Summary
Connects Claude to the Blumira SIEM API for querying security findings, device agents, user accounts, and detection evidence. Supports both single-tenant and MSP multi-account operations with tools for listing alerts, resolving findings, managing comments, and pulling device/agent data. Uses decision-tree navigation where you start with a domain picker, then get domain-specific tools loaded dynamically. Handles Blumira's filter syntax for status, severity, timestamps, and regex matching. Ships as an MCPB bundle for one-click install in Claude Desktop, or runs via Docker with HTTP transport. Good fit if you're triaging security incidents in Blumira and want LLM-assisted querying without switching contexts.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Blumira MCP Server
A Model Context Protocol (MCP) server that provides AI assistants with structured access to Blumira SIEM platform data and operations.
Note: This project is maintained by Wyre Technology.
Quick Start
Claude Desktop — download, open, done:
- Download
blumira-mcp.mcpbfrom the latest release - Open the file (double-click or drag into Claude Desktop)
- Enter your Blumira JWT token when prompted
No terminal, no JSON editing, no Node.js install required.
Claude Code (CLI):
claude mcp add blumira-mcp \
-e BLUMIRA_JWT_TOKEN=your-jwt-token \
-- npx -y github:wyre-technology/blumira-mcp
See Installation for Docker and from-source methods.
Features
- 🔌 MCP Protocol Compliance: Full support for MCP resources and tools
- 🛡️ Comprehensive SIEM Coverage: Tools spanning findings, agents/devices, users, resolutions, and MSP account management
- 🔍 Decision-Tree Navigation: Start with
blumira_navigateto explore domains, then dynamically load domain-specific tools - 🏢 MSP Multi-Tenant Support: Full MSP endpoint coverage for managing findings, agents, and users across accounts
- 🔒 Secure Authentication: JWT token or API key (
pax8ApiTokenV1) authentication - 🌐 Dual Transport: Supports both stdio (local) and HTTP Streamable (remote/Docker) transports
- 📦 MCPB Packaging: One-click installation via MCP Bundle for desktop clients
- 🐳 Docker Ready: Containerized deployment with HTTP transport and health checks
- ⚡ Rate Limiting: Built-in rate limiter respects Blumira API limits
- 🔎 Rich Filtering: Support for
.eq,.in,.gt,.lt,.contains,.regex, and negation operators
Installation
Option 1: MCPB Bundle (Claude Desktop)
The simplest method — no terminal, no JSON editing, no Node.js install required.
- Download
blumira-mcp.mcpbfrom the latest release - Open the file (double-click or drag into Claude Desktop)
- Enter your Blumira JWT token when prompted
For Claude Code (CLI), one command:
claude mcp add blumira-mcp \
-e BLUMIRA_JWT_TOKEN=your-jwt-token \
-- npx -y github:wyre-technology/blumira-mcp
Option 2: Docker
docker compose up
Or pull the pre-built image:
docker run -d \
-e BLUMIRA_JWT_TOKEN=your-token \
-p 8080:8080 \
ghcr.io/wyre-technology/blumira-mcp:latest
Option 3: From Source
git clone https://github.com/wyre-technology/blumira-mcp.git
cd blumira-mcp
npm ci
npm run build
Configuration
| Variable | Description | Default |
|---|---|---|
BLUMIRA_JWT_TOKEN | JWT token for authentication | — |
MCP_TRANSPORT | Transport mode (stdio or http) | stdio |
MCP_HTTP_PORT | HTTP server port | 8080 |
AUTH_MODE | Auth mode (env or gateway) | env |
LOG_LEVEL | Log level (debug, info, warn, error) | info |
Domains
The server uses decision-tree navigation. Start with blumira_navigate to pick a domain:
| Domain | Tools |
|---|---|
| findings | List findings, get finding, get finding details, resolve finding, assign owners, list/add comments |
| agents | List devices, get device, list agent keys, get agent key |
| users | List users |
| resolutions | List available resolutions |
| msp | List/get accounts, list/get/resolve findings, assign owners, comments, list devices/keys, list users |
Filtering
Blumira supports rich query filtering on list endpoints:
status.eq=10 # Exact match
severity.in=HIGH,CRITICAL # Multiple values
created_at.gt=2026-01-01 # Greater than
name.contains=malware # Substring match
!status.eq=30 # Negation
Pass filters as tool input parameters — the server handles query string construction.
Docker Deployment
Copy .env.example to .env and fill in your credentials:
cp .env.example .env
# Edit .env with your Blumira JWT token
docker compose up -d
Development
npm ci
npm run build # Build the project
npm run dev # Watch mode
npm run test # Run tests
npm run lint # Type-check
npm run clean # Remove dist/
Contributing
See CONTRIBUTING.md for guidelines.
License
Apache 2.0 — Copyright WYRE Technology
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Configuration
BLUMIRA_JWT_TOKEN*secretBlumira API JWT token used to authenticate requests
MCP_TRANSPORTdefault: stdioTransport mode for the server. Set to 'stdio' for local CLI use; the image defaults to 'http' for gateway hosting.
AUTH_MODEdefault: envCredential source: 'env' reads vars locally, 'gateway' expects header injection from the WYRE MCP Gateway.
LOG_LEVELdefault: infoLog verbosity: debug, info, warn, error
Categories
Registryactive
Packageghcr.io/wyre-technology/blumira-mcp:v1.2.4
TransportSTDIO
AuthRequired
UpdatedMay 22, 2026
