baseUri: "https://bae-network-forensics.s3.amazonaws.com"
authentication:
type: aws-sigv4
region: "us-east-1"
access_key: "$secrets.aws_access_key"
secret_key: "$secrets.aws_secret_key"
resources:
- name: objects
path: "/{{key}}"
inputParameters:
- name: key
in: path
operations:
- name: put-object
method: PUT
- type: http
namespace: jira
baseUri: "https://bae-systems.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Workday Employee Lookup
▼
hr employee-data workday
Retrieves employee profile data from Workday by worker ID including name, department, cost center, and manager. Used by HR and program management teams.
naftiko: "0.5"
info:
label: "Workday Employee Lookup"
description: "Retrieves employee profile data from Workday by worker ID including name, department, cost center, and manager. Used by HR and program management teams."
tags:
- hr
- employee-data
- workday
capability:
exposes:
- type: mcp
namespace: hr-employee
port: 8080
tools:
- name: get-employee
description: "Look up a Workday employee by worker ID. Returns full name, department, cost center, and manager name."
inputParameters:
- name: worker_id
in: body
type: string
description: "The Workday worker ID."
call: "workday.get-worker"
with:
worker_id: "{{worker_id}}"
outputParameters:
- name: full_name
type: string
mapping: "$.worker.full_name"
- name: department
type: string
mapping: "$.worker.department"
- name: cost_center
type: string
mapping: "$.worker.cost_center"
- name: manager
type: string
mapping: "$.worker.manager.full_name"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET