Blumira

Build Status License Node.js

A Model Context Protocol (MCP) server that provides AI assistants with structured access to Blumira SIEM platform data and operations.

Note: This project is maintained by Wyre Technology.

Quick Start

Claude Desktop — download, open, done:

1. Download blumira-mcp.mcpb from the latest release
2. Open the file (double-click or drag into Claude Desktop)
3. Enter your Blumira JWT token when prompted

No terminal, no JSON editing, no Node.js install required.

Claude Code (CLI):

claude mcp add blumira-mcp \
  -e BLUMIRA_JWT_TOKEN=your-jwt-token \
  -- npx -y github:wyre-technology/blumira-mcp

See Installation for Docker and from-source methods.

Features

• 🔌 MCP Protocol Compliance: Full support for MCP resources and tools
• 🛡️ Comprehensive SIEM Coverage: Tools spanning findings, agents/devices, users, resolutions, and MSP account management
• 🔍 Decision-Tree Navigation: Start with blumira_navigate to explore domains, then dynamically load domain-specific tools
• 🏢 MSP Multi-Tenant Support: Full MSP endpoint coverage for managing findings, agents, and users across accounts
• 🔒 Secure Authentication: JWT token or API key (pax8ApiTokenV1) authentication
• 🌐 Dual Transport: Supports both stdio (local) and HTTP Streamable (remote/Docker) transports
• 📦 MCPB Packaging: One-click installation via MCP Bundle for desktop clients
• 🐳 Docker Ready: Containerized deployment with HTTP transport and health checks
• ⚡ Rate Limiting: Built-in rate limiter respects Blumira API limits
• 🔎 Rich Filtering: Support for .eq, .in, .gt, .lt, .contains, .regex, and negation operators

Installation

Option 1: MCPB Bundle (Claude Desktop)

The simplest method — no terminal, no JSON editing, no Node.js install required.

1. Download blumira-mcp.mcpb from the latest release
2. Open the file (double-click or drag into Claude Desktop)
3. Enter your Blumira JWT token when prompted

For Claude Code (CLI), one command:

claude mcp add blumira-mcp \
  -e BLUMIRA_JWT_TOKEN=your-jwt-token \
  -- npx -y github:wyre-technology/blumira-mcp

Option 2: Docker

docker compose up

Or pull the pre-built image:

docker run -d \
  -e BLUMIRA_JWT_TOKEN=your-token \
  -p 8080:8080 \
  ghcr.io/wyre-technology/blumira-mcp:latest

Option 3: From Source

git clone https://github.com/wyre-technology/blumira-mcp.git
cd blumira-mcp
npm ci
npm run build

Configuration

Variable	Description	Default
BLUMIRA_JWT_TOKEN	JWT token for authentication	—
MCP_TRANSPORT	Transport mode (stdio or http)	stdio
MCP_HTTP_PORT	HTTP server port	8080
AUTH_MODE	Auth mode (env or gateway)	env
LOG_LEVEL	Log level (debug, info, warn, error)	info

Domains

The server uses decision-tree navigation. Start with blumira_navigate to pick a domain:

Domain	Tools
findings	List findings, get finding, get finding details, resolve finding, assign owners, list/add comments
agents	List devices, get device, list agent keys, get agent key
users	List users
resolutions	List available resolutions
msp	List/get accounts, list/get/resolve findings, assign owners, comments, list devices/keys, list users

Filtering

Blumira supports rich query filtering on list endpoints:

status.eq=10              # Exact match
severity.in=HIGH,CRITICAL # Multiple values
created_at.gt=2026-01-01  # Greater than
name.contains=malware     # Substring match
!status.eq=30             # Negation

Pass filters as tool input parameters — the server handles query string construction.

Docker Deployment

Copy .env.example to .env and fill in your credentials:

cp .env.example .env
# Edit .env with your Blumira JWT token
docker compose up -d

Development

npm ci
npm run build       # Build the project
npm run dev         # Watch mode
npm run test        # Run tests
npm run lint        # Type-check
npm run clean       # Remove dist/

Contributing

See CONTRIBUTING.md for guidelines.

License

Apache 2.0 — Copyright WYRE Technology