From blumira
Lists, filters, investigates, resolves, assigns, and comments on Blumira security findings (alerts/detections) across their lifecycle.
How this skill is triggered — by the user, by Claude, or both
Slash command
/blumira:findingsWhen to use
When working with Blumira findings (security alerts/detections), including listing, filtering, investigating, resolving, assigning, and commenting on findings. Use when: blumira finding, blumira alert, blumira detection, security finding, triage finding, resolve finding, or finding status.
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Findings are Blumira's primary security detection unit — they represent threats, suspicious activity, or policy violations detected across your environment. This skill covers the full finding lifecycle from discovery through resolution.
Findings are Blumira's primary security detection unit — they represent threats, suspicious activity, or policy violations detected across your environment. This skill covers the full finding lifecycle from discovery through resolution.
| Status Code | Label | Description |
|---|---|---|
| 10 | Open | New, unreviewed finding |
| 20 | In Progress | Under investigation |
| 30 | Resolved | Closed with a resolution |
Findings have severity levels (e.g., LOW, MEDIUM, HIGH, CRITICAL) that indicate the potential impact. Always triage CRITICAL and HIGH findings first.
When resolving a finding, you must specify a resolution type:
| Resolution Code | Label | Use When |
|---|---|---|
| 10 | Valid | Confirmed real threat, action was taken |
| 20 | Not Applicable | Finding doesn't apply to this environment |
| 30 | False Positive | Detection was incorrect |
blumira_findings_list
status.eq=10 # Open findings only
severity.in=HIGH,CRITICAL
order_by=-created # Most recent first
page_size=25
blumira_findings_get
finding_id=<UUID>
blumira_findings_details
finding_id=<UUID>
The details endpoint returns enriched data including related context, evidence, and recommended actions.
blumira_findings_resolve
finding_id=<UUID>
resolution_type=10 # Valid
notes="Confirmed brute force attempt. Blocked source IP in firewall."
blumira_findings_assign
finding_id=<UUID>
user_id=<UUID>
blumira_findings_comments_list
finding_id=<UUID>
blumira_findings_comments_add
finding_id=<UUID>
comment="Investigating source IP. Checking firewall logs for correlation."
blumira_findings_list with status.eq=10 and order_by=-severityblumira_findings_details to get contextblumira_findings_assignblumira_findings_comments_addblumira_findings_get to retrieve the findingblumira_findings_details for enriched context and evidenceblumira_findings_comments_list to review prior investigation notesblumira_findings_comments_addblumira_findings_list with filters matching the batch (e.g., same detection rule)blumira_findings_resolve and appropriate resolution typeblumira_findings_list
created.gt=2025-01-01
created.lt=2025-02-01
status.eq=10
Cause: Invalid finding ID or finding not accessible in current org scope
Solution: Verify the finding ID. If using MSP credentials, use blumira_msp_findings_get instead.
Cause: Resolution type not provided or invalid Solution: Provide a valid resolution type: 10 (Valid), 20 (Not Applicable), or 30 (False Positive).
Cause: User ID doesn't exist or isn't a member of the organization
Solution: Use blumira_users_list to get valid user IDs.
npx claudepluginhub wyre-technology/msp-claude-plugins --plugin blumiraGuides resolution of Blumira findings: choosing Valid, Not Applicable, or False Positive types and understanding impact on security metrics.
Unified SOC analyst workflow for CrowdStrike NGSIEM — triage alerts, investigate security events, hunt threats, and tune detections. Use when triaging alerts, investigating detections, running daily SOC review, or tuning for false positives.
Unified SOC analyst workflow for CrowdStrike NGSIEM — triage alerts, investigate security events, hunt threats, and tune detections. Agent-delegated architecture: Haiku for mechanical tasks, Sonnet for substantive work, Opus for judgment.