A Model Context Protocol (MCP) server that provides AI assistants with structured access to Blumira SIEM platform data and operations.
Note: This project is maintained by Wyre Technology.
Claude Desktop — download, open, done:
- Download
blumira-mcp.mcpbfrom the latest release - Open the file (double-click or drag into Claude Desktop)
- Enter your Blumira JWT token when prompted
No terminal, no JSON editing, no Node.js install required.
Claude Code (CLI):
claude mcp add blumira-mcp \
-e BLUMIRA_JWT_TOKEN=your-jwt-token \
-- npx -y github:wyre-technology/blumira-mcpSee Installation for Docker and from-source methods.
- 🔌 MCP Protocol Compliance: Full support for MCP resources and tools
- 🛡️ Comprehensive SIEM Coverage: Tools spanning findings, agents/devices, users, resolutions, and MSP account management
- 🔍 Decision-Tree Navigation: Start with
blumira_navigateto explore domains, then dynamically load domain-specific tools - 🏢 MSP Multi-Tenant Support: Full MSP endpoint coverage for managing findings, agents, and users across accounts
- 🔒 Secure Authentication: JWT token or API key (
pax8ApiTokenV1) authentication - 🌐 Dual Transport: Supports both stdio (local) and HTTP Streamable (remote/Docker) transports
- 📦 MCPB Packaging: One-click installation via MCP Bundle for desktop clients
- 🐳 Docker Ready: Containerized deployment with HTTP transport and health checks
- ⚡ Rate Limiting: Built-in rate limiter respects Blumira API limits
- 🔎 Rich Filtering: Support for
.eq,.in,.gt,.lt,.contains,.regex, and negation operators
The simplest method — no terminal, no JSON editing, no Node.js install required.
- Download
blumira-mcp.mcpbfrom the latest release - Open the file (double-click or drag into Claude Desktop)
- Enter your Blumira JWT token when prompted
For Claude Code (CLI), one command:
claude mcp add blumira-mcp \
-e BLUMIRA_JWT_TOKEN=your-jwt-token \
-- npx -y github:wyre-technology/blumira-mcpdocker compose upOr pull the pre-built image:
docker run -d \
-e BLUMIRA_JWT_TOKEN=your-token \
-p 8080:8080 \
ghcr.io/wyre-technology/blumira-mcp:latestgit clone https://github.com/wyre-technology/blumira-mcp.git
cd blumira-mcp
npm ci
npm run build| Variable | Description | Default |
|---|---|---|
BLUMIRA_JWT_TOKEN |
JWT token for authentication | — |
MCP_TRANSPORT |
Transport mode (stdio or http) |
stdio |
MCP_HTTP_PORT |
HTTP server port | 8080 |
AUTH_MODE |
Auth mode (env or gateway) |
env |
LOG_LEVEL |
Log level (debug, info, warn, error) |
info |
The server uses decision-tree navigation. Start with blumira_navigate to pick a domain:
| Domain | Tools |
|---|---|
| findings | List findings, get finding, get finding details, resolve finding, assign owners, list/add comments |
| agents | List devices, get device, list agent keys, get agent key |
| users | List users |
| resolutions | List available resolutions |
| msp | List/get accounts, list/get/resolve findings, assign owners, comments, list devices/keys, list users |
Blumira supports rich query filtering on list endpoints:
status.eq=10 # Exact match
severity.in=HIGH,CRITICAL # Multiple values
created_at.gt=2026-01-01 # Greater than
name.contains=malware # Substring match
!status.eq=30 # Negation
Pass filters as tool input parameters — the server handles query string construction.
Copy .env.example to .env and fill in your credentials:
cp .env.example .env
# Edit .env with your Blumira JWT token
docker compose up -dnpm ci
npm run build # Build the project
npm run dev # Watch mode
npm run test # Run tests
npm run lint # Type-check
npm run clean # Remove dist/See CONTRIBUTING.md for guidelines.
Apache 2.0 — Copyright WYRE Technology