blackpoint-mcp
An MCP server for Blackpoint Cyber MDR platform, enabling management of security monitoring, threat detection, and incident response through Blackpoint's API.
README
blackpoint-mcp
Model Context Protocol (MCP) server for Blackpoint Cyber CompassOne - Managed Detection and Response (MDR) platform.
Features
This MCP server provides access to CompassOne's security capabilities through a decision-tree navigation interface:
Available Domains
- 🏢 Tenants: Customer tenant management
- 💻 Assets: Endpoint and server inventory (endpoint, server, network, cloud, mobile, iot)
- 🔍 Detections: Security detections and telemetry
- 🛡️ Vulnerabilities: Vulnerability management, dark web monitoring, external exposure scanning
Domain Structure
The server uses decision-tree navigation to organize tools:
- Initial State: Navigation tools only (
blackpoint_navigate,blackpoint_status) - Domain Entry: Navigate to a domain to see its specific tools
- Domain Tools: Use domain-specific operations
- Return: Use
blackpoint_backto return to navigation
Tool Naming Convention
All tools follow the pattern: blackpoint_{domain}_{action}
Examples:
blackpoint_assets_list- List assets by classblackpoint_detections_list- List security detectionsblackpoint_vulnerabilities_scans_list- List vulnerability scans
Installation
npm install blackpoint-mcp
Configuration
Environment Variables
| Variable | Description | Required |
|---|---|---|
BLACKPOINT_API_TOKEN |
CompassOne API token | Yes |
BLACKPOINT_BASE_URL |
API base URL (may vary by region/partner) | No |
MCP_TRANSPORT |
Transport mode: stdio or http |
No (default: stdio) |
MCP_HTTP_PORT |
HTTP port for gateway mode | No (default: 8080) |
AUTH_MODE |
Set to gateway for header-based auth |
No |
LOG_LEVEL |
Logging level: debug, info, warn, error | No (default: info) |
Gateway Mode
When AUTH_MODE=gateway, the server reads credentials from HTTP headers:
X-Blackpoint-API-Token→BLACKPOINT_API_TOKEN
This enables per-request authentication for multi-tenant gateways.
Usage
Standalone Mode (stdio)
# Set credentials
export BLACKPOINT_API_TOKEN="your-api-token"
# Run the server
blackpoint-mcp
Gateway Mode (HTTP)
export AUTH_MODE=gateway
export MCP_TRANSPORT=http
export MCP_HTTP_PORT=8080
blackpoint-mcp
Example Tool Calls
// Start by checking available domains
await tools.call("blackpoint_status");
// Navigate to assets domain
await tools.call("blackpoint_navigate", { domain: "assets" });
// List endpoint assets
await tools.call("blackpoint_assets_list", {
class: "endpoint",
pageSize: 10
});
// Get specific asset details
await tools.call("blackpoint_assets_get", {
id: "asset_12345"
});
// Return to navigation
await tools.call("blackpoint_back");
API Coverage
✅ Implemented
| Domain | Tools | Description |
|---|---|---|
| tenants | list, get |
Customer tenant management |
| assets | list, get, relationships, search |
Asset inventory and relationships |
| detections | list, get |
Security detections and telemetry |
| vulnerabilities | list, scans_list, darkweb_list, external_list |
Vuln management, dark web, external exposure |
📋 Planned
| Domain | Status | Notes |
|---|---|---|
| partners | SDK ready | Account management - ready to implement |
| alerts | Models only | API handlers not available in CompassOne wrapper |
| tickets | Models only | API handlers not available in CompassOne wrapper |
| cloud_security | SDK ready | M365/Google/Cisco onboarding - ready to implement |
| notifications | SDK ready | Contact groups and channels - ready to implement |
Partner vs Tenant Scoping
CompassOne uses hierarchical scoping: Partner → Tenants → Assets
- Partner tokens can access all associated tenants
- Tenant-scoped tokens are limited to specific customers
- Always specify
tenantIdparameters to avoid cross-tenant operations
Error Handling
The server provides structured error responses:
{
"content": [{
"type": "text",
"text": "Failed to list assets: Authentication failed"
}],
"isError": true
}
Common error scenarios:
- Authentication: Invalid or expired API token
- Rate Limiting: Automatic retry with exponential backoff
- Not Found: Requested resource doesn't exist
- Validation: Invalid parameters or missing required fields
Rate Limiting
The underlying SDK implements automatic rate limiting:
- Default: 60 requests per minute (1 per second)
- 429 Handling: Honors
Retry-Afterheaders - Backoff: Exponential backoff for subsequent requests
Docker
# Build
docker build -t blackpoint-mcp .
# Run in gateway mode
docker run -p 8080:8080 \
-e AUTH_MODE=gateway \
-e MCP_TRANSPORT=http \
-e MCP_HTTP_PORT=8080 \
blackpoint-mcp
Development
# Install dependencies
npm install
# Run in development mode
npm run dev
# Build
npm run build
# Test
npm test
# Lint
npm run lint
Security Considerations
API Access Requirements
- CompassOne Partner Agreement required for API access
- Partner-tier credentials needed for multi-tenant operations
- Scoped tokens recommended for tenant-specific access
Destructive Operations
The following operations require confirmation (when implemented):
- Asset isolation/response actions
- Ticket status changes with actions
- Alert acknowledgment/closure
- Remediation workflows
These use the elicitConfirmation pattern to prevent accidental execution.
Troubleshooting
Common Issues
No tools showing:
- Check
BLACKPOINT_API_TOKENis set - Verify token has correct scopes
- Check network connectivity to CompassOne API
Gateway mode not working:
- Verify
AUTH_MODE=gatewayis set - Check HTTP headers are passed correctly
- Confirm container networking allows connections
Rate limiting:
- Monitor logs for 429 responses
- Consider reducing request frequency
- Verify token isn't shared across instances
Debug Logging
export LOG_LEVEL=debug
blackpoint-mcp
Health Check
# Test basic connectivity
curl -X POST http://localhost:8080/ \
-H "Content-Type: application/json" \
-H "X-Blackpoint-API-Token: your-token" \
-d '{"jsonrpc": "2.0", "method": "tools/list", "id": 1}'
Contributing
- Fork the repository
- Create a feature branch:
git checkout -b feature-name - Make your changes and add tests
- Follow the domain handler pattern for new capabilities
- Submit a pull request
See CONTRIBUTING.md for detailed guidelines.
License
Apache-2.0 - see LICENSE for details.
推荐服务器
Baidu Map
百度地图核心API现已全面兼容MCP协议,是国内首家兼容MCP协议的地图服务商。
Playwright MCP Server
一个模型上下文协议服务器,它使大型语言模型能够通过结构化的可访问性快照与网页进行交互,而无需视觉模型或屏幕截图。
Magic Component Platform (MCP)
一个由人工智能驱动的工具,可以从自然语言描述生成现代化的用户界面组件,并与流行的集成开发环境(IDE)集成,从而简化用户界面开发流程。
Audiense Insights MCP Server
通过模型上下文协议启用与 Audiense Insights 账户的交互,从而促进营销洞察和受众数据的提取和分析,包括人口统计信息、行为和影响者互动。
VeyraX
一个单一的 MCP 工具,连接你所有喜爱的工具:Gmail、日历以及其他 40 多个工具。
graphlit-mcp-server
模型上下文协议 (MCP) 服务器实现了 MCP 客户端与 Graphlit 服务之间的集成。 除了网络爬取之外,还可以将任何内容(从 Slack 到 Gmail 再到播客订阅源)导入到 Graphlit 项目中,然后从 MCP 客户端检索相关内容。
Kagi MCP Server
一个 MCP 服务器,集成了 Kagi 搜索功能和 Claude AI,使 Claude 能够在回答需要最新信息的问题时执行实时网络搜索。
e2b-mcp-server
使用 MCP 通过 e2b 运行代码。
Neon MCP Server
用于与 Neon 管理 API 和数据库交互的 MCP 服务器
Exa MCP Server
模型上下文协议(MCP)服务器允许像 Claude 这样的 AI 助手使用 Exa AI 搜索 API 进行网络搜索。这种设置允许 AI 模型以安全和受控的方式获取实时的网络信息。