blumira-mcp
An MCP server for Blumira SIEM platform, enabling management of security event detection, alerts, and threat response through Blumira's API.
README
Blumira MCP Server
A Model Context Protocol (MCP) server that provides AI assistants with structured access to Blumira SIEM platform data and operations.
Note: This project is maintained by Wyre Technology.
Quick Start
Claude Desktop — download, open, done:
- Download
blumira-mcp.mcpbfrom the latest release - Open the file (double-click or drag into Claude Desktop)
- Enter your Blumira JWT token when prompted
No terminal, no JSON editing, no Node.js install required.
Claude Code (CLI):
claude mcp add blumira-mcp \
-e BLUMIRA_JWT_TOKEN=your-jwt-token \
-- npx -y github:wyre-technology/blumira-mcp
See Installation for Docker and from-source methods.
Features
- 🔌 MCP Protocol Compliance: Full support for MCP resources and tools
- 🛡️ Comprehensive SIEM Coverage: Tools spanning findings, agents/devices, users, resolutions, and MSP account management
- 🔍 Decision-Tree Navigation: Start with
blumira_navigateto explore domains, then dynamically load domain-specific tools - 🏢 MSP Multi-Tenant Support: Full MSP endpoint coverage for managing findings, agents, and users across accounts
- 🔒 Secure Authentication: JWT token or API key (
pax8ApiTokenV1) authentication - 🌐 Dual Transport: Supports both stdio (local) and HTTP Streamable (remote/Docker) transports
- 📦 MCPB Packaging: One-click installation via MCP Bundle for desktop clients
- 🐳 Docker Ready: Containerized deployment with HTTP transport and health checks
- ⚡ Rate Limiting: Built-in rate limiter respects Blumira API limits
- 🔎 Rich Filtering: Support for
.eq,.in,.gt,.lt,.contains,.regex, and negation operators
Installation
Option 1: MCPB Bundle (Claude Desktop)
The simplest method — no terminal, no JSON editing, no Node.js install required.
- Download
blumira-mcp.mcpbfrom the latest release - Open the file (double-click or drag into Claude Desktop)
- Enter your Blumira JWT token when prompted
For Claude Code (CLI), one command:
claude mcp add blumira-mcp \
-e BLUMIRA_JWT_TOKEN=your-jwt-token \
-- npx -y github:wyre-technology/blumira-mcp
Option 2: Docker
docker compose up
Or pull the pre-built image:
docker run -d \
-e BLUMIRA_JWT_TOKEN=your-token \
-p 8080:8080 \
ghcr.io/wyre-technology/blumira-mcp:latest
Option 3: From Source
git clone https://github.com/wyre-technology/blumira-mcp.git
cd blumira-mcp
npm ci
npm run build
Configuration
| Variable | Description | Default |
|---|---|---|
BLUMIRA_JWT_TOKEN |
JWT token for authentication | — |
MCP_TRANSPORT |
Transport mode (stdio or http) |
stdio |
MCP_HTTP_PORT |
HTTP server port | 8080 |
AUTH_MODE |
Auth mode (env or gateway) |
env |
LOG_LEVEL |
Log level (debug, info, warn, error) |
info |
Domains
The server uses decision-tree navigation. Start with blumira_navigate to pick a domain:
| Domain | Tools |
|---|---|
| findings | List findings, get finding, get finding details, resolve finding, assign owners, list/add comments |
| agents | List devices, get device, list agent keys, get agent key |
| users | List users |
| resolutions | List available resolutions |
| msp | List/get accounts, list/get/resolve findings, assign owners, comments, list devices/keys, list users |
Filtering
Blumira supports rich query filtering on list endpoints:
status.eq=10 # Exact match
severity.in=HIGH,CRITICAL # Multiple values
created_at.gt=2026-01-01 # Greater than
name.contains=malware # Substring match
!status.eq=30 # Negation
Pass filters as tool input parameters — the server handles query string construction.
Docker Deployment
Copy .env.example to .env and fill in your credentials:
cp .env.example .env
# Edit .env with your Blumira JWT token
docker compose up -d
Development
npm ci
npm run build # Build the project
npm run dev # Watch mode
npm run test # Run tests
npm run lint # Type-check
npm run clean # Remove dist/
Contributing
See CONTRIBUTING.md for guidelines.
License
Apache 2.0 — Copyright WYRE Technology
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.