Northrop Grumman Capabilities
Naftiko 0.5 capability definitions for Northrop Grumman - 100 capabilities showing integration workflows and service orchestrations.
Sort
Expand
Access Certification Campaign Orchestrator
▼
security okta snowflake jira
Launches Okta certification, queries Snowflake for hierarchies, and creates Jira tracking task.
naftiko: "0.5"
info:
label: "Access Certification Campaign Orchestrator"
description: "Launches Okta certification, queries Snowflake for hierarchies, and creates Jira tracking task."
tags:
- security
- okta
- snowflake
- jira
capability:
exposes:
- type: mcp
namespace: security
port: 8080
tools:
- name: access-orchestrate
description: "Launches Okta certification, queries Snowflake for hierarchies, and creates Jira tracking task."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "okta.get-user-groups"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "snowflake.run-query"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "jira.create-issue"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: okta
baseUri: "https://northropgrumman.okta.com/api/v1"
authentication:
type: bearer
token: "$secrets.okta_token"
resources:
- name: user-groups
path: "/users/{{{{user_id}}}}/groups"
operations:
- name: get-user-groups
method: GET
- type: http
namespace: snowflake
baseUri: "https://northropgrumman.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: jira
baseUri: "https://northrop-grumman.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Anthropic Contract Document Summarization
▼
ai content anthropic sharepoint contracts government-contracts
Submits government contract documents or technical specifications to Anthropic Claude for structured summarization, then saves the summary to a SharePoint program document library.
naftiko: "0.5"
info:
label: "Anthropic Contract Document Summarization"
description: "Submits government contract documents or technical specifications to Anthropic Claude for structured summarization, then saves the summary to a SharePoint program document library."
tags:
- ai
- content
- anthropic
- sharepoint
- contracts
- government-contracts
capability:
exposes:
- type: mcp
namespace: ai-content
port: 8080
tools:
- name: summarize-contract-document
description: "Given a contract document text and program name, submit to Anthropic Claude for structured summarization (key deliverables, milestones, compliance requirements) and save to the SharePoint program library. Use for RFP analysis, contract review, and CDRL summarization."
inputParameters:
- name: document_text
in: body
type: string
description: "The contract or technical document text to summarize."
- name: document_type
in: body
type: string
description: "Document type: rfp, contract, cdrl, or technical_spec."
- name: program_name
in: body
type: string
description: "The program name for filing the summary in SharePoint."
- name: sharepoint_site_id
in: body
type: string
description: "SharePoint site ID where the summary will be saved."
steps:
- name: generate-summary
type: call
call: "anthropic.create-message"
with:
model: "claude-3-5-sonnet-20241022"
content: "Summarize the following {{document_type}} for program {{program_name}}. Extract: key deliverables, milestones, compliance requirements, and contract value if present. Document: {{document_text}}"
- name: save-to-sharepoint
type: call
call: "sharepoint-docs.create-file"
with:
site_id: "{{sharepoint_site_id}}"
folder: "{{program_name}}/Summaries"
content: "{{generate-summary.text}}"
consumes:
- type: http
namespace: anthropic
baseUri: "https://api.anthropic.com/v1"
authentication:
type: apikey
key: "x-api-key"
value: "$secrets.anthropic_api_key"
placement: header
resources:
- name: messages
path: "/messages"
operations:
- name: create-message
method: POST
- type: http
namespace: sharepoint-docs
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: drive-items
path: "/sites/{{site_id}}/drive/root/children"
inputParameters:
- name: site_id
in: path
operations:
- name: create-file
method: POST
APM Latency Alert Handler
▼
monitoring datadog jira microsoft-teams
When Datadog detects latency, creates Jira performance ticket and alerts engineering via Teams.
naftiko: "0.5"
info:
label: "APM Latency Alert Handler"
description: "When Datadog detects latency, creates Jira performance ticket and alerts engineering via Teams."
tags:
- monitoring
- datadog
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: monitoring
port: 8080
tools:
- name: apm-orchestrate
description: "When Datadog detects latency, creates Jira performance ticket and alerts engineering via Teams."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "datadog.get-monitor"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "jira.create-issue"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apiKey
header: "DD-API-KEY"
key: "$secrets.datadog_api_key"
resources:
- name: monitors
path: "/monitor/{{{{monitor_id}}}}"
operations:
- name: get-monitor
method: GET
- type: http
namespace: jira
baseUri: "https://northrop-grumman.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
Ariba Contract Expiration Notification
▼
procurement sap-ariba snowflake microsoft-teams
Checks SAP Ariba for expiring contracts, queries Snowflake utilization, and sends Teams reminders.
naftiko: "0.5"
info:
label: "Ariba Contract Expiration Notification"
description: "Checks SAP Ariba for expiring contracts, queries Snowflake utilization, and sends Teams reminders."
tags:
- procurement
- sap-ariba
- snowflake
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: procurement
port: 8080
tools:
- name: ariba-orchestrate
description: "Checks SAP Ariba for expiring contracts, queries Snowflake utilization, and sends Teams reminders."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "ariba.get-vendor"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "snowflake.run-query"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: ariba
baseUri: "https://openapi.ariba.com/api/procurement/v2"
authentication:
type: bearer
token: "$secrets.ariba_token"
resources:
- name: vendors
path: "/vendors/{{{{vendor_id}}}}"
operations:
- name: get-vendor
method: GET
- type: http
namespace: snowflake
baseUri: "https://northropgrumman.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
Azure AD User Lookup
▼
identity azure microsoft-graph
Retrieves an Azure AD user profile by UPN.
naftiko: "0.5"
info:
label: "Azure AD User Lookup"
description: "Retrieves an Azure AD user profile by UPN."
tags:
- identity
- azure
- microsoft-graph
capability:
exposes:
- type: mcp
namespace: identity
port: 8080
tools:
- name: get-azure-ad-user
description: "Retrieves an Azure AD user profile by UPN."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary lookup parameter."
call: "msgraph.get-user"
with:
param_1: "{{param_1}}"
outputParameters:
- name: result
type: string
mapping: "$.result"
consumes:
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: get-user
path: "/users/{{{{upn}}}}"
operations:
- name: get-user
method: GET
Azure Cloud Cost Anomaly Alert
▼
cloud finops azure jira microsoft-teams
When Azure Cost Management detects a spending anomaly on a program account, creates a Jira FinOps review ticket and posts an alert to the program finance Teams channel.
naftiko: "0.5"
info:
label: "Azure Cloud Cost Anomaly Alert"
description: "When Azure Cost Management detects a spending anomaly on a program account, creates a Jira FinOps review ticket and posts an alert to the program finance Teams channel."
tags:
- cloud
- finops
- azure
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: cloud-finops
port: 8080
tools:
- name: handle-azure-cost-anomaly
description: "Given an Azure subscription ID, anomaly description, and estimated excess cost, create a Jira FinOps review task and notify the program finance Teams channel. Invoke when Azure Cost Management anomaly alerts fire."
inputParameters:
- name: subscription_id
in: body
type: string
description: "The Azure subscription ID experiencing the anomaly."
- name: anomaly_description
in: body
type: string
description: "Description of the cost anomaly."
- name: excess_cost_usd
in: body
type: number
description: "Estimated excess spend in USD."
steps:
- name: create-review-ticket
type: call
call: "jira-finops.create-issue"
with:
project_key: "FINOPS"
issuetype: "Task"
summary: "Azure cost anomaly: subscription {{subscription_id}} — ${{excess_cost_usd}}"
description: "{{anomaly_description}}"
- name: alert-program-finance
type: call
call: "msteams-finops.post-message"
with:
channel_id: "$secrets.program_finance_channel_id"
text: "Azure Cost Anomaly: Subscription {{subscription_id}} | ${{excess_cost_usd}} excess | Jira: {{create-review-ticket.key}}"
consumes:
- type: http
namespace: jira-finops
baseUri: "https://northropgrumman.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams-finops
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-message
method: POST
Azure Resource Group Cost Lookup
▼
cloud azure cost-management
Retrieves the current month cost summary for an Azure resource group.
naftiko: "0.5"
info:
label: "Azure Resource Group Cost Lookup"
description: "Retrieves the current month cost summary for an Azure resource group."
tags:
- cloud
- azure
- cost-management
capability:
exposes:
- type: mcp
namespace: cloud-finops
port: 8080
tools:
- name: get-resource-group-cost
description: "Retrieves the current month cost summary for an Azure resource group."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary lookup parameter."
call: "azure.get-cost-summary"
with:
param_1: "{{param_1}}"
outputParameters:
- name: result
type: string
mapping: "$.result"
consumes:
- type: http
namespace: azure
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: get-cost-summary
path: "/subscriptions/{{{{subscription_id}}}}/resourceGroups/{{{{resource_group}}}}/providers/Microsoft.CostManagement/query"
operations:
- name: get-cost-summary
method: POST
Backlog Grooming Summary Generator
▼
devops jira confluence microsoft-teams
Queries Jira for ungroomed backlog, generates Confluence summary, and notifies team via Teams.
naftiko: "0.5"
info:
label: "Backlog Grooming Summary Generator"
description: "Queries Jira for ungroomed backlog, generates Confluence summary, and notifies team via Teams."
tags:
- devops
- jira
- confluence
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: devops
port: 8080
tools:
- name: backlog-orchestrate
description: "Queries Jira for ungroomed backlog, generates Confluence summary, and notifies team via Teams."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "jira.create-issue"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "confluence.create-page"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: jira
baseUri: "https://northrop-grumman.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: confluence
baseUri: "https://northrop-grumman.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_password"
resources:
- name: pages
path: "/content"
operations:
- name: create-page
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
Benefits Enrollment Verification
▼
hr workday sap microsoft-teams
Verifies Workday benefits enrollment, checks SAP payroll deductions, and sends Teams confirmation.
naftiko: "0.5"
info:
label: "Benefits Enrollment Verification"
description: "Verifies Workday benefits enrollment, checks SAP payroll deductions, and sends Teams confirmation."
tags:
- hr
- workday
- sap
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: hr
port: 8080
tools:
- name: benefits-orchestrate
description: "Verifies Workday benefits enrollment, checks SAP payroll deductions, and sends Teams confirmation."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "workday.get-worker"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "sap.get-po"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/northrop-grumman/workers/{{worker_id}}"
operations:
- name: get-worker
method: GET
- type: http
namespace: sap
baseUri: "https://northropgrumman-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: purchase-orders
path: "/A_PurchaseOrder('{{{{po_number}}}}')"
operations:
- name: get-po
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
BI Refresh Failure Escalation
▼
analytics power-bi jira microsoft-teams
Detects Power BI refresh failure, creates Jira ticket, and sends Teams notification.
naftiko: "0.5"
info:
label: "BI Refresh Failure Escalation"
description: "Detects Power BI refresh failure, creates Jira ticket, and sends Teams notification."
tags:
- analytics
- power-bi
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: analytics
port: 8080
tools:
- name: bi-orchestrate
description: "Detects Power BI refresh failure, creates Jira ticket, and sends Teams notification."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "powerbi.trigger-refresh"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "jira.create-issue"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: refreshes
path: "/datasets/{{{{dataset_id}}}}/refreshes"
operations:
- name: trigger-refresh
method: POST
- type: http
namespace: jira
baseUri: "https://northrop-grumman.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
Branch Policy Enforcement Orchestrator
▼
devops github servicenow microsoft-teams
Audits GitHub repos for branch protection, applies policies, and reports via Teams.
naftiko: "0.5"
info:
label: "Branch Policy Enforcement Orchestrator"
description: "Audits GitHub repos for branch protection, applies policies, and reports via Teams."
tags:
- devops
- github
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: devops
port: 8080
tools:
- name: branch-orchestrate
description: "Audits GitHub repos for branch protection, applies policies, and reports via Teams."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "github.get-branch-protection"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "servicenow.create-incident"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: repos
path: "/repos/{{{{repo}}}}/branches/main/protection"
operations:
- name: get-branch-protection
method: GET
- type: http
namespace: servicenow
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
Cloud Cost Review Orchestrator
▼
finops azure snowflake jira microsoft-teams
Pulls Azure cost data, compares Snowflake forecasts, creates Jira ticket, and notifies via Teams.
naftiko: "0.5"
info:
label: "Cloud Cost Review Orchestrator"
description: "Pulls Azure cost data, compares Snowflake forecasts, creates Jira ticket, and notifies via Teams."
tags:
- finops
- azure
- snowflake
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: finops
port: 8080
tools:
- name: cloud-orchestrate
description: "Pulls Azure cost data, compares Snowflake forecasts, creates Jira ticket, and notifies via Teams."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "azure.get-resources"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "snowflake.run-query"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "jira.create-issue"
with:
input: "{{step-1.result}}"
- name: step-4
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: azure
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: resources
path: "/subscriptions"
operations:
- name: get-resources
method: GET
- type: http
namespace: snowflake
baseUri: "https://northropgrumman.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: jira
baseUri: "https://northrop-grumman.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
Compensation Change Approval Workflow
▼
hr workday sap microsoft-teams
Processes compensation change with Workday data, SAP budget check, and Teams approval notification.
naftiko: "0.5"
info:
label: "Compensation Change Approval Workflow"
description: "Processes compensation change with Workday data, SAP budget check, and Teams approval notification."
tags:
- hr
- workday
- sap
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: hr
port: 8080
tools:
- name: compensation-orchestrate
description: "Processes compensation change with Workday data, SAP budget check, and Teams approval notification."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "workday.get-worker"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "sap.get-po"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/northrop-grumman/workers/{{worker_id}}"
operations:
- name: get-worker
method: GET
- type: http
namespace: sap
baseUri: "https://northropgrumman-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: purchase-orders
path: "/A_PurchaseOrder('{{{{po_number}}}}')"
operations:
- name: get-po
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
Compliance Report Generator
▼
compliance splunk snowflake power-bi
Runs Splunk compliance search, exports to Snowflake, refreshes Power BI, and emails report.
naftiko: "0.5"
info:
label: "Compliance Report Generator"
description: "Runs Splunk compliance search, exports to Snowflake, refreshes Power BI, and emails report."
tags:
- compliance
- splunk
- snowflake
- power-bi
capability:
exposes:
- type: mcp
namespace: compliance
port: 8080
tools:
- name: compliance-orchestrate
description: "Runs Splunk compliance search, exports to Snowflake, refreshes Power BI, and emails report."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "splunk.run-search"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "snowflake.run-query"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "powerbi.trigger-refresh"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: splunk
baseUri: "https://splunk.northrop-grumman.com:8089/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: search
path: "/search/jobs"
operations:
- name: run-search
method: POST
- type: http
namespace: snowflake
baseUri: "https://northropgrumman.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: refreshes
path: "/datasets/{{{{dataset_id}}}}/refreshes"
operations:
- name: trigger-refresh
method: POST
Confluence Page Lookup
▼
knowledge-management confluence documentation
Retrieves a Confluence page by ID.
naftiko: "0.5"
info:
label: "Confluence Page Lookup"
description: "Retrieves a Confluence page by ID."
tags:
- knowledge-management
- confluence
- documentation
capability:
exposes:
- type: mcp
namespace: knowledge
port: 8080
tools:
- name: get-confluence-page
description: "Retrieves a Confluence page by ID."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary lookup parameter."
call: "confluence.get-page"
with:
param_1: "{{param_1}}"
outputParameters:
- name: result
type: string
mapping: "$.result"
consumes:
- type: http
namespace: confluence
baseUri: "https://northrop-grumman.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_password"
resources:
- name: get-page
path: "/content/{{{{page_id}}}}?expand=body.storage,version"
operations:
- name: get-page
method: GET
Contract Milestone Billing Workflow
▼
finance sap microsoft-teams
Retrieves SAP contract at milestone, creates billing document, and notifies manager via Teams.
naftiko: "0.5"
info:
label: "Contract Milestone Billing Workflow"
description: "Retrieves SAP contract at milestone, creates billing document, and notifies manager via Teams."
tags:
- finance
- sap
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: finance
port: 8080
tools:
- name: contract-orchestrate
description: "Retrieves SAP contract at milestone, creates billing document, and notifies manager via Teams."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "sap.get-po"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: sap
baseUri: "https://northropgrumman-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: purchase-orders
path: "/A_PurchaseOrder('{{{{po_number}}}}')"
operations:
- name: get-po
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
Contract Renewal Alert Workflow
▼
sales salesforce snowflake jira
Detects expiring Salesforce contracts, pulls Snowflake spend data, and creates Jira renewal task.
naftiko: "0.5"
info:
label: "Contract Renewal Alert Workflow"
description: "Detects expiring Salesforce contracts, pulls Snowflake spend data, and creates Jira renewal task."
tags:
- sales
- salesforce
- snowflake
- jira
capability:
exposes:
- type: mcp
namespace: sales
port: 8080
tools:
- name: contract-orchestrate
description: "Detects expiring Salesforce contracts, pulls Snowflake spend data, and creates Jira renewal task."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "salesforce.get-opportunity"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "snowflake.run-query"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "jira.create-issue"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: salesforce
baseUri: "https://northropgrumman.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/sobjects/Opportunity"
operations:
- name: get-opportunity
method: GET
- type: http
namespace: snowflake
baseUri: "https://northropgrumman.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: jira
baseUri: "https://northrop-grumman.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Contractor Access Provisioning Workflow
▼
security azure okta servicenow
Provisions contractor with Azure AD guest account, Okta groups, and ServiceNow tracking ticket.
naftiko: "0.5"
info:
label: "Contractor Access Provisioning Workflow"
description: "Provisions contractor with Azure AD guest account, Okta groups, and ServiceNow tracking ticket."
tags:
- security
- azure
- okta
- servicenow
capability:
exposes:
- type: mcp
namespace: security
port: 8080
tools:
- name: contractor-orchestrate
description: "Provisions contractor with Azure AD guest account, Okta groups, and ServiceNow tracking ticket."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "azure.get-resources"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "okta.get-user-groups"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "servicenow.create-incident"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: azure
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: resources
path: "/subscriptions"
operations:
- name: get-resources
method: GET
- type: http
namespace: okta
baseUri: "https://northropgrumman.okta.com/api/v1"
authentication:
type: bearer
token: "$secrets.okta_token"
resources:
- name: user-groups
path: "/users/{{{{user_id}}}}/groups"
operations:
- name: get-user-groups
method: GET
- type: http
namespace: servicenow
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Cross-Project Dependency Tracker
▼
devops jira confluence microsoft-teams
Identifies blocked Jira issues, generates Confluence dependency report, and alerts leads via Teams.
naftiko: "0.5"
info:
label: "Cross-Project Dependency Tracker"
description: "Identifies blocked Jira issues, generates Confluence dependency report, and alerts leads via Teams."
tags:
- devops
- jira
- confluence
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: devops
port: 8080
tools:
- name: cross-orchestrate
description: "Identifies blocked Jira issues, generates Confluence dependency report, and alerts leads via Teams."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "jira.create-issue"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "confluence.create-page"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: jira
baseUri: "https://northrop-grumman.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: confluence
baseUri: "https://northrop-grumman.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_password"
resources:
- name: pages
path: "/content"
operations:
- name: create-page
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
CrowdStrike Device Compliance Report
▼
security endpoint-security crowdstrike servicenow compliance microsoft-teams
Queries CrowdStrike for all managed endpoints that are out of compliance with the corporate security policy and creates a ServiceNow remediation task, alerting the SOC team in Teams.
naftiko: "0.5"
info:
label: "CrowdStrike Device Compliance Report"
description: "Queries CrowdStrike for all managed endpoints that are out of compliance with the corporate security policy and creates a ServiceNow remediation task, alerting the SOC team in Teams."
tags:
- security
- endpoint-security
- crowdstrike
- servicenow
- compliance
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: endpoint-compliance
port: 8080
tools:
- name: report-endpoint-compliance
description: "Query CrowdStrike for non-compliant endpoints (missing patches, outdated agent, policy violations) and create a ServiceNow remediation task. Post a compliance summary to the SOC Teams channel. Use for weekly endpoint security compliance reviews."
inputParameters:
- name: policy_id
in: body
type: string
description: "The CrowdStrike prevention policy ID to evaluate compliance against."
steps:
- name: get-non-compliant-devices
type: call
call: "crowdstrike-comp.list-devices-by-policy"
with:
policy_id: "{{policy_id}}"
- name: create-remediation-task
type: call
call: "servicenow-comp.create-task"
with:
short_description: "Endpoint compliance remediation: policy {{policy_id}}"
category: "security_compliance"
- name: notify-soc
type: call
call: "msteams-comp.post-message"
with:
channel_id: "$secrets.soc_channel_id"
text: "Endpoint Compliance: {{get-non-compliant-devices.count}} non-compliant devices for policy {{policy_id}}. Remediation task: {{create-remediation-task.number}}"
consumes:
- type: http
namespace: crowdstrike-comp
baseUri: "https://api.crowdstrike.com"
authentication:
type: bearer
token: "$secrets.crowdstrike_token"
resources:
- name: devices-by-policy
path: "/devices/queries/devices/v1"
inputParameters:
- name: policy_id
in: query
operations:
- name: list-devices-by-policy
method: GET
- type: http
namespace: servicenow-comp
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: tasks
path: "/table/sc_task"
operations:
- name: create-task
method: POST
- type: http
namespace: msteams-comp
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-message
method: POST
CrowdStrike Endpoint Status Lookup
▼
security crowdstrike endpoint
Queries CrowdStrike Falcon for endpoint details by device ID.
naftiko: "0.5"
info:
label: "CrowdStrike Endpoint Status Lookup"
description: "Queries CrowdStrike Falcon for endpoint details by device ID."
tags:
- security
- crowdstrike
- endpoint
capability:
exposes:
- type: mcp
namespace: security
port: 8080
tools:
- name: get-endpoint-status
description: "Queries CrowdStrike Falcon for endpoint details by device ID."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary lookup parameter."
call: "crowdstrike.get-device"
with:
param_1: "{{param_1}}"
outputParameters:
- name: result
type: string
mapping: "$.result"
consumes:
- type: http
namespace: crowdstrike
baseUri: "https://api.crowdstrike.com"
authentication:
type: bearer
token: "$secrets.crowdstrike_token"
resources:
- name: get-device
path: "/devices/entities/devices/v2?ids={{{{device_id}}}}"
operations:
- name: get-device
method: GET
CrowdStrike Endpoint Threat Response
▼
security endpoint-security crowdstrike servicenow pagerduty microsoft-teams
When CrowdStrike detects a high-severity endpoint threat, creates a ServiceNow security incident, pages the cybersecurity team via PagerDuty, and posts a war-room notification to the security Teams channel.
naftiko: "0.5"
info:
label: "CrowdStrike Endpoint Threat Response"
description: "When CrowdStrike detects a high-severity endpoint threat, creates a ServiceNow security incident, pages the cybersecurity team via PagerDuty, and posts a war-room notification to the security Teams channel."
tags:
- security
- endpoint-security
- crowdstrike
- servicenow
- pagerduty
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: security-ops
port: 8080
tools:
- name: handle-endpoint-threat
description: "Given a CrowdStrike detection ID, severity, and affected device, create a ServiceNow security incident, trigger PagerDuty escalation, and notify the SOC team in Teams. Invoke for any high or critical CrowdStrike detection on enterprise or classified endpoints."
inputParameters:
- name: detection_id
in: body
type: string
description: "The CrowdStrike detection event ID."
- name: severity
in: body
type: string
description: "Detection severity: critical, high, medium, or low."
- name: device_hostname
in: body
type: string
description: "The hostname of the affected endpoint."
- name: threat_name
in: body
type: string
description: "The name of the detected threat or malware family."
steps:
- name: contain-device
type: call
call: "crowdstrike-resp.contain-device"
with:
hostname: "{{device_hostname}}"
- name: create-security-incident
type: call
call: "servicenow-sec.create-incident"
with:
short_description: "CrowdStrike {{severity}} detection: {{threat_name}} on {{device_hostname}}"
category: "security_incident"
urgency: "1"
- name: page-soc
type: call
call: "pagerduty.trigger-incident"
with:
title: "Endpoint threat: {{threat_name}} on {{device_hostname}}"
severity: "{{severity}}"
incident_key: "cs-{{detection_id}}"
- name: notify-soc-team
type: call
call: "msteams-sec.post-message"
with:
channel_id: "$secrets.soc_channel_id"
text: "Endpoint Threat ({{severity}}): {{threat_name}} on {{device_hostname}} | Device contained | Incident: {{create-security-incident.number}} | PD: {{page-soc.incident_url}}"
consumes:
- type: http
namespace: crowdstrike-resp
baseUri: "https://api.crowdstrike.com"
authentication:
type: bearer
token: "$secrets.crowdstrike_token"
resources:
- name: device-actions
path: "/devices/entities/devices-actions/v2"
operations:
- name: contain-device
method: POST
- type: http
namespace: servicenow-sec
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.pagerduty_token"
placement: header
resources:
- name: incidents
path: "/incidents"
operations:
- name: trigger-incident
method: POST
- type: http
namespace: msteams-sec
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-message
method: POST
Data Quality Alert Workflow
▼
data snowflake servicenow microsoft-teams
Runs Snowflake data quality check, logs in ServiceNow, and notifies data engineering via Teams.
naftiko: "0.5"
info:
label: "Data Quality Alert Workflow"
description: "Runs Snowflake data quality check, logs in ServiceNow, and notifies data engineering via Teams."
tags:
- data
- snowflake
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: data
port: 8080
tools:
- name: data-orchestrate
description: "Runs Snowflake data quality check, logs in ServiceNow, and notifies data engineering via Teams."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "snowflake.run-query"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "servicenow.create-incident"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://northropgrumman.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: servicenow
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
Datadog Infrastructure Anomaly Response
▼
observability monitoring datadog servicenow pagerduty microsoft-teams
When Datadog detects an infrastructure anomaly on a mission-critical system, creates a ServiceNow incident, escalates via PagerDuty, and notifies the infrastructure team in Teams.
naftiko: "0.5"
info:
label: "Datadog Infrastructure Anomaly Response"
description: "When Datadog detects an infrastructure anomaly on a mission-critical system, creates a ServiceNow incident, escalates via PagerDuty, and notifies the infrastructure team in Teams."
tags:
- observability
- monitoring
- datadog
- servicenow
- pagerduty
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: observability-ops
port: 8080
tools:
- name: handle-infrastructure-anomaly
description: "Given a Datadog monitor ID and alert message, create a ServiceNow incident, trigger PagerDuty escalation, and notify the infrastructure team in Teams. Invoke for all critical and high infrastructure alerts."
inputParameters:
- name: monitor_id
in: body
type: string
description: "The Datadog monitor ID that fired."
- name: monitor_name
in: body
type: string
description: "The name of the triggering Datadog monitor."
- name: alert_message
in: body
type: string
description: "The alert message text from Datadog."
steps:
- name: create-incident
type: call
call: "servicenow-infra.create-incident"
with:
short_description: "Datadog alert: {{monitor_name}}"
category: "infrastructure"
urgency: "1"
- name: page-oncall
type: call
call: "pagerduty-infra.trigger-incident"
with:
title: "Infrastructure anomaly: {{monitor_name}}"
severity: "critical"
incident_key: "dd-{{monitor_id}}"
- name: notify-infra-team
type: call
call: "msteams-infra.post-message"
with:
channel_id: "$secrets.infra_channel_id"
text: "Infrastructure Alert: {{monitor_name}} | {{alert_message}} | Incident: {{create-incident.number}}"
consumes:
- type: http
namespace: servicenow-infra
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: pagerduty-infra
baseUri: "https://api.pagerduty.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.pagerduty_token"
placement: header
resources:
- name: incidents
path: "/incidents"
operations:
- name: trigger-incident
method: POST
- type: http
namespace: msteams-infra
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-message
method: POST
Datadog Service Health Check
▼
monitoring datadog observability
Queries Datadog for the current health status of a monitored service.
naftiko: "0.5"
info:
label: "Datadog Service Health Check"
description: "Queries Datadog for the current health status of a monitored service."
tags:
- monitoring
- datadog
- observability
capability:
exposes:
- type: mcp
namespace: observability
port: 8080
tools:
- name: get-service-health
description: "Queries Datadog for the current health status of a monitored service."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary lookup parameter."
call: "datadog.get-monitor"
with:
param_1: "{{param_1}}"
outputParameters:
- name: result
type: string
mapping: "$.result"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apiKey
header: "DD-API-KEY"
key: "$secrets.datadog_api_key"
resources:
- name: get-monitor
path: "/monitor/{{{{monitor_id}}}}"
operations:
- name: get-monitor
method: GET
Delivery Schedule Monitor and Alert
▼
logistics sap jira microsoft-teams
Monitors SAP delivery schedules, creates Jira follow-up task, and alerts supply chain via Teams.
naftiko: "0.5"
info:
label: "Delivery Schedule Monitor and Alert"
description: "Monitors SAP delivery schedules, creates Jira follow-up task, and alerts supply chain via Teams."
tags:
- logistics
- sap
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: logistics
port: 8080
tools:
- name: delivery-orchestrate
description: "Monitors SAP delivery schedules, creates Jira follow-up task, and alerts supply chain via Teams."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "sap.get-po"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "jira.create-issue"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: sap
baseUri: "https://northropgrumman-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: purchase-orders
path: "/A_PurchaseOrder('{{{{po_number}}}}')"
operations:
- name: get-po
method: GET
- type: http
namespace: jira
baseUri: "https://northrop-grumman.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
Dependabot to Jira Task Bridge
▼
devops github jira microsoft-teams
Retrieves GitHub Dependabot alerts, creates Jira tasks, and notifies security via Teams.
naftiko: "0.5"
info:
label: "Dependabot to Jira Task Bridge"
description: "Retrieves GitHub Dependabot alerts, creates Jira tasks, and notifies security via Teams."
tags:
- devops
- github
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: devops
port: 8080
tools:
- name: dependabot-orchestrate
description: "Retrieves GitHub Dependabot alerts, creates Jira tasks, and notifies security via Teams."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "github.get-branch-protection"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "jira.create-issue"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: repos
path: "/repos/{{{{repo}}}}/branches/main/protection"
operations:
- name: get-branch-protection
method: GET
- type: http
namespace: jira
baseUri: "https://northrop-grumman.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
Device Compliance Remediation
▼
security crowdstrike servicenow microsoft-teams
Checks CrowdStrike for non-compliant endpoints, assigns policies, creates ServiceNow task, and alerts via Teams.
naftiko: "0.5"
info:
label: "Device Compliance Remediation"
description: "Checks CrowdStrike for non-compliant endpoints, assigns policies, creates ServiceNow task, and alerts via Teams."
tags:
- security
- crowdstrike
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: security
port: 8080
tools:
- name: device-orchestrate
description: "Checks CrowdStrike for non-compliant endpoints, assigns policies, creates ServiceNow task, and alerts via Teams."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "crowdstrike.get-device"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "servicenow.create-incident"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: crowdstrike
baseUri: "https://api.crowdstrike.com"
authentication:
type: bearer
token: "$secrets.crowdstrike_token"
resources:
- name: devices
path: "/devices/entities/devices/v2"
operations:
- name: get-device
method: GET
- type: http
namespace: servicenow
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
Employee Offboarding and Clearance Suspension
▼
hr offboarding security workday microsoft-365 crowdstrike servicenow
When a termination is confirmed in Workday, disables the Microsoft 365 account, revokes CrowdStrike endpoint access, closes open ServiceNow tickets, and notifies the security officer and manager via Teams.
naftiko: "0.5"
info:
label: "Employee Offboarding and Clearance Suspension"
description: "When a termination is confirmed in Workday, disables the Microsoft 365 account, revokes CrowdStrike endpoint access, closes open ServiceNow tickets, and notifies the security officer and manager via Teams."
tags:
- hr
- offboarding
- security
- workday
- microsoft-365
- crowdstrike
- servicenow
capability:
exposes:
- type: mcp
namespace: hr-offboarding
port: 8080
tools:
- name: trigger-offboarding
description: "Given a Workday employee ID and termination date, disable Microsoft 365, revoke CrowdStrike endpoint policy, and notify the manager and security officer in Teams. Invoke on confirmed terminations, especially for cleared personnel."
inputParameters:
- name: employee_id
in: body
type: string
description: "The Workday worker ID of the departing employee."
- name: termination_date
in: body
type: string
description: "The employee's last day in YYYY-MM-DD format."
steps:
- name: get-employee
type: call
call: "workday-off.get-worker"
with:
worker_id: "{{employee_id}}"
- name: disable-m365
type: call
call: "msgraph-off.disable-user"
with:
user_upn: "{{get-employee.work_email}}"
- name: revoke-endpoint
type: call
call: "crowdstrike-off.contain-device"
with:
device_id: "{{get-employee.device_id}}"
- name: notify-security
type: call
call: "msteams-off.send-message"
with:
recipient_upn: "$secrets.security_officer_upn"
text: "Offboarding initiated for {{get-employee.full_name}} (last day: {{termination_date}}). Microsoft 365 and endpoint access revoked."
consumes:
- type: http
namespace: workday-off
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/northrop-grumman/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: msgraph-off
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: users
path: "/users/{{user_upn}}"
inputParameters:
- name: user_upn
in: path
operations:
- name: disable-user
method: PATCH
- type: http
namespace: crowdstrike-off
baseUri: "https://api.crowdstrike.com"
authentication:
type: bearer
token: "$secrets.crowdstrike_token"
resources:
- name: device-actions
path: "/devices/entities/devices-actions/v2"
operations:
- name: contain-device
method: POST
- type: http
namespace: msteams-off
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: chats
path: "/chats"
operations:
- name: send-message
method: POST
ETL Failure Recovery Workflow
▼
data snowflake jira microsoft-teams
Detects Snowflake ETL failure, creates Jira ticket, retries pipeline, and notifies via Teams.
naftiko: "0.5"
info:
label: "ETL Failure Recovery Workflow"
description: "Detects Snowflake ETL failure, creates Jira ticket, retries pipeline, and notifies via Teams."
tags:
- data
- snowflake
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: data
port: 8080
tools:
- name: etl-orchestrate
description: "Detects Snowflake ETL failure, creates Jira ticket, retries pipeline, and notifies via Teams."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "snowflake.run-query"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "jira.create-issue"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://northropgrumman.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: jira
baseUri: "https://northrop-grumman.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
Firewall Policy Change Approval
▼
security palo-alto-networks servicenow microsoft-teams
Submits firewall policy change, creates ServiceNow change, and notifies security via Teams.
naftiko: "0.5"
info:
label: "Firewall Policy Change Approval"
description: "Submits firewall policy change, creates ServiceNow change, and notifies security via Teams."
tags:
- security
- palo-alto-networks
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: security
port: 8080
tools:
- name: firewall-orchestrate
description: "Submits firewall policy change, creates ServiceNow change, and notifies security via Teams."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "paloalto.get-security-rule"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "servicenow.create-incident"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: paloalto
baseUri: "https://panorama.northrop-grumman.com/restapi/v10.2"
authentication:
type: bearer
token: "$secrets.paloalto_token"
resources:
- name: security-rules
path: "/Policies/SecurityRules"
operations:
- name: get-security-rule
method: GET
- type: http
namespace: servicenow
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
GitHub CI/CD Pipeline Failure Handler
▼
devops ci-cd github jira datadog microsoft-teams
When a GitHub Actions workflow fails on a protected branch, opens a Jira bug, creates a Datadog deployment event, and alerts the engineering team in Microsoft Teams.
naftiko: "0.5"
info:
label: "GitHub CI/CD Pipeline Failure Handler"
description: "When a GitHub Actions workflow fails on a protected branch, opens a Jira bug, creates a Datadog deployment event, and alerts the engineering team in Microsoft Teams."
tags:
- devops
- ci-cd
- github
- jira
- datadog
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: devops-ci
port: 8080
tools:
- name: handle-pipeline-failure
description: "Given a GitHub Actions run ID, repository, branch, failing job, and commit SHA, open a Jira bug, create a Datadog deployment event, and alert the engineering Teams channel. Invoke on protected-branch workflow failures."
inputParameters:
- name: run_id
in: body
type: string
description: "The GitHub Actions workflow run ID."
- name: repository
in: body
type: string
description: "The GitHub repository in owner/repo format."
- name: branch
in: body
type: string
description: "The branch on which the failure occurred."
- name: job_name
in: body
type: string
description: "The name of the failed job."
- name: commit_sha
in: body
type: string
description: "The commit SHA that triggered the run."
steps:
- name: create-bug
type: call
call: "jira-ci.create-issue"
with:
project_key: "TECH"
issuetype: "Bug"
summary: "[CI Failure] {{repository}} / {{branch}} — {{job_name}}"
- name: create-dd-event
type: call
call: "datadog-ci.create-event"
with:
title: "CI Failure: {{repository}} {{branch}}"
alert_type: "error"
- name: alert-engineering
type: call
call: "msteams-ci.post-message"
with:
channel_id: "$secrets.engineering_channel_id"
text: "Build Failure: {{repository}} | Branch: {{branch}} | Job: {{job_name}} | Jira: {{create-bug.key}}"
consumes:
- type: http
namespace: jira-ci
baseUri: "https://northropgrumman.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: datadog-ci
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: events
path: "/events"
operations:
- name: create-event
method: POST
- type: http
namespace: msteams-ci
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-message
method: POST
GitHub PR Security Review Orchestrator
▼
devops github crowdstrike
Runs GitHub security scan on PR, checks CrowdStrike for indicators, and posts review summary.
naftiko: "0.5"
info:
label: "GitHub PR Security Review Orchestrator"
description: "Runs GitHub security scan on PR, checks CrowdStrike for indicators, and posts review summary."
tags:
- devops
- github
- crowdstrike
capability:
exposes:
- type: mcp
namespace: devops
port: 8080
tools:
- name: github-orchestrate
description: "Runs GitHub security scan on PR, checks CrowdStrike for indicators, and posts review summary."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "github.get-branch-protection"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "crowdstrike.get-device"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: repos
path: "/repos/{{{{repo}}}}/branches/main/protection"
operations:
- name: get-branch-protection
method: GET
- type: http
namespace: crowdstrike
baseUri: "https://api.crowdstrike.com"
authentication:
type: bearer
token: "$secrets.crowdstrike_token"
resources:
- name: devices
path: "/devices/entities/devices/v2"
operations:
- name: get-device
method: GET
GitHub Repository Compliance Check
▼
devops github compliance
Checks a GitHub repository for branch protection compliance.
naftiko: "0.5"
info:
label: "GitHub Repository Compliance Check"
description: "Checks a GitHub repository for branch protection compliance."
tags:
- devops
- github
- compliance
capability:
exposes:
- type: mcp
namespace: devops
port: 8080
tools:
- name: check-repo-compliance
description: "Checks a GitHub repository for branch protection compliance."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary lookup parameter."
call: "github.get-branch-protection"
with:
param_1: "{{param_1}}"
outputParameters:
- name: result
type: string
mapping: "$.result"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: get-branch-protection
path: "/repos/{{{{repo}}}}/branches/main/protection"
operations:
- name: get-branch-protection
method: GET
Goods Receipt to Quality Inspection
▼
logistics sap servicenow microsoft-teams
Creates SAP quality inspection from goods receipt, logs in ServiceNow, and notifies QA via Teams.
naftiko: "0.5"
info:
label: "Goods Receipt to Quality Inspection"
description: "Creates SAP quality inspection from goods receipt, logs in ServiceNow, and notifies QA via Teams."
tags:
- logistics
- sap
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: logistics
port: 8080
tools:
- name: goods-orchestrate
description: "Creates SAP quality inspection from goods receipt, logs in ServiceNow, and notifies QA via Teams."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "sap.get-po"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "servicenow.create-incident"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: sap
baseUri: "https://northropgrumman-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: purchase-orders
path: "/A_PurchaseOrder('{{{{po_number}}}}')"
operations:
- name: get-po
method: GET
- type: http
namespace: servicenow
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
Headcount Forecast Report Generator
▼
hr snowflake power-bi microsoft-teams
Pulls Snowflake headcount, refreshes Power BI dashboard, and notifies leadership via Teams.
naftiko: "0.5"
info:
label: "Headcount Forecast Report Generator"
description: "Pulls Snowflake headcount, refreshes Power BI dashboard, and notifies leadership via Teams."
tags:
- hr
- snowflake
- power-bi
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: hr
port: 8080
tools:
- name: headcount-orchestrate
description: "Pulls Snowflake headcount, refreshes Power BI dashboard, and notifies leadership via Teams."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "snowflake.run-query"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "powerbi.trigger-refresh"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://northropgrumman.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: refreshes
path: "/datasets/{{{{dataset_id}}}}/refreshes"
operations:
- name: trigger-refresh
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
Incident to Problem Escalation Workflow
▼
itsm servicenow splunk jira
Escalates recurring ServiceNow incidents to problems, correlates Splunk events, and creates Jira tasks.
naftiko: "0.5"
info:
label: "Incident to Problem Escalation Workflow"
description: "Escalates recurring ServiceNow incidents to problems, correlates Splunk events, and creates Jira tasks."
tags:
- itsm
- servicenow
- splunk
- jira
capability:
exposes:
- type: mcp
namespace: itsm
port: 8080
tools:
- name: incident-orchestrate
description: "Escalates recurring ServiceNow incidents to problems, correlates Splunk events, and creates Jira tasks."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "servicenow.create-incident"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "splunk.run-search"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "jira.create-issue"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: splunk
baseUri: "https://splunk.northrop-grumman.com:8089/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: search
path: "/search/jobs"
operations:
- name: run-search
method: POST
- type: http
namespace: jira
baseUri: "https://northrop-grumman.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Intercompany Transfer Orchestrator
▼
logistics sap snowflake microsoft-teams
Processes SAP intercompany transfer, logs in Snowflake audit, and notifies logistics via Teams.
naftiko: "0.5"
info:
label: "Intercompany Transfer Orchestrator"
description: "Processes SAP intercompany transfer, logs in Snowflake audit, and notifies logistics via Teams."
tags:
- logistics
- sap
- snowflake
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: logistics
port: 8080
tools:
- name: intercompany-orchestrate
description: "Processes SAP intercompany transfer, logs in Snowflake audit, and notifies logistics via Teams."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "sap.get-po"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "snowflake.run-query"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: sap
baseUri: "https://northropgrumman-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: purchase-orders
path: "/A_PurchaseOrder('{{{{po_number}}}}')"
operations:
- name: get-po
method: GET
- type: http
namespace: snowflake
baseUri: "https://northropgrumman.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
Invoice Three-Way Match Orchestrator
▼
finance sap servicenow
Compares invoice against SAP purchase order and goods receipt, then logs in ServiceNow.
naftiko: "0.5"
info:
label: "Invoice Three-Way Match Orchestrator"
description: "Compares invoice against SAP purchase order and goods receipt, then logs in ServiceNow."
tags:
- finance
- sap
- servicenow
capability:
exposes:
- type: mcp
namespace: finance
port: 8080
tools:
- name: invoice-orchestrate
description: "Compares invoice against SAP purchase order and goods receipt, then logs in ServiceNow."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "sap.get-po"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "servicenow.create-incident"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: sap
baseUri: "https://northropgrumman-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: purchase-orders
path: "/A_PurchaseOrder('{{{{po_number}}}}')"
operations:
- name: get-po
method: GET
- type: http
namespace: servicenow
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Jira Agile Sprint Status Report
▼
devops agile jira reporting microsoft-teams
Fetches the active sprint from Jira for an engineering program team and posts a status summary to the engineering Teams channel ahead of the daily standup.
naftiko: "0.5"
info:
label: "Jira Agile Sprint Status Report"
description: "Fetches the active sprint from Jira for an engineering program team and posts a status summary to the engineering Teams channel ahead of the daily standup."
tags:
- devops
- agile
- jira
- reporting
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: sprint-reporting
port: 8080
tools:
- name: get-sprint-status
description: "Given a Jira project key, fetch the active sprint and summarize issues by status, then post to the engineering Teams channel. Use for daily standups and program increment reviews."
inputParameters:
- name: project_key
in: body
type: string
description: "The Jira project key (e.g., TECH, ASAT)."
steps:
- name: get-active-sprint
type: call
call: "jira-sprint.get-active-sprint"
with:
project_key: "{{project_key}}"
- name: search-sprint-issues
type: call
call: "jira-sprint.search-issues"
with:
sprint_id: "{{get-active-sprint.sprint_id}}"
- name: post-report
type: call
call: "msteams-sprint.post-message"
with:
channel_id: "$secrets.engineering_channel_id"
text: "Sprint {{get-active-sprint.sprint_name}} ({{project_key}}): {{search-sprint-issues.todo_count}} To Do, {{search-sprint-issues.inprogress_count}} In Progress, {{search-sprint-issues.done_count}} Done."
consumes:
- type: http
namespace: jira-sprint
baseUri: "https://northropgrumman.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: sprints
path: "/project/{{project_key}}/sprints"
inputParameters:
- name: project_key
in: path
operations:
- name: get-active-sprint
method: GET
- name: issues
path: "/search"
operations:
- name: search-issues
method: POST
- type: http
namespace: msteams-sprint
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-message
method: POST
Jira Issue Detail Lookup
▼
devops jira project-management
Retrieves a Jira issue by key, returning summary, status, and assignee.
naftiko: "0.5"
info:
label: "Jira Issue Detail Lookup"
description: "Retrieves a Jira issue by key, returning summary, status, and assignee."
tags:
- devops
- jira
- project-management
capability:
exposes:
- type: mcp
namespace: project-management
port: 8080
tools:
- name: get-jira-issue
description: "Retrieves a Jira issue by key, returning summary, status, and assignee."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary lookup parameter."
call: "jira.get-issue"
with:
param_1: "{{param_1}}"
outputParameters:
- name: result
type: string
mapping: "$.result"
consumes:
- type: http
namespace: jira
baseUri: "https://northrop-grumman.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: get-issue
path: "/issue/{{{{issue_key}}}}"
operations:
- name: get-issue
method: GET
Knowledge Article Auto-Publisher
▼
itsm servicenow microsoft-teams
Generates ServiceNow knowledge article from resolved incident and shares via Teams.
naftiko: "0.5"
info:
label: "Knowledge Article Auto-Publisher"
description: "Generates ServiceNow knowledge article from resolved incident and shares via Teams."
tags:
- itsm
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: itsm
port: 8080
tools:
- name: knowledge-orchestrate
description: "Generates ServiceNow knowledge article from resolved incident and shares via Teams."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "servicenow.create-incident"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
Learning Assignment Orchestrator
▼
hr workday servicenow microsoft-teams
Assigns Workday Learning courses, tracks in ServiceNow, and sends Teams reminders.
naftiko: "0.5"
info:
label: "Learning Assignment Orchestrator"
description: "Assigns Workday Learning courses, tracks in ServiceNow, and sends Teams reminders."
tags:
- hr
- workday
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: hr
port: 8080
tools:
- name: learning-orchestrate
description: "Assigns Workday Learning courses, tracks in ServiceNow, and sends Teams reminders."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "workday.get-worker"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "servicenow.create-incident"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/northrop-grumman/workers/{{worker_id}}"
operations:
- name: get-worker
method: GET
- type: http
namespace: servicenow
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
License Reconciliation Workflow
▼
identity azure snowflake servicenow
Compares Azure AD licenses against Snowflake headcount and creates ServiceNow optimization task.
naftiko: "0.5"
info:
label: "License Reconciliation Workflow"
description: "Compares Azure AD licenses against Snowflake headcount and creates ServiceNow optimization task."
tags:
- identity
- azure
- snowflake
- servicenow
capability:
exposes:
- type: mcp
namespace: identity
port: 8080
tools:
- name: license-orchestrate
description: "Compares Azure AD licenses against Snowflake headcount and creates ServiceNow optimization task."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "azure.get-resources"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "snowflake.run-query"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "servicenow.create-incident"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: azure
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: resources
path: "/subscriptions"
operations:
- name: get-resources
method: GET
- type: http
namespace: snowflake
baseUri: "https://northropgrumman.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: servicenow
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Major Incident Communication Orchestrator
▼
itsm servicenow microsoft-teams
Retrieves P1 incident details, creates Teams bridge channel, and posts stakeholder updates.
naftiko: "0.5"
info:
label: "Major Incident Communication Orchestrator"
description: "Retrieves P1 incident details, creates Teams bridge channel, and posts stakeholder updates."
tags:
- itsm
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: itsm
port: 8080
tools:
- name: major-orchestrate
description: "Retrieves P1 incident details, creates Teams bridge channel, and posts stakeholder updates."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "servicenow.create-incident"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
Microsoft Teams Channel Notification
▼
collaboration microsoft-teams communication
Sends a notification message to a Microsoft Teams channel.
naftiko: "0.5"
info:
label: "Microsoft Teams Channel Notification"
description: "Sends a notification message to a Microsoft Teams channel."
tags:
- collaboration
- microsoft-teams
- communication
capability:
exposes:
- type: mcp
namespace: collaboration
port: 8080
tools:
- name: send-channel-notification
description: "Sends a notification message to a Microsoft Teams channel."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary lookup parameter."
call: "msteams.send-channel-message"
with:
param_1: "{{param_1}}"
outputParameters:
- name: result
type: string
mapping: "$.result"
consumes:
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: send-channel-message
path: "/teams/{{{{team_id}}}}/channels/{{{{channel_id}}}}/messages"
operations:
- name: send-channel-message
method: POST
Monitoring Alert to Jira Bridge
▼
monitoring datadog jira microsoft-teams
When Datadog alert fires, creates Jira incident ticket and posts Teams notification.
naftiko: "0.5"
info:
label: "Monitoring Alert to Jira Bridge"
description: "When Datadog alert fires, creates Jira incident ticket and posts Teams notification."
tags:
- monitoring
- datadog
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: monitoring
port: 8080
tools:
- name: monitoring-orchestrate
description: "When Datadog alert fires, creates Jira incident ticket and posts Teams notification."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "datadog.get-monitor"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "jira.create-issue"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apiKey
header: "DD-API-KEY"
key: "$secrets.datadog_api_key"
resources:
- name: monitors
path: "/monitor/{{{{monitor_id}}}}"
operations:
- name: get-monitor
method: GET
- type: http
namespace: jira
baseUri: "https://northrop-grumman.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
Okta User Group Membership Lookup
▼
security okta identity
Retrieves all Okta group memberships for a user.
naftiko: "0.5"
info:
label: "Okta User Group Membership Lookup"
description: "Retrieves all Okta group memberships for a user."
tags:
- security
- okta
- identity
capability:
exposes:
- type: mcp
namespace: identity
port: 8080
tools:
- name: get-user-groups
description: "Retrieves all Okta group memberships for a user."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary lookup parameter."
call: "okta.get-user-groups"
with:
param_1: "{{param_1}}"
outputParameters:
- name: result
type: string
mapping: "$.result"
consumes:
- type: http
namespace: okta
baseUri: "https://northropgrumman.okta.com/api/v1"
authentication:
type: bearer
token: "$secrets.okta_token"
resources:
- name: get-user-groups
path: "/users/{{{{user_id}}}}/groups"
operations:
- name: get-user-groups
method: GET
Open Enrollment Benefits Sync
▼
hr benefits open-enrollment workday adp microsoft-teams
During open enrollment, pulls eligible employees from Workday and syncs their benefit elections to ADP, then sends a Teams confirmation to each enrolling employee.
naftiko: "0.5"
info:
label: "Open Enrollment Benefits Sync"
description: "During open enrollment, pulls eligible employees from Workday and syncs their benefit elections to ADP, then sends a Teams confirmation to each enrolling employee."
tags:
- hr
- benefits
- open-enrollment
- workday
- adp
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: hr-benefits
port: 8080
tools:
- name: sync-benefit-elections
description: "Given an employee ID and benefit plan selection, sync the election from Workday to ADP and send a Teams confirmation. Use during open enrollment or qualifying life events."
inputParameters:
- name: employee_id
in: body
type: string
description: "The Workday worker ID of the enrolling employee."
- name: benefit_plan_id
in: body
type: string
description: "The ADP benefit plan ID selected by the employee."
steps:
- name: get-employee
type: call
call: "workday-ben.get-worker"
with:
worker_id: "{{employee_id}}"
- name: submit-election
type: call
call: "adp.update-benefit-election"
with:
associate_oid: "{{get-employee.adp_oid}}"
plan_id: "{{benefit_plan_id}}"
- name: confirm-enrollment
type: call
call: "msteams-ben.send-message"
with:
recipient_upn: "{{get-employee.work_email}}"
text: "Your benefit election for plan {{benefit_plan_id}} has been successfully submitted for review."
consumes:
- type: http
namespace: workday-ben
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/northrop-grumman/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: adp
baseUri: "https://api.adp.com"
authentication:
type: bearer
token: "$secrets.adp_token"
resources:
- name: benefit-elections
path: "/benefits/v2/workers/{{associate_oid}}/benefit-elections"
inputParameters:
- name: associate_oid
in: path
operations:
- name: update-benefit-election
method: POST
- type: http
namespace: msteams-ben
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: chats
path: "/chats"
operations:
- name: send-message
method: POST
Org Change to Identity Sync
▼
hr workday okta azure servicenow
Detects Workday org changes, updates Okta groups and Azure AD, and logs in ServiceNow.
naftiko: "0.5"
info:
label: "Org Change to Identity Sync"
description: "Detects Workday org changes, updates Okta groups and Azure AD, and logs in ServiceNow."
tags:
- hr
- workday
- okta
- azure
- servicenow
capability:
exposes:
- type: mcp
namespace: hr
port: 8080
tools:
- name: org-orchestrate
description: "Detects Workday org changes, updates Okta groups and Azure AD, and logs in ServiceNow."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "workday.get-worker"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "okta.get-user-groups"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "azure.get-resources"
with:
input: "{{step-1.result}}"
- name: step-4
type: call
call: "servicenow.create-incident"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/northrop-grumman/workers/{{worker_id}}"
operations:
- name: get-worker
method: GET
- type: http
namespace: okta
baseUri: "https://northropgrumman.okta.com/api/v1"
authentication:
type: bearer
token: "$secrets.okta_token"
resources:
- name: user-groups
path: "/users/{{{{user_id}}}}/groups"
operations:
- name: get-user-groups
method: GET
- type: http
namespace: azure
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: resources
path: "/subscriptions"
operations:
- name: get-resources
method: GET
- type: http
namespace: servicenow
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Palo Alto Firewall Rule Lookup
▼
security palo-alto-networks firewall
Retrieves a firewall security rule from Palo Alto Panorama by rule name.
naftiko: "0.5"
info:
label: "Palo Alto Firewall Rule Lookup"
description: "Retrieves a firewall security rule from Palo Alto Panorama by rule name."
tags:
- security
- palo-alto-networks
- firewall
capability:
exposes:
- type: mcp
namespace: network-security
port: 8080
tools:
- name: get-firewall-rule
description: "Retrieves a firewall security rule from Palo Alto Panorama by rule name."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary lookup parameter."
call: "paloalto.get-security-rule"
with:
param_1: "{{param_1}}"
outputParameters:
- name: result
type: string
mapping: "$.result"
consumes:
- type: http
namespace: paloalto
baseUri: "https://panorama.northrop-grumman.com/restapi/v10.2"
authentication:
type: bearer
token: "$secrets.paloalto_token"
resources:
- name: get-security-rule
path: "/Policies/SecurityRules?name={{{{rule_name}}}}"
operations:
- name: get-security-rule
method: GET
Palo Alto Networks Firewall Policy Audit
▼
security network-security palo-alto-networks jira microsoft-teams compliance
Audits Palo Alto Networks firewall rule sets for overly permissive rules and creates a Jira security remediation task for any findings, notifying the network security team in Teams.
naftiko: "0.5"
info:
label: "Palo Alto Networks Firewall Policy Audit"
description: "Audits Palo Alto Networks firewall rule sets for overly permissive rules and creates a Jira security remediation task for any findings, notifying the network security team in Teams."
tags:
- security
- network-security
- palo-alto-networks
- jira
- microsoft-teams
- compliance
capability:
exposes:
- type: mcp
namespace: network-security
port: 8080
tools:
- name: audit-firewall-policies
description: "Given a Palo Alto Networks device group name, fetch all security policy rules and identify overly permissive or unused rules. Create a Jira remediation task and notify the network security team in Teams. Use for quarterly firewall audit compliance."
inputParameters:
- name: device_group
in: body
type: string
description: "The Palo Alto device group name to audit."
steps:
- name: get-security-rules
type: call
call: "paloalto.list-security-rules"
with:
device_group: "{{device_group}}"
- name: create-remediation-task
type: call
call: "jira-netsec.create-issue"
with:
project_key: "SEC"
issuetype: "Task"
summary: "Firewall audit: {{device_group}} — policy review required"
description: "Rule count: {{get-security-rules.count}}. Review overly permissive rules."
- name: notify-netsec-team
type: call
call: "msteams-netsec.post-message"
with:
channel_id: "$secrets.netsec_channel_id"
text: "Firewall audit complete for {{device_group}}: {{get-security-rules.count}} rules reviewed. Jira: {{create-remediation-task.key}}"
consumes:
- type: http
namespace: paloalto
baseUri: "https://ngfw.northropgrumman.com/restapi/v10.1"
authentication:
type: apikey
key: "X-PAN-KEY"
value: "$secrets.paloalto_api_key"
placement: header
resources:
- name: security-rules
path: "/Objects/SecurityRules"
inputParameters:
- name: device_group
in: query
operations:
- name: list-security-rules
method: GET
- type: http
namespace: jira-netsec
baseUri: "https://northropgrumman.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams-netsec
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-message
method: POST
Power BI Dataset Refresh Status
▼
analytics power-bi reporting
Checks the refresh status of a Power BI dataset.
naftiko: "0.5"
info:
label: "Power BI Dataset Refresh Status"
description: "Checks the refresh status of a Power BI dataset."
tags:
- analytics
- power-bi
- reporting
capability:
exposes:
- type: mcp
namespace: analytics
port: 8080
tools:
- name: get-dataset-refresh-status
description: "Checks the refresh status of a Power BI dataset."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary lookup parameter."
call: "powerbi.get-refresh-history"
with:
param_1: "{{param_1}}"
outputParameters:
- name: result
type: string
mapping: "$.result"
consumes:
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: get-refresh-history
path: "/datasets/{{{{dataset_id}}}}/refreshes?$top=1"
operations:
- name: get-refresh-history
method: GET
Power BI Program Financial Dashboard Refresh
▼
data analytics power-bi snowflake reporting microsoft-teams
Triggers a Power BI dataset refresh for program financial dashboards after Snowflake data loads complete, notifying the finance team in Microsoft Teams.
naftiko: "0.5"
info:
label: "Power BI Program Financial Dashboard Refresh"
description: "Triggers a Power BI dataset refresh for program financial dashboards after Snowflake data loads complete, notifying the finance team in Microsoft Teams."
tags:
- data
- analytics
- power-bi
- snowflake
- reporting
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: bi-reporting
port: 8080
tools:
- name: refresh-program-dashboard
description: "Given a Power BI workspace ID and dataset ID, trigger a dataset refresh and notify the finance analytics team in Teams. Use after Snowflake program cost data loads complete."
inputParameters:
- name: workspace_id
in: body
type: string
description: "The Power BI workspace ID."
- name: dataset_id
in: body
type: string
description: "The Power BI dataset ID to refresh."
- name: program_name
in: body
type: string
description: "The program name for the notification context."
steps:
- name: refresh-dataset
type: call
call: "powerbi.trigger-refresh"
with:
workspace_id: "{{workspace_id}}"
dataset_id: "{{dataset_id}}"
- name: notify-finance
type: call
call: "msteams-bi.post-message"
with:
channel_id: "$secrets.finance_analytics_channel_id"
text: "Power BI dashboard for {{program_name}} (dataset {{dataset_id}}) refresh triggered."
consumes:
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: dataset-refreshes
path: "/groups/{{workspace_id}}/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: workspace_id
in: path
- name: dataset_id
in: path
operations:
- name: trigger-refresh
method: POST
- type: http
namespace: msteams-bi
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-message
method: POST
Program Budget Alert Workflow
▼
finance sap snowflake microsoft-teams
Queries SAP for budget utilization, checks Snowflake analytics, and sends Teams alert when spending exceeds threshold.
naftiko: "0.5"
info:
label: "Program Budget Alert Workflow"
description: "Queries SAP for budget utilization, checks Snowflake analytics, and sends Teams alert when spending exceeds threshold."
tags:
- finance
- sap
- snowflake
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: finance
port: 8080
tools:
- name: program-orchestrate
description: "Queries SAP for budget utilization, checks Snowflake analytics, and sends Teams alert when spending exceeds threshold."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "sap.get-po"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "snowflake.run-query"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: sap
baseUri: "https://northropgrumman-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: purchase-orders
path: "/A_PurchaseOrder('{{{{po_number}}}}')"
operations:
- name: get-po
method: GET
- type: http
namespace: snowflake
baseUri: "https://northropgrumman.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
Purchase Requisition Approval Routing
▼
procurement sap workday microsoft-teams
Retrieves SAP purchase requisition, identifies Workday approver, and sends Teams approval request.
naftiko: "0.5"
info:
label: "Purchase Requisition Approval Routing"
description: "Retrieves SAP purchase requisition, identifies Workday approver, and sends Teams approval request."
tags:
- procurement
- sap
- workday
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: procurement
port: 8080
tools:
- name: purchase-orchestrate
description: "Retrieves SAP purchase requisition, identifies Workday approver, and sends Teams approval request."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "sap.get-po"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "workday.get-worker"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: sap
baseUri: "https://northropgrumman-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: purchase-orders
path: "/A_PurchaseOrder('{{{{po_number}}}}')"
operations:
- name: get-po
method: GET
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/northrop-grumman/workers/{{worker_id}}"
operations:
- name: get-worker
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
Recruiting Pipeline to Workday Sync
▼
hr linkedin workday microsoft-teams
Pulls LinkedIn pipeline, creates Workday requisition, and notifies hiring manager via Teams.
naftiko: "0.5"
info:
label: "Recruiting Pipeline to Workday Sync"
description: "Pulls LinkedIn pipeline, creates Workday requisition, and notifies hiring manager via Teams."
tags:
- hr
- linkedin
- workday
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: hr
port: 8080
tools:
- name: recruiting-orchestrate
description: "Pulls LinkedIn pipeline, creates Workday requisition, and notifies hiring manager via Teams."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "linkedin.get-job-pipeline"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "workday.get-worker"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: linkedin
baseUri: "https://api.linkedin.com/v2"
authentication:
type: bearer
token: "$secrets.linkedin_token"
resources:
- name: postings
path: "/jobPostings"
operations:
- name: get-job-pipeline
method: GET
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/northrop-grumman/workers/{{worker_id}}"
operations:
- name: get-worker
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
Release Documentation Generator
▼
devops jira confluence microsoft-teams
Gathers completed Jira issues, generates Confluence release notes, and notifies stakeholders via Teams.
naftiko: "0.5"
info:
label: "Release Documentation Generator"
description: "Gathers completed Jira issues, generates Confluence release notes, and notifies stakeholders via Teams."
tags:
- devops
- jira
- confluence
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: devops
port: 8080
tools:
- name: release-orchestrate
description: "Gathers completed Jira issues, generates Confluence release notes, and notifies stakeholders via Teams."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "jira.create-issue"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "confluence.create-page"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: jira
baseUri: "https://northrop-grumman.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: confluence
baseUri: "https://northrop-grumman.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_password"
resources:
- name: pages
path: "/content"
operations:
- name: create-page
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
Release to Deployment Pipeline
▼
devops github servicenow terraform microsoft-teams
Creates ServiceNow change for GitHub release, triggers Terraform deployment, and posts Teams notification.
naftiko: "0.5"
info:
label: "Release to Deployment Pipeline"
description: "Creates ServiceNow change for GitHub release, triggers Terraform deployment, and posts Teams notification."
tags:
- devops
- github
- servicenow
- terraform
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: devops
port: 8080
tools:
- name: release-orchestrate
description: "Creates ServiceNow change for GitHub release, triggers Terraform deployment, and posts Teams notification."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "github.get-branch-protection"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "servicenow.create-incident"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "terraform.get-workspace"
with:
input: "{{step-1.result}}"
- name: step-4
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: repos
path: "/repos/{{{{repo}}}}/branches/main/protection"
operations:
- name: get-branch-protection
method: GET
- type: http
namespace: servicenow
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: workspaces
path: "/organizations/northrop-grumman/workspaces"
operations:
- name: get-workspace
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
RFQ to Vendor Notification
▼
procurement sap-ariba microsoft-graph salesforce
Retrieves SAP Ariba RFQ, sends vendor notification via Graph, and updates Salesforce opportunity.
naftiko: "0.5"
info:
label: "RFQ to Vendor Notification"
description: "Retrieves SAP Ariba RFQ, sends vendor notification via Graph, and updates Salesforce opportunity."
tags:
- procurement
- sap-ariba
- microsoft-graph
- salesforce
capability:
exposes:
- type: mcp
namespace: procurement
port: 8080
tools:
- name: rfq-orchestrate
description: "Retrieves SAP Ariba RFQ, sends vendor notification via Graph, and updates Salesforce opportunity."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "ariba.get-vendor"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "msgraph.send-mail"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "salesforce.get-opportunity"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: ariba
baseUri: "https://openapi.ariba.com/api/procurement/v2"
authentication:
type: bearer
token: "$secrets.ariba_token"
resources:
- name: vendors
path: "/vendors/{{{{vendor_id}}}}"
operations:
- name: get-vendor
method: GET
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/me/sendMail"
operations:
- name: send-mail
method: POST
- type: http
namespace: salesforce
baseUri: "https://northropgrumman.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/sobjects/Opportunity"
operations:
- name: get-opportunity
method: GET
Salesforce Opportunity Lookup
▼
sales salesforce crm
Retrieves a Salesforce opportunity by ID.
naftiko: "0.5"
info:
label: "Salesforce Opportunity Lookup"
description: "Retrieves a Salesforce opportunity by ID."
tags:
- sales
- salesforce
- crm
capability:
exposes:
- type: mcp
namespace: crm
port: 8080
tools:
- name: get-opportunity
description: "Retrieves a Salesforce opportunity by ID."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary lookup parameter."
call: "salesforce.get-opportunity"
with:
param_1: "{{param_1}}"
outputParameters:
- name: result
type: string
mapping: "$.result"
consumes:
- type: http
namespace: salesforce
baseUri: "https://northropgrumman.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: get-opportunity
path: "/sobjects/Opportunity/{{{{id}}}}"
operations:
- name: get-opportunity
method: GET
SAP Ariba Subcontractor Procurement Routing
▼
procurement finance sap-ariba sap servicenow approval government-contracts
When a subcontractor procurement request is submitted in SAP Ariba, validates available budget in SAP S/4HANA against the program cost center and routes for approval via ServiceNow.
naftiko: "0.5"
info:
label: "SAP Ariba Subcontractor Procurement Routing"
description: "When a subcontractor procurement request is submitted in SAP Ariba, validates available budget in SAP S/4HANA against the program cost center and routes for approval via ServiceNow."
tags:
- procurement
- finance
- sap-ariba
- sap
- servicenow
- approval
- government-contracts
capability:
exposes:
- type: mcp
namespace: procurement-ops
port: 8080
tools:
- name: route-subcontractor-request
description: "Given an Ariba requisition ID, program cost center, and amount, validate budget availability in SAP and create a ServiceNow approval task. Use for defense subcontract procurement routing."
inputParameters:
- name: requisition_id
in: body
type: string
description: "The SAP Ariba purchase requisition ID."
- name: program_cost_center
in: body
type: string
description: "The SAP program cost center for budget validation."
- name: amount
in: body
type: number
description: "The requisition amount in USD."
steps:
- name: get-requisition
type: call
call: "ariba.get-requisition"
with:
req_id: "{{requisition_id}}"
- name: check-budget
type: call
call: "sap-budget.get-cost-center-balance"
with:
cost_center: "{{program_cost_center}}"
- name: create-approval
type: call
call: "servicenow-proc.create-task"
with:
short_description: "Subcontractor procurement approval: {{requisition_id}} (${{amount}})"
category: "procurement_approval"
description: "Budget available: {{check-budget.available}}"
consumes:
- type: http
namespace: ariba
baseUri: "https://openapi.ariba.com/api/purchase-requisitions/v1"
authentication:
type: bearer
token: "$secrets.ariba_token"
resources:
- name: requisitions
path: "/requisitions/{{req_id}}"
inputParameters:
- name: req_id
in: path
operations:
- name: get-requisition
method: GET
- type: http
namespace: sap-budget
baseUri: "https://northropgrumman-s4.sap.com/sap/opu/odata/sap/API_COSTCENTER_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: cost-centers
path: "/A_CostCenter('{{cost_center}}')"
inputParameters:
- name: cost_center
in: path
operations:
- name: get-cost-center-balance
method: GET
- type: http
namespace: servicenow-proc
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: tasks
path: "/table/sc_task"
operations:
- name: create-task
method: POST
SAP Concur Defense Travel Expense Approval
▼
finance expense-management sap-concur servicenow microsoft-teams approval government-travel
When an employee submits a government travel expense report in SAP Concur exceeding the per diem or policy threshold, creates a ServiceNow approval task and notifies the program manager via Teams.
naftiko: "0.5"
info:
label: "SAP Concur Defense Travel Expense Approval"
description: "When an employee submits a government travel expense report in SAP Concur exceeding the per diem or policy threshold, creates a ServiceNow approval task and notifies the program manager via Teams."
tags:
- finance
- expense-management
- sap-concur
- servicenow
- microsoft-teams
- approval
- government-travel
capability:
exposes:
- type: mcp
namespace: finance-expenses
port: 8080
tools:
- name: route-travel-expense-approval
description: "Given a Concur expense report ID and total, validate against government travel policy and route to the program manager via ServiceNow task and Teams notification. Use for defense contractor travel expense compliance."
inputParameters:
- name: report_id
in: body
type: string
description: "The SAP Concur expense report ID."
- name: total_amount
in: body
type: number
description: "The total expense amount in USD."
- name: program_code
in: body
type: string
description: "The defense program code for cost allocation."
steps:
- name: get-report
type: call
call: "concur.get-expense-report"
with:
report_id: "{{report_id}}"
- name: create-approval-task
type: call
call: "servicenow-exp.create-task"
with:
short_description: "Travel expense approval: {{report_id}} (${{total_amount}}) — Program {{program_code}}"
category: "finance_expense_approval"
- name: notify-program-manager
type: call
call: "msteams-exp.send-message"
with:
recipient_upn: "{{get-report.manager_email}}"
text: "Travel expense report {{report_id}} for ${{total_amount}} on program {{program_code}} requires your approval. Task: {{create-approval-task.number}}"
consumes:
- type: http
namespace: concur
baseUri: "https://www.concursolutions.com/api/v3.0"
authentication:
type: bearer
token: "$secrets.concur_token"
resources:
- name: expense-reports
path: "/expense/reports/{{report_id}}"
inputParameters:
- name: report_id
in: path
operations:
- name: get-expense-report
method: GET
- type: http
namespace: servicenow-exp
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: tasks
path: "/table/sc_task"
operations:
- name: create-task
method: POST
- type: http
namespace: msteams-exp
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: chats
path: "/chats"
operations:
- name: send-message
method: POST
SAP Cost Center Budget Lookup
▼
finance sap budget
Retrieves budget vs. actuals for a SAP cost center and fiscal period.
naftiko: "0.5"
info:
label: "SAP Cost Center Budget Lookup"
description: "Retrieves budget vs. actuals for a SAP cost center and fiscal period."
tags:
- finance
- sap
- budget
capability:
exposes:
- type: mcp
namespace: erp-finance
port: 8080
tools:
- name: get-cost-center-budget
description: "Retrieves budget vs. actuals for a SAP cost center and fiscal period."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary lookup parameter."
call: "sap.get-budget"
with:
param_1: "{{param_1}}"
outputParameters:
- name: result
type: string
mapping: "$.result"
consumes:
- type: http
namespace: sap
baseUri: "https://northropgrumman-s4.sap.com/sap/opu/odata/sap/API_CSTCTRBUDGET_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: get-budget
path: "/A_CostCenterBudget(CostCenter='{{{{cost_center}}}}',FiscalYear='{{{{fiscal_year}}}}')"
operations:
- name: get-budget
method: GET
SAP Goods Receipt Lookup
▼
logistics sap warehouse
Retrieves a goods receipt document from SAP by material document number.
naftiko: "0.5"
info:
label: "SAP Goods Receipt Lookup"
description: "Retrieves a goods receipt document from SAP by material document number."
tags:
- logistics
- sap
- warehouse
capability:
exposes:
- type: mcp
namespace: erp-logistics
port: 8080
tools:
- name: get-goods-receipt
description: "Retrieves a goods receipt document from SAP by material document number."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary lookup parameter."
call: "sap.get-goods-receipt"
with:
param_1: "{{param_1}}"
outputParameters:
- name: result
type: string
mapping: "$.result"
consumes:
- type: http
namespace: sap
baseUri: "https://northropgrumman-s4.sap.com/sap/opu/odata/sap/API_MATERIAL_DOCUMENT_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: get-goods-receipt
path: "/A_MaterialDocumentHeader('{{{{doc_number}}}}')"
operations:
- name: get-goods-receipt
method: GET
SAP Material Master Lookup
▼
procurement sap materials
Retrieves material master data from SAP S/4HANA by material number.
naftiko: "0.5"
info:
label: "SAP Material Master Lookup"
description: "Retrieves material master data from SAP S/4HANA by material number."
tags:
- procurement
- sap
- materials
capability:
exposes:
- type: mcp
namespace: erp
port: 8080
tools:
- name: get-material
description: "Retrieves material master data from SAP S/4HANA by material number."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary lookup parameter."
call: "sap.get-material"
with:
param_1: "{{param_1}}"
outputParameters:
- name: result
type: string
mapping: "$.result"
consumes:
- type: http
namespace: sap
baseUri: "https://northropgrumman-s4.sap.com/sap/opu/odata/sap/API_PRODUCT_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: get-material
path: "/A_Product('{{{{material}}}}')"
operations:
- name: get-material
method: GET
SAP Period-End Close Checklist
▼
finance period-close sap servicenow government-contracts
At the end of each fiscal period, queries SAP S/4HANA for open journal entries and unposted items, then creates a ServiceNow period-close task for the government accounting team.
naftiko: "0.5"
info:
label: "SAP Period-End Close Checklist"
description: "At the end of each fiscal period, queries SAP S/4HANA for open journal entries and unposted items, then creates a ServiceNow period-close task for the government accounting team."
tags:
- finance
- period-close
- sap
- servicenow
- government-contracts
capability:
exposes:
- type: mcp
namespace: finance-close
port: 8080
tools:
- name: run-period-close-checklist
description: "Given a fiscal period and year, query SAP for open journal entries and unposted items, then create a ServiceNow period-close checklist task. Use at month-end or quarter-end to support government contract accounting close."
inputParameters:
- name: fiscal_period
in: body
type: string
description: "The fiscal period number (e.g., '006' for June)."
- name: fiscal_year
in: body
type: string
description: "The fiscal year (e.g., '2026')."
steps:
- name: get-open-items
type: call
call: "sap-close.get-open-journal-entries"
with:
period: "{{fiscal_period}}"
year: "{{fiscal_year}}"
- name: create-checklist
type: call
call: "servicenow-close.create-task"
with:
short_description: "Period close checklist FY{{fiscal_year}}/P{{fiscal_period}}"
description: "Open items: {{get-open-items.count}}. Please clear before period close."
category: "finance_close"
consumes:
- type: http
namespace: sap-close
baseUri: "https://northropgrumman-s4.sap.com/sap/opu/odata/sap/API_JOURNALENTRYITEMBASIC_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: journal-entries
path: "/A_JournalEntryItem"
inputParameters:
- name: period
in: query
- name: year
in: query
operations:
- name: get-open-journal-entries
method: GET
- type: http
namespace: servicenow-close
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: tasks
path: "/table/sc_task"
operations:
- name: create-task
method: POST
SAP S/4HANA Purchase Order Lookup
▼
finance procurement sap purchase-order government-contracts
Looks up a SAP S/4HANA purchase order by number and returns header status, vendor, total value, and delivery schedule for government contract procurement teams.
naftiko: "0.5"
info:
label: "SAP S/4HANA Purchase Order Lookup"
description: "Looks up a SAP S/4HANA purchase order by number and returns header status, vendor, total value, and delivery schedule for government contract procurement teams."
tags:
- finance
- procurement
- sap
- purchase-order
- government-contracts
capability:
exposes:
- type: mcp
namespace: erp
port: 8080
tools:
- name: get-purchase-order
description: "Look up a SAP purchase order by PO number. Returns header status, vendor, total value, currency, and delivery dates. Use for invoice matching, DCAA audits, and defense contract spend management."
inputParameters:
- name: po_number
in: body
type: string
description: "The SAP purchase order number (e.g., 4500012345)."
call: "sap.get-po"
with:
po_number: "{{po_number}}"
outputParameters:
- name: status
type: string
mapping: "$.d.OverallStatus"
- name: vendor
type: string
mapping: "$.d.Supplier.CompanyName"
- name: total_value
type: string
mapping: "$.d.TotalAmount"
- name: currency
type: string
mapping: "$.d.TransactionCurrency"
consumes:
- type: http
namespace: sap
baseUri: "https://northropgrumman-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: purchase-orders
path: "/A_PurchaseOrder('{{po_number}}')"
inputParameters:
- name: po_number
in: path
operations:
- name: get-po
method: GET
Satellite Telemetry Anomaly Detector
▼
data snowflake jira microsoft-teams
Monitors satellite telemetry data in Snowflake, detects anomalies, and creates Jira engineering tasks.
naftiko: "0.5"
info:
label: "Satellite Telemetry Anomaly Detector"
description: "Monitors satellite telemetry data in Snowflake, detects anomalies, and creates Jira engineering tasks."
tags:
- data
- snowflake
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: data
port: 8080
tools:
- name: satellite-orchestrate
description: "Monitors satellite telemetry data in Snowflake, detects anomalies, and creates Jira engineering tasks."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "snowflake.run-query"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "jira.create-issue"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://northropgrumman.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: jira
baseUri: "https://northrop-grumman.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
Secret Rotation Orchestrator
▼
security azure terraform servicenow
Detects expiring Azure Key Vault secrets, rotates them, updates Terraform, and creates ServiceNow change.
naftiko: "0.5"
info:
label: "Secret Rotation Orchestrator"
description: "Detects expiring Azure Key Vault secrets, rotates them, updates Terraform, and creates ServiceNow change."
tags:
- security
- azure
- terraform
- servicenow
capability:
exposes:
- type: mcp
namespace: security
port: 8080
tools:
- name: secret-orchestrate
description: "Detects expiring Azure Key Vault secrets, rotates them, updates Terraform, and creates ServiceNow change."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "azure.get-resources"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "terraform.get-workspace"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "servicenow.create-incident"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: azure
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: resources
path: "/subscriptions"
operations:
- name: get-resources
method: GET
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: workspaces
path: "/organizations/northrop-grumman/workspaces"
operations:
- name: get-workspace
method: GET
- type: http
namespace: servicenow
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Security Clearance Verification Workflow
▼
security workday okta servicenow
Queries Workday for employee data, checks Okta group assignments, and logs verification in ServiceNow.
naftiko: "0.5"
info:
label: "Security Clearance Verification Workflow"
description: "Queries Workday for employee data, checks Okta group assignments, and logs verification in ServiceNow."
tags:
- security
- workday
- okta
- servicenow
capability:
exposes:
- type: mcp
namespace: security
port: 8080
tools:
- name: security-orchestrate
description: "Queries Workday for employee data, checks Okta group assignments, and logs verification in ServiceNow."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "workday.get-worker"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "okta.get-user-groups"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "servicenow.create-incident"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/northrop-grumman/workers/{{worker_id}}"
operations:
- name: get-worker
method: GET
- type: http
namespace: okta
baseUri: "https://northropgrumman.okta.com/api/v1"
authentication:
type: bearer
token: "$secrets.okta_token"
resources:
- name: user-groups
path: "/users/{{{{user_id}}}}/groups"
operations:
- name: get-user-groups
method: GET
- type: http
namespace: servicenow
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
ServiceNow Change Request for Production Systems
▼
itsm change-management servicenow microsoft-teams jira approval
When a change request is submitted in ServiceNow for a classified or mission-critical system, notifies the Change Advisory Board approvers via Microsoft Teams and creates a Jira tracking ticket.
naftiko: "0.5"
info:
label: "ServiceNow Change Request for Production Systems"
description: "When a change request is submitted in ServiceNow for a classified or mission-critical system, notifies the Change Advisory Board approvers via Microsoft Teams and creates a Jira tracking ticket."
tags:
- itsm
- change-management
- servicenow
- microsoft-teams
- jira
- approval
capability:
exposes:
- type: mcp
namespace: itsm-change
port: 8080
tools:
- name: submit-change-request
description: "Given a change description, risk level, affected system, and planned start time, create a ServiceNow change request, open a Jira tracking ticket, and notify the CAB in Teams. Use before any production or mission-system change."
inputParameters:
- name: change_description
in: body
type: string
description: "Description of the proposed change."
- name: risk
in: body
type: string
description: "Risk level: low, medium, or high."
- name: affected_system
in: body
type: string
description: "Name of the affected system or program."
- name: planned_start
in: body
type: string
description: "Planned start datetime in ISO 8601 format."
steps:
- name: create-change
type: call
call: "servicenow-chg.create-change"
with:
short_description: "{{change_description}}"
risk: "{{risk}}"
start_date: "{{planned_start}}"
cmdb_ci: "{{affected_system}}"
- name: create-jira-tracker
type: call
call: "jira-chg.create-issue"
with:
project_key: "OPS"
issuetype: "Task"
summary: "Change: {{change_description}} ({{affected_system}})"
- name: notify-cab
type: call
call: "msteams-chg.post-message"
with:
channel_id: "$secrets.cab_channel_id"
text: "Change Request {{create-change.number}} submitted for {{affected_system}}. Risk: {{risk}}. Planned: {{planned_start}}. Jira: {{create-jira-tracker.key}}"
consumes:
- type: http
namespace: servicenow-chg
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: change-requests
path: "/table/change_request"
operations:
- name: create-change
method: POST
- type: http
namespace: jira-chg
baseUri: "https://northropgrumman.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams-chg
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-message
method: POST
ServiceNow Incident Status Lookup
▼
itsm servicenow incident
Looks up a ServiceNow incident by number and returns state, priority, and assignment group.
naftiko: "0.5"
info:
label: "ServiceNow Incident Status Lookup"
description: "Looks up a ServiceNow incident by number and returns state, priority, and assignment group."
tags:
- itsm
- servicenow
- incident
capability:
exposes:
- type: mcp
namespace: itsm
port: 8080
tools:
- name: get-incident-status
description: "Looks up a ServiceNow incident by number and returns state, priority, and assignment group."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary lookup parameter."
call: "servicenow.get-incident"
with:
param_1: "{{param_1}}"
outputParameters:
- name: result
type: string
mapping: "$.result"
consumes:
- type: http
namespace: servicenow
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: get-incident
path: "/table/incident?sysparm_query=number={{{{number}}}}"
operations:
- name: get-incident
method: GET
ServiceNow IT Incident P1 Escalation
▼
itsm incident-response servicenow pagerduty datadog microsoft-teams
When a P1 incident is created in ServiceNow, triggers PagerDuty on-call escalation, creates a Datadog observability event, and posts a war-room link to the IT ops Teams channel.
naftiko: "0.5"
info:
label: "ServiceNow IT Incident P1 Escalation"
description: "When a P1 incident is created in ServiceNow, triggers PagerDuty on-call escalation, creates a Datadog observability event, and posts a war-room link to the IT ops Teams channel."
tags:
- itsm
- incident-response
- servicenow
- pagerduty
- datadog
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: itsm-ops
port: 8080
tools:
- name: escalate-p1-incident
description: "Given a ServiceNow incident number and short description, trigger PagerDuty on-call, create a Datadog event, and notify the IT ops Teams channel. Invoke immediately on P1 or critical incident creation."
inputParameters:
- name: incident_number
in: body
type: string
description: "The ServiceNow incident number (e.g., INC0012345)."
- name: short_description
in: body
type: string
description: "Brief description of the incident."
steps:
- name: page-oncall
type: call
call: "pagerduty-itsm.trigger-incident"
with:
title: "P1: {{short_description}}"
severity: "critical"
incident_key: "{{incident_number}}"
- name: create-dd-event
type: call
call: "datadog.create-event"
with:
title: "P1 Incident {{incident_number}}: {{short_description}}"
alert_type: "error"
- name: notify-ops
type: call
call: "msteams-itsm.post-message"
with:
channel_id: "$secrets.it_ops_channel_id"
text: "P1 Incident {{incident_number}}: {{short_description}} | PD: {{page-oncall.incident_url}}"
consumes:
- type: http
namespace: pagerduty-itsm
baseUri: "https://api.pagerduty.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.pagerduty_token"
placement: header
resources:
- name: incidents
path: "/incidents"
operations:
- name: trigger-incident
method: POST
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: events
path: "/events"
operations:
- name: create-event
method: POST
- type: http
namespace: msteams-itsm
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-message
method: POST
SIEM Alert to Endpoint Isolation
▼
security splunk crowdstrike servicenow
Responds to Splunk alert by isolating CrowdStrike endpoint and creating ServiceNow incident.
naftiko: "0.5"
info:
label: "SIEM Alert to Endpoint Isolation"
description: "Responds to Splunk alert by isolating CrowdStrike endpoint and creating ServiceNow incident."
tags:
- security
- splunk
- crowdstrike
- servicenow
capability:
exposes:
- type: mcp
namespace: security
port: 8080
tools:
- name: siem-orchestrate
description: "Responds to Splunk alert by isolating CrowdStrike endpoint and creating ServiceNow incident."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "splunk.run-search"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "crowdstrike.get-device"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "servicenow.create-incident"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: splunk
baseUri: "https://splunk.northrop-grumman.com:8089/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: search
path: "/search/jobs"
operations:
- name: run-search
method: POST
- type: http
namespace: crowdstrike
baseUri: "https://api.crowdstrike.com"
authentication:
type: bearer
token: "$secrets.crowdstrike_token"
resources:
- name: devices
path: "/devices/entities/devices/v2"
operations:
- name: get-device
method: GET
- type: http
namespace: servicenow
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Snowflake Program Cost Data Quality Check
▼
data data-quality snowflake jira microsoft-teams finance
Runs a data quality assertion against Northrop Grumman's program cost Snowflake tables and opens a Jira incident if row counts or null rates breach thresholds, alerting the finance data team in Teams.
naftiko: "0.5"
info:
label: "Snowflake Program Cost Data Quality Check"
description: "Runs a data quality assertion against Northrop Grumman's program cost Snowflake tables and opens a Jira incident if row counts or null rates breach thresholds, alerting the finance data team in Teams."
tags:
- data
- data-quality
- snowflake
- jira
- microsoft-teams
- finance
capability:
exposes:
- type: mcp
namespace: data-quality
port: 8080
tools:
- name: run-program-cost-quality-check
description: "Given a Snowflake program cost table name and quality thresholds, run an assertion query and open a Jira incident if thresholds are breached. Post results to the finance data Teams channel. Use for automated program accounting data integrity checks."
inputParameters:
- name: table_name
in: body
type: string
description: "The fully qualified Snowflake table name (database.schema.table)."
- name: min_row_count
in: body
type: integer
description: "Minimum expected row count."
steps:
- name: run-quality-query
type: call
call: "snowflake.execute-statement"
with:
statement: "SELECT COUNT(*) as row_count FROM {{table_name}}"
- name: open-incident
type: call
call: "jira-dq.create-issue"
with:
project_key: "DATA"
issuetype: "Bug"
summary: "Data quality failure: {{table_name}}"
description: "Row count: {{run-quality-query.row_count}}. Expected: {{min_row_count}}"
- name: notify-finance-data
type: call
call: "msteams-dq.post-message"
with:
channel_id: "$secrets.finance_data_channel_id"
text: "DQ Check: {{table_name}} | Rows: {{run-quality-query.row_count}} | Jira: {{open-incident.key}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://northropgrumman.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: execute-statement
method: POST
- type: http
namespace: jira-dq
baseUri: "https://northropgrumman.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams-dq
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-message
method: POST
Snowflake Query Execution Status
▼
data snowflake monitoring
Checks the execution status of a Snowflake query by ID.
naftiko: "0.5"
info:
label: "Snowflake Query Execution Status"
description: "Checks the execution status of a Snowflake query by ID."
tags:
- data
- snowflake
- monitoring
capability:
exposes:
- type: mcp
namespace: data-platform
port: 8080
tools:
- name: get-query-status
description: "Checks the execution status of a Snowflake query by ID."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary lookup parameter."
call: "snowflake.get-query-status"
with:
param_1: "{{param_1}}"
outputParameters:
- name: result
type: string
mapping: "$.result"
consumes:
- type: http
namespace: snowflake
baseUri: "https://northropgrumman.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: get-query-status
path: "/statements/{{{{query_id}}}}"
operations:
- name: get-query-status
method: GET
SOP Review Cycle Orchestrator
▼
knowledge-management confluence jira microsoft-teams
Identifies stale Confluence SOPs, creates Jira review tasks, and sends reminders via Teams.
naftiko: "0.5"
info:
label: "SOP Review Cycle Orchestrator"
description: "Identifies stale Confluence SOPs, creates Jira review tasks, and sends reminders via Teams."
tags:
- knowledge-management
- confluence
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: knowledge_management
port: 8080
tools:
- name: sop-orchestrate
description: "Identifies stale Confluence SOPs, creates Jira review tasks, and sends reminders via Teams."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "confluence.create-page"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "jira.create-issue"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: confluence
baseUri: "https://northrop-grumman.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_password"
resources:
- name: pages
path: "/content"
operations:
- name: create-page
method: POST
- type: http
namespace: jira
baseUri: "https://northrop-grumman.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
Splunk Saved Search Results Lookup
▼
security splunk siem
Retrieves the latest results from a Splunk saved search.
naftiko: "0.5"
info:
label: "Splunk Saved Search Results Lookup"
description: "Retrieves the latest results from a Splunk saved search."
tags:
- security
- splunk
- siem
capability:
exposes:
- type: mcp
namespace: siem
port: 8080
tools:
- name: get-saved-search-results
description: "Retrieves the latest results from a Splunk saved search."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary lookup parameter."
call: "splunk.get-saved-search"
with:
param_1: "{{param_1}}"
outputParameters:
- name: result
type: string
mapping: "$.result"
consumes:
- type: http
namespace: splunk
baseUri: "https://splunk.northrop-grumman.com:8089/servicesNS/admin/search"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: get-saved-search
path: "/saved/searches/{{{{search_name}}}}/history"
operations:
- name: get-saved-search
method: GET
Splunk Security Alert Triage
▼
security siem splunk servicenow pagerduty microsoft-teams
When Splunk fires a high-severity security alert, creates a ServiceNow security incident, pages the SOC via PagerDuty, and posts a war-room notification to the CISO Teams channel.
naftiko: "0.5"
info:
label: "Splunk Security Alert Triage"
description: "When Splunk fires a high-severity security alert, creates a ServiceNow security incident, pages the SOC via PagerDuty, and posts a war-room notification to the CISO Teams channel."
tags:
- security
- siem
- splunk
- servicenow
- pagerduty
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: siem-ops
port: 8080
tools:
- name: triage-splunk-alert
description: "Given a Splunk alert name, severity, and search ID, create a ServiceNow security incident, page the SOC via PagerDuty, and post a war-room notification to the CISO Teams channel. Use for automated SIEM alert response."
inputParameters:
- name: alert_name
in: body
type: string
description: "The name of the triggered Splunk alert."
- name: severity
in: body
type: string
description: "Alert severity: critical, high, medium, or low."
- name: search_id
in: body
type: string
description: "The Splunk search job SID for context retrieval."
steps:
- name: get-alert-results
type: call
call: "splunk.get-search-results"
with:
search_id: "{{search_id}}"
- name: create-security-incident
type: call
call: "servicenow-siem.create-incident"
with:
short_description: "Splunk {{severity}} alert: {{alert_name}}"
category: "security_incident"
urgency: "1"
- name: page-soc
type: call
call: "pagerduty-siem.trigger-incident"
with:
title: "SIEM Alert: {{alert_name}}"
severity: "{{severity}}"
incident_key: "splunk-{{search_id}}"
- name: notify-ciso
type: call
call: "msteams-siem.post-message"
with:
channel_id: "$secrets.ciso_channel_id"
text: "SIEM Alert ({{severity}}): {{alert_name}} | Incident: {{create-security-incident.number}} | PD: {{page-soc.incident_url}}"
consumes:
- type: http
namespace: splunk
baseUri: "https://splunk.northropgrumman.com:8089/servicesNS/admin"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: search-results
path: "/search/jobs/{{search_id}}/results"
inputParameters:
- name: search_id
in: path
operations:
- name: get-search-results
method: GET
- type: http
namespace: servicenow-siem
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: pagerduty-siem
baseUri: "https://api.pagerduty.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.pagerduty_token"
placement: header
resources:
- name: incidents
path: "/incidents"
operations:
- name: trigger-incident
method: POST
- type: http
namespace: msteams-siem
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-message
method: POST
Supplier Risk Assessment Orchestrator
▼
procurement sap-ariba snowflake servicenow
Retrieves Ariba supplier profile, Snowflake performance data, and creates ServiceNow risk record.
naftiko: "0.5"
info:
label: "Supplier Risk Assessment Orchestrator"
description: "Retrieves Ariba supplier profile, Snowflake performance data, and creates ServiceNow risk record."
tags:
- procurement
- sap-ariba
- snowflake
- servicenow
capability:
exposes:
- type: mcp
namespace: procurement
port: 8080
tools:
- name: supplier-orchestrate
description: "Retrieves Ariba supplier profile, Snowflake performance data, and creates ServiceNow risk record."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "ariba.get-vendor"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "snowflake.run-query"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "servicenow.create-incident"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: ariba
baseUri: "https://openapi.ariba.com/api/procurement/v2"
authentication:
type: bearer
token: "$secrets.ariba_token"
resources:
- name: vendors
path: "/vendors/{{{{vendor_id}}}}"
operations:
- name: get-vendor
method: GET
- type: http
namespace: snowflake
baseUri: "https://northropgrumman.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: servicenow
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Suspicious Login Response Workflow
▼
security okta crowdstrike servicenow
Responds to suspicious Okta login by checking CrowdStrike endpoint and creating ServiceNow incident.
naftiko: "0.5"
info:
label: "Suspicious Login Response Workflow"
description: "Responds to suspicious Okta login by checking CrowdStrike endpoint and creating ServiceNow incident."
tags:
- security
- okta
- crowdstrike
- servicenow
capability:
exposes:
- type: mcp
namespace: security
port: 8080
tools:
- name: suspicious-orchestrate
description: "Responds to suspicious Okta login by checking CrowdStrike endpoint and creating ServiceNow incident."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "okta.get-user-groups"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "crowdstrike.get-device"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "servicenow.create-incident"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: okta
baseUri: "https://northropgrumman.okta.com/api/v1"
authentication:
type: bearer
token: "$secrets.okta_token"
resources:
- name: user-groups
path: "/users/{{{{user_id}}}}/groups"
operations:
- name: get-user-groups
method: GET
- type: http
namespace: crowdstrike
baseUri: "https://api.crowdstrike.com"
authentication:
type: bearer
token: "$secrets.crowdstrike_token"
resources:
- name: devices
path: "/devices/entities/devices/v2"
operations:
- name: get-device
method: GET
- type: http
namespace: servicenow
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
System Access Request Orchestrator
▼
security workday okta servicenow microsoft-teams
Processes access request by verifying identity in Workday, provisioning Okta group, creating ServiceNow request, and notifying via Teams.
naftiko: "0.5"
info:
label: "System Access Request Orchestrator"
description: "Processes access request by verifying identity in Workday, provisioning Okta group, creating ServiceNow request, and notifying via Teams."
tags:
- security
- workday
- okta
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: security
port: 8080
tools:
- name: system-orchestrate
description: "Processes access request by verifying identity in Workday, provisioning Okta group, creating ServiceNow request, and notifying via Teams."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "workday.get-worker"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "okta.get-user-groups"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "servicenow.create-incident"
with:
input: "{{step-1.result}}"
- name: step-4
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/northrop-grumman/workers/{{worker_id}}"
operations:
- name: get-worker
method: GET
- type: http
namespace: okta
baseUri: "https://northropgrumman.okta.com/api/v1"
authentication:
type: bearer
token: "$secrets.okta_token"
resources:
- name: user-groups
path: "/users/{{{{user_id}}}}/groups"
operations:
- name: get-user-groups
method: GET
- type: http
namespace: servicenow
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
Termination to Access Revocation
▼
hr azure okta servicenow
Disables Azure AD account, suspends Okta sessions, and creates ServiceNow asset recovery ticket.
naftiko: "0.5"
info:
label: "Termination to Access Revocation"
description: "Disables Azure AD account, suspends Okta sessions, and creates ServiceNow asset recovery ticket."
tags:
- hr
- azure
- okta
- servicenow
capability:
exposes:
- type: mcp
namespace: hr
port: 8080
tools:
- name: termination-orchestrate
description: "Disables Azure AD account, suspends Okta sessions, and creates ServiceNow asset recovery ticket."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "azure.get-resources"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "okta.get-user-groups"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "servicenow.create-incident"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: azure
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: resources
path: "/subscriptions"
operations:
- name: get-resources
method: GET
- type: http
namespace: okta
baseUri: "https://northropgrumman.okta.com/api/v1"
authentication:
type: bearer
token: "$secrets.okta_token"
resources:
- name: user-groups
path: "/users/{{{{user_id}}}}/groups"
operations:
- name: get-user-groups
method: GET
- type: http
namespace: servicenow
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Terraform Drift Detection and Remediation
▼
devops terraform servicenow
Checks Terraform workspace for drift, creates ServiceNow change, and triggers remediation plan.
naftiko: "0.5"
info:
label: "Terraform Drift Detection and Remediation"
description: "Checks Terraform workspace for drift, creates ServiceNow change, and triggers remediation plan."
tags:
- devops
- terraform
- servicenow
capability:
exposes:
- type: mcp
namespace: devops
port: 8080
tools:
- name: terraform-orchestrate
description: "Checks Terraform workspace for drift, creates ServiceNow change, and triggers remediation plan."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "terraform.get-workspace"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "servicenow.create-incident"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: workspaces
path: "/organizations/northrop-grumman/workspaces"
operations:
- name: get-workspace
method: GET
- type: http
namespace: servicenow
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Terraform Workspace Status Lookup
▼
devops terraform infrastructure
Retrieves current status of a Terraform Cloud workspace.
naftiko: "0.5"
info:
label: "Terraform Workspace Status Lookup"
description: "Retrieves current status of a Terraform Cloud workspace."
tags:
- devops
- terraform
- infrastructure
capability:
exposes:
- type: mcp
namespace: infrastructure
port: 8080
tools:
- name: get-workspace-status
description: "Retrieves current status of a Terraform Cloud workspace."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary lookup parameter."
call: "terraform.get-workspace"
with:
param_1: "{{param_1}}"
outputParameters:
- name: result
type: string
mapping: "$.result"
consumes:
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: get-workspace
path: "/organizations/northrop-grumman/workspaces/{{{{workspace}}}}"
operations:
- name: get-workspace
method: GET
Threat Intel to Log Search
▼
security crowdstrike splunk servicenow
Pulls CrowdStrike threat indicators, runs Splunk search, and creates ServiceNow security incident.
naftiko: "0.5"
info:
label: "Threat Intel to Log Search"
description: "Pulls CrowdStrike threat indicators, runs Splunk search, and creates ServiceNow security incident."
tags:
- security
- crowdstrike
- splunk
- servicenow
capability:
exposes:
- type: mcp
namespace: security
port: 8080
tools:
- name: threat-orchestrate
description: "Pulls CrowdStrike threat indicators, runs Splunk search, and creates ServiceNow security incident."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "crowdstrike.get-device"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "splunk.run-search"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "servicenow.create-incident"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: crowdstrike
baseUri: "https://api.crowdstrike.com"
authentication:
type: bearer
token: "$secrets.crowdstrike_token"
resources:
- name: devices
path: "/devices/entities/devices/v2"
operations:
- name: get-device
method: GET
- type: http
namespace: splunk
baseUri: "https://splunk.northrop-grumman.com:8089/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: search
path: "/search/jobs"
operations:
- name: run-search
method: POST
- type: http
namespace: servicenow
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Travel Request Approval Orchestrator
▼
travel sap-concur sap microsoft-teams
Retrieves Concur travel request, validates SAP budget, and sends Teams approval request.
naftiko: "0.5"
info:
label: "Travel Request Approval Orchestrator"
description: "Retrieves Concur travel request, validates SAP budget, and sends Teams approval request."
tags:
- travel
- sap-concur
- sap
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: travel
port: 8080
tools:
- name: travel-orchestrate
description: "Retrieves Concur travel request, validates SAP budget, and sends Teams approval request."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "concur.get-travel-request"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "sap.get-po"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: concur
baseUri: "https://us.api.concursolutions.com/api/v3.0"
authentication:
type: bearer
token: "$secrets.concur_token"
resources:
- name: travel-requests
path: "/travelrequest/requests/{{{{request_id}}}}"
operations:
- name: get-travel-request
method: GET
- type: http
namespace: sap
baseUri: "https://northropgrumman-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: purchase-orders
path: "/A_PurchaseOrder('{{{{po_number}}}}')"
operations:
- name: get-po
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
Vendor Compliance Audit Orchestrator
▼
procurement sap-ariba snowflake servicenow
Runs vendor compliance check with SAP Ariba data, Snowflake contract history, and ServiceNow audit task.
naftiko: "0.5"
info:
label: "Vendor Compliance Audit Orchestrator"
description: "Runs vendor compliance check with SAP Ariba data, Snowflake contract history, and ServiceNow audit task."
tags:
- procurement
- sap-ariba
- snowflake
- servicenow
capability:
exposes:
- type: mcp
namespace: procurement
port: 8080
tools:
- name: vendor-orchestrate
description: "Runs vendor compliance check with SAP Ariba data, Snowflake contract history, and ServiceNow audit task."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "ariba.get-vendor"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "snowflake.run-query"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "servicenow.create-incident"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: ariba
baseUri: "https://openapi.ariba.com/api/procurement/v2"
authentication:
type: bearer
token: "$secrets.ariba_token"
resources:
- name: vendors
path: "/vendors/{{{{vendor_id}}}}"
operations:
- name: get-vendor
method: GET
- type: http
namespace: snowflake
baseUri: "https://northropgrumman.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: servicenow
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
VM Patching Orchestrator
▼
cloud servicenow terraform datadog
Creates ServiceNow change for VM patching, triggers Terraform apply, and validates with Datadog.
naftiko: "0.5"
info:
label: "VM Patching Orchestrator"
description: "Creates ServiceNow change for VM patching, triggers Terraform apply, and validates with Datadog."
tags:
- cloud
- servicenow
- terraform
- datadog
capability:
exposes:
- type: mcp
namespace: cloud
port: 8080
tools:
- name: vm-orchestrate
description: "Creates ServiceNow change for VM patching, triggers Terraform apply, and validates with Datadog."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "servicenow.create-incident"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "terraform.get-workspace"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "datadog.get-monitor"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: workspaces
path: "/organizations/northrop-grumman/workspaces"
operations:
- name: get-workspace
method: GET
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apiKey
header: "DD-API-KEY"
key: "$secrets.datadog_api_key"
resources:
- name: monitors
path: "/monitor/{{{{monitor_id}}}}"
operations:
- name: get-monitor
method: GET
Vulnerability Patch Deployment Orchestrator
▼
security servicenow terraform datadog
Creates ServiceNow change for patching, triggers Terraform deployment, and validates with Datadog.
naftiko: "0.5"
info:
label: "Vulnerability Patch Deployment Orchestrator"
description: "Creates ServiceNow change for patching, triggers Terraform deployment, and validates with Datadog."
tags:
- security
- servicenow
- terraform
- datadog
capability:
exposes:
- type: mcp
namespace: security
port: 8080
tools:
- name: vulnerability-orchestrate
description: "Creates ServiceNow change for patching, triggers Terraform deployment, and validates with Datadog."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "servicenow.create-incident"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "terraform.get-workspace"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "datadog.get-monitor"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: workspaces
path: "/organizations/northrop-grumman/workspaces"
operations:
- name: get-workspace
method: GET
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apiKey
header: "DD-API-KEY"
key: "$secrets.datadog_api_key"
resources:
- name: monitors
path: "/monitor/{{{{monitor_id}}}}"
operations:
- name: get-monitor
method: GET
Win/Loss Analysis Orchestrator
▼
sales salesforce snowflake confluence
Analyzes Salesforce opportunities, queries Snowflake trends, and generates Confluence report.
naftiko: "0.5"
info:
label: "Win/Loss Analysis Orchestrator"
description: "Analyzes Salesforce opportunities, queries Snowflake trends, and generates Confluence report."
tags:
- sales
- salesforce
- snowflake
- confluence
capability:
exposes:
- type: mcp
namespace: sales
port: 8080
tools:
- name: win-orchestrate
description: "Analyzes Salesforce opportunities, queries Snowflake trends, and generates Confluence report."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "salesforce.get-opportunity"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "snowflake.run-query"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "confluence.create-page"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: salesforce
baseUri: "https://northropgrumman.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/sobjects/Opportunity"
operations:
- name: get-opportunity
method: GET
- type: http
namespace: snowflake
baseUri: "https://northropgrumman.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: confluence
baseUri: "https://northrop-grumman.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_password"
resources:
- name: pages
path: "/content"
operations:
- name: create-page
method: POST
Workday Employee Directory Lookup
▼
hr workday directory
Retrieves an employee record from Workday by worker ID, returning name, department, and manager.
naftiko: "0.5"
info:
label: "Workday Employee Directory Lookup"
description: "Retrieves an employee record from Workday by worker ID, returning name, department, and manager."
tags:
- hr
- workday
- directory
capability:
exposes:
- type: mcp
namespace: hr
port: 8080
tools:
- name: get-employee
description: "Retrieves an employee record from Workday by worker ID, returning name, department, and manager."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary lookup parameter."
call: "workday.get-worker"
with:
param_1: "{{param_1}}"
outputParameters:
- name: result
type: string
mapping: "$.result"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: get-worker
path: "/northrop-grumman/workers/{{{{worker_id}}}}"
operations:
- name: get-worker
method: GET
Workday Headcount by Program and Cost Center
▼
hr workforce-planning reporting workday
Returns active Northrop Grumman headcount grouped by program, cost center, and department from Workday for workforce planning and government contract staffing reviews.
naftiko: "0.5"
info:
label: "Workday Headcount by Program and Cost Center"
description: "Returns active Northrop Grumman headcount grouped by program, cost center, and department from Workday for workforce planning and government contract staffing reviews."
tags:
- hr
- workforce-planning
- reporting
- workday
capability:
exposes:
- type: mcp
namespace: hr-reporting
port: 8080
tools:
- name: get-headcount-snapshot
description: "Returns all active Northrop Grumman employees grouped by program, cost center, and department from Workday. Use for contract staffing plans, DCAA compliance reporting, and executive workforce reviews."
call: "workday-hc.list-workers"
outputParameters:
- name: workers
type: array
mapping: "$.data[*]"
consumes:
- type: http
namespace: workday-hc
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/northrop-grumman/workers"
operations:
- name: list-workers
method: GET
Workday Job Requisition Publishing
▼
hr recruiting workday linkedin microsoft-teams talent-acquisition
When a job requisition is approved in Workday, publishes the position to LinkedIn and notifies the talent acquisition team in Microsoft Teams with the posting URL.
naftiko: "0.5"
info:
label: "Workday Job Requisition Publishing"
description: "When a job requisition is approved in Workday, publishes the position to LinkedIn and notifies the talent acquisition team in Microsoft Teams with the posting URL."
tags:
- hr
- recruiting
- workday
- linkedin
- microsoft-teams
- talent-acquisition
capability:
exposes:
- type: mcp
namespace: talent-acquisition
port: 8080
tools:
- name: publish-job-posting
description: "Given a Workday requisition ID, fetch job details and publish the role to LinkedIn, then notify the TA team in Teams. Use when a new job requisition is approved. Security clearance requirements must be handled via separate cleared hiring channels."
inputParameters:
- name: requisition_id
in: body
type: string
description: "The Workday job requisition ID."
steps:
- name: get-requisition
type: call
call: "workday-rec.get-job-requisition"
with:
req_id: "{{requisition_id}}"
- name: post-linkedin
type: call
call: "linkedin.create-job-posting"
with:
title: "{{get-requisition.job_title}}"
description: "{{get-requisition.description}}"
location: "{{get-requisition.location}}"
company_urn: "$secrets.ng_linkedin_org_urn"
- name: notify-ta
type: call
call: "msteams-ta.post-message"
with:
channel_id: "$secrets.ta_channel_id"
text: "Job posted: {{get-requisition.job_title}} | LinkedIn: {{post-linkedin.job_url}}"
consumes:
- type: http
namespace: workday-rec
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: job-requisitions
path: "/northrop-grumman/jobRequisitions/{{req_id}}"
inputParameters:
- name: req_id
in: path
operations:
- name: get-job-requisition
method: GET
- type: http
namespace: linkedin
baseUri: "https://api.linkedin.com/v2"
authentication:
type: bearer
token: "$secrets.linkedin_token"
resources:
- name: job-postings
path: "/jobPostings"
operations:
- name: create-job-posting
method: POST
- type: http
namespace: msteams-ta
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-message
method: POST
Workday New Hire Onboarding Orchestrator
▼
hr onboarding workday servicenow microsoft-365 microsoft-teams crowdstrike
When a new hire is created in Workday, opens a ServiceNow onboarding ticket, provisions a Microsoft 365 account, assigns CrowdStrike endpoint policy, and sends a Teams welcome message.
naftiko: "0.5"
info:
label: "Workday New Hire Onboarding Orchestrator"
description: "When a new hire is created in Workday, opens a ServiceNow onboarding ticket, provisions a Microsoft 365 account, assigns CrowdStrike endpoint policy, and sends a Teams welcome message."
tags:
- hr
- onboarding
- workday
- servicenow
- microsoft-365
- microsoft-teams
- crowdstrike
capability:
exposes:
- type: mcp
namespace: hr-onboarding
port: 8080
tools:
- name: trigger-onboarding
description: "Given a Workday employee ID and start date, orchestrate the full onboarding sequence across ServiceNow, Microsoft 365, CrowdStrike, and Teams. Invoke when a new hire is created in Workday."
inputParameters:
- name: employee_id
in: body
type: string
description: "The Workday worker ID for the new hire."
- name: start_date
in: body
type: string
description: "The employee's first day in YYYY-MM-DD format."
- name: clearance_level
in: body
type: string
description: "Security clearance level (e.g., Secret, Top Secret) to determine system access."
steps:
- name: get-employee
type: call
call: "workday.get-worker"
with:
worker_id: "{{employee_id}}"
- name: open-snow-ticket
type: call
call: "servicenow.create-incident"
with:
short_description: "New hire onboarding: {{get-employee.full_name}}"
category: "hr_onboarding"
assigned_to: "IT_Onboarding"
- name: provision-m365
type: call
call: "msgraph.create-user"
with:
display_name: "{{get-employee.full_name}}"
mail_nickname: "{{get-employee.user_principal_name}}"
department: "{{get-employee.department}}"
- name: apply-endpoint-policy
type: call
call: "crowdstrike.assign-policy"
with:
device_id: "{{get-employee.device_id}}"
clearance_level: "{{clearance_level}}"
- name: send-welcome
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{get-employee.work_email}}"
text: "Welcome to Northrop Grumman, {{get-employee.first_name}}! Your onboarding ticket: {{open-snow-ticket.number}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/northrop-grumman/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: servicenow
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: users
path: "/users"
operations:
- name: create-user
method: POST
- type: http
namespace: crowdstrike
baseUri: "https://api.crowdstrike.com"
authentication:
type: bearer
token: "$secrets.crowdstrike_token"
resources:
- name: policies
path: "/policy/entities/device-control-policies/v1"
operations:
- name: assign-policy
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: chats
path: "/chats"
operations:
- name: send-message
method: POST
Workday Performance Review Campaign Launch
▼
hr performance-management workday servicenow
At the start of a performance review cycle, fetches eligible employees from Workday and creates ServiceNow performance review tasks for each manager to complete.
naftiko: "0.5"
info:
label: "Workday Performance Review Campaign Launch"
description: "At the start of a performance review cycle, fetches eligible employees from Workday and creates ServiceNow performance review tasks for each manager to complete."
tags:
- hr
- performance-management
- workday
- servicenow
capability:
exposes:
- type: mcp
namespace: hr-performance
port: 8080
tools:
- name: launch-performance-reviews
description: "Given a review cycle name and department, fetch eligible employees from Workday and create ServiceNow performance review tasks for each manager. Use to initiate annual or mid-year performance cycles."
inputParameters:
- name: review_cycle
in: body
type: string
description: "Performance review cycle name (e.g., 2026-Annual)."
- name: department
in: body
type: string
description: "Department to scope the review launch."
steps:
- name: get-eligible-employees
type: call
call: "workday-perf.get-workers-by-department"
with:
department: "{{department}}"
- name: create-review-tasks
type: call
call: "servicenow-perf.create-task"
with:
short_description: "Performance reviews {{review_cycle}}: {{department}}"
category: "hr_performance_review"
description: "Eligible employees: {{get-eligible-employees.count}}"
consumes:
- type: http
namespace: workday-perf
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers-by-department
path: "/northrop-grumman/workers"
inputParameters:
- name: department
in: query
operations:
- name: get-workers-by-department
method: GET
- type: http
namespace: servicenow-perf
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: tasks
path: "/table/sc_task"
operations:
- name: create-task
method: POST
Workday Position Management Sync
▼
hr workday sap snowflake microsoft-teams
Syncs Workday position changes to SAP cost centers, updates Snowflake analytics, and notifies HR via Teams.
naftiko: "0.5"
info:
label: "Workday Position Management Sync"
description: "Syncs Workday position changes to SAP cost centers, updates Snowflake analytics, and notifies HR via Teams."
tags:
- hr
- workday
- sap
- snowflake
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: hr
port: 8080
tools:
- name: workday-orchestrate
description: "Syncs Workday position changes to SAP cost centers, updates Snowflake analytics, and notifies HR via Teams."
inputParameters:
- name: param_1
in: body
type: string
description: "Primary input parameter for this workflow."
steps:
- name: step-1
type: call
call: "workday.get-worker"
with:
input: "{{param_1}}"
- name: step-2
type: call
call: "sap.get-po"
with:
input: "{{step-1.result}}"
- name: step-3
type: call
call: "snowflake.run-query"
with:
input: "{{step-1.result}}"
- name: step-4
type: call
call: "msteams.send-message"
with:
input: "{{step-1.result}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/northrop-grumman/workers/{{worker_id}}"
operations:
- name: get-worker
method: GET
- type: http
namespace: sap
baseUri: "https://northropgrumman-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: purchase-orders
path: "/A_PurchaseOrder('{{{{po_number}}}}')"
operations:
- name: get-po
method: GET
- type: http
namespace: snowflake
baseUri: "https://northropgrumman.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/northrop-grumman/channels/general/messages"
operations:
- name: send-message
method: POST
Workday Role Change Access Sync
▼
hr identity role-change workday microsoft-365 crowdstrike servicenow
When an employee changes roles or programs in Workday, updates their Microsoft 365 groups and CrowdStrike device policy to match the new access requirements, logging the change in ServiceNow.
naftiko: "0.5"
info:
label: "Workday Role Change Access Sync"
description: "When an employee changes roles or programs in Workday, updates their Microsoft 365 groups and CrowdStrike device policy to match the new access requirements, logging the change in ServiceNow."
tags:
- hr
- identity
- role-change
- workday
- microsoft-365
- crowdstrike
- servicenow
capability:
exposes:
- type: mcp
namespace: hr-identity
port: 8080
tools:
- name: sync-role-change-access
description: "Given a Workday employee ID, new role, and new program assignment, update Microsoft 365 group memberships, adjust the CrowdStrike device policy, and create a ServiceNow change record. Invoke when an employee transfers programs or changes roles."
inputParameters:
- name: employee_id
in: body
type: string
description: "The Workday worker ID."
- name: new_role
in: body
type: string
description: "The new job title or role."
- name: new_program
in: body
type: string
description: "The new defense program assignment."
steps:
- name: get-employee
type: call
call: "workday-role.get-worker"
with:
worker_id: "{{employee_id}}"
- name: update-m365-groups
type: call
call: "msgraph-role.update-group-memberships"
with:
user_id: "{{get-employee.work_email}}"
program: "{{new_program}}"
- name: update-endpoint-policy
type: call
call: "crowdstrike-role.assign-policy"
with:
device_id: "{{get-employee.device_id}}"
program: "{{new_program}}"
- name: log-change
type: call
call: "servicenow-role.create-change"
with:
short_description: "Role change: {{get-employee.full_name}} → {{new_role}} on {{new_program}}"
category: "hr_role_change"
consumes:
- type: http
namespace: workday-role
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/northrop-grumman/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: msgraph-role
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: group-memberships
path: "/users/{{user_id}}/memberOf"
inputParameters:
- name: user_id
in: path
operations:
- name: update-group-memberships
method: POST
- type: http
namespace: crowdstrike-role
baseUri: "https://api.crowdstrike.com"
authentication:
type: bearer
token: "$secrets.crowdstrike_token"
resources:
- name: device-policies
path: "/policy/entities/device-control-policies/v1"
operations:
- name: assign-policy
method: POST
- type: http
namespace: servicenow-role
baseUri: "https://northropgrumman.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: change-requests
path: "/table/change_request"
operations:
- name: create-change
method: POST
Zoom Program Review Meeting Scheduler
▼
communication program-management zoom sharepoint microsoft-365
Schedules a Zoom program review meeting for defense program stakeholders, creates a SharePoint agenda page, and sends meeting invites via Microsoft 365 calendar.
naftiko: "0.5"
info:
label: "Zoom Program Review Meeting Scheduler"
description: "Schedules a Zoom program review meeting for defense program stakeholders, creates a SharePoint agenda page, and sends meeting invites via Microsoft 365 calendar."
tags:
- communication
- program-management
- zoom
- sharepoint
- microsoft-365
capability:
exposes:
- type: mcp
namespace: program-comms
port: 8080
tools:
- name: schedule-program-review
description: "Given a program name, attendee list, meeting datetime, and agenda, schedule a Zoom meeting, create a SharePoint agenda page, and send Microsoft 365 calendar invites. Use for monthly program reviews, program management reviews, and CDRLs."
inputParameters:
- name: program_name
in: body
type: string
description: "Name of the defense program (e.g., B-21, GBSD)."
- name: meeting_start
in: body
type: string
description: "Meeting start time in ISO 8601 format."
- name: duration_minutes
in: body
type: integer
description: "Duration of the meeting in minutes."
- name: agenda_content
in: body
type: string
description: "Agenda content for the SharePoint page."
steps:
- name: create-zoom-meeting
type: call
call: "zoom.create-meeting"
with:
topic: "Program Review: {{program_name}}"
start_time: "{{meeting_start}}"
duration: "{{duration_minutes}}"
- name: create-agenda-page
type: call
call: "sharepoint-prog.create-page"
with:
site_id: "$secrets.programs_site_id"
title: "Program Review Agenda: {{program_name}}"
content: "Join URL: {{create-zoom-meeting.join_url}}\n\n{{agenda_content}}"
- name: send-calendar-invite
type: call
call: "msgraph-cal.create-event"
with:
subject: "Program Review: {{program_name}}"
start: "{{meeting_start}}"
join_url: "{{create-zoom-meeting.join_url}}"
consumes:
- type: http
namespace: zoom
baseUri: "https://api.zoom.us/v2"
authentication:
type: bearer
token: "$secrets.zoom_token"
resources:
- name: meetings
path: "/users/me/meetings"
operations:
- name: create-meeting
method: POST
- type: http
namespace: sharepoint-prog
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: drive-items
path: "/sites/{{site_id}}/drive/root/children"
inputParameters:
- name: site_id
in: path
operations:
- name: create-page
method: POST
- type: http
namespace: msgraph-cal
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: events
path: "/me/events"
operations:
- name: create-event
method: POST