Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From blumira
Guides Blumira REST API integration: JWT auth, org/MSP paths, query filters (.eq, .in, .gt), pagination (page, limit), and error handling like token expiry.
npx claudepluginhub wyre-technology/msp-claude-plugins --plugin blumiraHow this skill is triggered — by the user, by Claude, or both
Slash command
/blumira:api-patternsThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Blumira exposes a REST API at `https://api.blumira.com/public-api/v1` with two path groups: `/org/*` for direct organization access and `/msp/*` for MSP multi-tenant operations. The MCP server wraps these into tool calls, but understanding the underlying patterns helps construct effective queries.
Manages Blumira MSP multi-tenant operations: lists managed accounts, runs cross-account findings queries, handles per-account devices, users, and findings.
Guides SentinelOne Purple MCP tools: uvx install, Service User token auth, GraphQL/REST APIs, transport modes, rate limits, error handling for 23 read-only tools across Purple AI, alerts, vulnerabilities, assets.
Generates multi-tenant security and operational reports from LimaCharlie: billing summaries, usage roll-ups, detection trends, sensor health monitoring, configuration audits across organizations.
Share bugs, ideas, or general feedback.
Blumira exposes a REST API at https://api.blumira.com/public-api/v1 with two path groups: /org/* for direct organization access and /msp/* for MSP multi-tenant operations. The MCP server wraps these into tool calls, but understanding the underlying patterns helps construct effective queries.
Blumira uses JWT tokens for authentication. The token is passed via the X-Blumira-JWT-Token header (MCP Gateway) or as a Bearer token directly against the API.
Authorization: Bearer <JWT_TOKEN>
Alternatively, for Pax8 integrations:
pax8ApiTokenV1: <PAX8_TOKEN>
Important: JWT tokens have expiration times. If you receive 401 errors, the token may need to be regenerated from the Blumira portal.
| Path Group | Prefix | Use Case |
|---|---|---|
| Organization | /org/* | Direct access to a single organization's data |
| MSP | /msp/* | Multi-tenant access across managed accounts |
Organization tools (blumira_findings_*, blumira_agents_*, blumira_users_*) operate on the authenticated org. MSP tools (blumira_msp_*) require MSP-level credentials and can target specific accounts.
Blumira supports powerful query filters appended to field names:
| Operator | Suffix | Example | Description |
|---|---|---|---|
| Equals | .eq | status.eq=10 | Exact match |
| In | .in | severity.in=HIGH,CRITICAL | Match any in list |
| Greater than | .gt | created.gt=2025-01-01 | Greater than |
| Less than | .lt | created.lt=2025-12-31 | Less than |
| Contains | .contains | name.contains=ransomware | Substring match |
| Regex | .regex | name.regex=^brute | Regex match |
| Negation | ! prefix | !status.eq=30 | Negate any filter |
Combining filters: Multiple filters are ANDed together:
GET /org/findings?status.eq=10&severity.in=HIGH,CRITICAL&created.gt=2025-01-01
All list endpoints support pagination parameters:
| Parameter | Description | Default |
|---|---|---|
page | Page number (1-indexed) | 1 |
page_size | Results per page | 25 |
limit | Max total results | — |
order_by | Sort field (prefix - for descending) | varies |
Responses include pagination metadata:
{
"data": [...],
"links": {
"next": "/org/findings?page=2&page_size=25",
"prev": null
},
"meta": {
"total": 142,
"page": 1,
"page_size": 25
}
}
The MCP server includes stateful navigation tools:
blumira_navigate — Navigate to a specific resource or viewblumira_status — Show current navigation contextblumira_back — Return to previous contextThese help maintain context when drilling into findings, devices, or accounts.
blumira_findings_list with filter parametersblumira_findings_getblumira_msp_accounts_list to enumerate accountsblumira_msp_findings_all for cross-account finding overviewblumira_msp_findings_listCause: JWT token is expired, invalid, or missing
Solution: Regenerate the token from Blumira Portal > Settings > API Access. Verify BLUMIRA_JWT_TOKEN is set.
Cause: Token lacks permissions for the requested resource (e.g., org token used for MSP endpoints) Solution: Ensure the token has appropriate scope. MSP endpoints require MSP-level credentials.
Cause: Resource ID doesn't exist or is not accessible from the current scope Solution: Verify the ID and ensure the token has access to the target organization.
Cause: Too many requests in a short period Solution: Back off and retry after a delay. Use pagination to reduce request volume.
Cause: Invalid filter syntax or parameter values
Solution: Check filter operator syntax (.eq, .in, etc.) and ensure values match expected types.
page_size=50) for large datasets instead of fetching everything at onceorder_by=-created to get most recent items firstmeta.total to know if more pages exist