Stats

Actions

Tags

Help us improve

Share bugs, ideas, or general feedback.

Blumira Resolutions | blumira

Skill

Blumira Resolutions

Guides resolving Blumira security findings with correct resolution types, metrics impact, API usage (e.g., blumira_findings_resolve), workflows, and bulk false positive handling.

$

npx claudepluginhub wyre-technology/msp-claude-plugins --plugin blumira

Popularity

Parent stars

24

Parent forks

13

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/blumira:resolutions

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Resolutions are the final disposition applied to findings when closing them. Choosing the correct resolution type is critical for accurate security metrics, detection tuning, and compliance reporting.

SKILL.md

111 lines · ~943 tokens

Similar Skills

Blumira Findings

24

Manages Blumira security findings: list, filter, investigate, resolve, assign, and comment on alerts and detections.

soc

11

Unified SOC analyst workflow for CrowdStrike NGSIEM — triage alerts, investigate security events, hunt threats, and tune detections. Use when triaging alerts, investigating detections, running daily SOC review, or tuning for false positives.

17 files

crowdstrike-soc

soc-agents

11

Unified SOC analyst workflow for CrowdStrike NGSIEM — triage alerts, investigate security events, hunt threats, and tune detections. Agent-delegated architecture: Haiku for mechanical tasks, Sonnet for substantive work, Opus for judgment.

8 files

crowdstrike-soc-agents

Stats

LanguageTypeScript

Parent stars24

Parent forks13

MaintenanceExcellent

Last CommitApr 5, 2026

Actions

View Source View Plugin View on GitHub View README

Tags

blumira-resolutions

security-findings

false-positives

resolution-types

detection-tuning

security-metrics

Help us improve

Share bugs, ideas, or general feedback.

Blumira Resolutions

Overview

Resolutions are the final disposition applied to findings when closing them. Choosing the correct resolution type is critical for accurate security metrics, detection tuning, and compliance reporting.

Key Concepts

Resolution Types

Code	Label	Description	When to Use
10	Valid	Confirmed real threat	The finding represents a genuine security event. Action was taken (blocked, remediated, etc.)
20	Not Applicable	Doesn't apply	The detection is correct but irrelevant to this environment (e.g., policy doesn't apply to test lab)
30	False Positive	Incorrect detection	The detection fired incorrectly — the activity was benign

Impact on Metrics

Valid resolutions count toward your confirmed threat statistics
False Positive resolutions feed back into detection tuning — high FP rates indicate rules that need adjustment
Not Applicable resolutions help identify rules to disable for specific environments

API Patterns

List Available Resolutions

blumira_resolutions_list

Returns all resolution types with their codes, labels, and descriptions.

Resolve a Finding

blumira_findings_resolve
  finding_id=<UUID>
  resolution_type=10
  notes="Confirmed credential stuffing attack from IP 203.0.113.50. Account locked, password reset forced."

MSP Finding Resolution

blumira_msp_findings_resolve
  account_id=<UUID>
  finding_id=<UUID>
  resolution_type=30
  notes="False positive - scheduled backup job triggers this detection. Added to allowlist."

Common Workflows

Choosing the Right Resolution

Is the detected activity real?
- Yes → Was it malicious or a policy violation? → Valid (10)
- Yes → But it's expected/allowed in this environment → Not Applicable (20)
- No → The detection was wrong → False Positive (30)
Always include detailed notes explaining the decision
For False Positives, note what the activity actually was to help with tuning

Bulk Resolution of False Positives

blumira_findings_list filtered by the specific detection rule
Review a sample to confirm all are false positives
Resolve each with resolution type 30 and consistent notes
Consider requesting a rule tuning in the Blumira portal

Error Handling

Invalid Resolution Type

Cause: Resolution code is not 10, 20, or 30 Solution: Use blumira_resolutions_list to confirm valid codes.

Missing Notes

Cause: Some resolution workflows may require notes Solution: Always provide descriptive notes for audit trail purposes.

Best Practices

Always provide detailed notes — they're the audit trail for compliance
Track false positive rates by detection rule to identify tuning opportunities
Use "Not Applicable" instead of "False Positive" when the detection is correct but the policy doesn't apply
Review resolution statistics regularly to improve detection quality
For MSP accounts, maintain consistent resolution standards across tenants

Related Skills

Findings — Finding lifecycle and resolution workflow
MSP — Cross-account resolution management