blackpoint-mcp

blackpoint-mcp

An MCP server for Blackpoint Cyber MDR platform, enabling management of security monitoring, threat detection, and incident response through Blackpoint's API.

Category
访问服务器

README

blackpoint-mcp

Model Context Protocol (MCP) server for Blackpoint Cyber CompassOne - Managed Detection and Response (MDR) platform.

Features

This MCP server provides access to CompassOne's security capabilities through a decision-tree navigation interface:

Available Domains

  • 🏢 Tenants: Customer tenant management
  • 💻 Assets: Endpoint and server inventory (endpoint, server, network, cloud, mobile, iot)
  • 🔍 Detections: Security detections and telemetry
  • 🛡️ Vulnerabilities: Vulnerability management, dark web monitoring, external exposure scanning

Domain Structure

The server uses decision-tree navigation to organize tools:

  1. Initial State: Navigation tools only (blackpoint_navigate, blackpoint_status)
  2. Domain Entry: Navigate to a domain to see its specific tools
  3. Domain Tools: Use domain-specific operations
  4. Return: Use blackpoint_back to return to navigation

Tool Naming Convention

All tools follow the pattern: blackpoint_{domain}_{action}

Examples:

  • blackpoint_assets_list - List assets by class
  • blackpoint_detections_list - List security detections
  • blackpoint_vulnerabilities_scans_list - List vulnerability scans

Installation

npm install blackpoint-mcp

Configuration

Environment Variables

Variable Description Required
BLACKPOINT_API_TOKEN CompassOne API token Yes
BLACKPOINT_BASE_URL API base URL (may vary by region/partner) No
MCP_TRANSPORT Transport mode: stdio or http No (default: stdio)
MCP_HTTP_PORT HTTP port for gateway mode No (default: 8080)
AUTH_MODE Set to gateway for header-based auth No
LOG_LEVEL Logging level: debug, info, warn, error No (default: info)

Gateway Mode

When AUTH_MODE=gateway, the server reads credentials from HTTP headers:

  • X-Blackpoint-API-TokenBLACKPOINT_API_TOKEN

This enables per-request authentication for multi-tenant gateways.

Usage

Standalone Mode (stdio)

# Set credentials
export BLACKPOINT_API_TOKEN="your-api-token"

# Run the server
blackpoint-mcp

Gateway Mode (HTTP)

export AUTH_MODE=gateway
export MCP_TRANSPORT=http
export MCP_HTTP_PORT=8080

blackpoint-mcp

Example Tool Calls

// Start by checking available domains
await tools.call("blackpoint_status");

// Navigate to assets domain
await tools.call("blackpoint_navigate", { domain: "assets" });

// List endpoint assets
await tools.call("blackpoint_assets_list", { 
  class: "endpoint",
  pageSize: 10 
});

// Get specific asset details
await tools.call("blackpoint_assets_get", { 
  id: "asset_12345" 
});

// Return to navigation
await tools.call("blackpoint_back");

API Coverage

✅ Implemented

Domain Tools Description
tenants list, get Customer tenant management
assets list, get, relationships, search Asset inventory and relationships
detections list, get Security detections and telemetry
vulnerabilities list, scans_list, darkweb_list, external_list Vuln management, dark web, external exposure

📋 Planned

Domain Status Notes
partners SDK ready Account management - ready to implement
alerts Models only API handlers not available in CompassOne wrapper
tickets Models only API handlers not available in CompassOne wrapper
cloud_security SDK ready M365/Google/Cisco onboarding - ready to implement
notifications SDK ready Contact groups and channels - ready to implement

Partner vs Tenant Scoping

CompassOne uses hierarchical scoping: Partner → Tenants → Assets

  • Partner tokens can access all associated tenants
  • Tenant-scoped tokens are limited to specific customers
  • Always specify tenantId parameters to avoid cross-tenant operations

Error Handling

The server provides structured error responses:

{
  "content": [{ 
    "type": "text", 
    "text": "Failed to list assets: Authentication failed" 
  }],
  "isError": true
}

Common error scenarios:

  • Authentication: Invalid or expired API token
  • Rate Limiting: Automatic retry with exponential backoff
  • Not Found: Requested resource doesn't exist
  • Validation: Invalid parameters or missing required fields

Rate Limiting

The underlying SDK implements automatic rate limiting:

  • Default: 60 requests per minute (1 per second)
  • 429 Handling: Honors Retry-After headers
  • Backoff: Exponential backoff for subsequent requests

Docker

# Build
docker build -t blackpoint-mcp .

# Run in gateway mode
docker run -p 8080:8080 \
  -e AUTH_MODE=gateway \
  -e MCP_TRANSPORT=http \
  -e MCP_HTTP_PORT=8080 \
  blackpoint-mcp

Development

# Install dependencies
npm install

# Run in development mode
npm run dev

# Build
npm run build

# Test
npm test

# Lint
npm run lint

Security Considerations

API Access Requirements

  • CompassOne Partner Agreement required for API access
  • Partner-tier credentials needed for multi-tenant operations
  • Scoped tokens recommended for tenant-specific access

Destructive Operations

The following operations require confirmation (when implemented):

  • Asset isolation/response actions
  • Ticket status changes with actions
  • Alert acknowledgment/closure
  • Remediation workflows

These use the elicitConfirmation pattern to prevent accidental execution.

Troubleshooting

Common Issues

No tools showing:

  • Check BLACKPOINT_API_TOKEN is set
  • Verify token has correct scopes
  • Check network connectivity to CompassOne API

Gateway mode not working:

  • Verify AUTH_MODE=gateway is set
  • Check HTTP headers are passed correctly
  • Confirm container networking allows connections

Rate limiting:

  • Monitor logs for 429 responses
  • Consider reducing request frequency
  • Verify token isn't shared across instances

Debug Logging

export LOG_LEVEL=debug
blackpoint-mcp

Health Check

# Test basic connectivity
curl -X POST http://localhost:8080/ \
  -H "Content-Type: application/json" \
  -H "X-Blackpoint-API-Token: your-token" \
  -d '{"jsonrpc": "2.0", "method": "tools/list", "id": 1}'

Contributing

  1. Fork the repository
  2. Create a feature branch: git checkout -b feature-name
  3. Make your changes and add tests
  4. Follow the domain handler pattern for new capabilities
  5. Submit a pull request

See CONTRIBUTING.md for detailed guidelines.

License

Apache-2.0 - see LICENSE for details.

推荐服务器

Baidu Map

Baidu Map

百度地图核心API现已全面兼容MCP协议,是国内首家兼容MCP协议的地图服务商。

官方
精选
JavaScript
Playwright MCP Server

Playwright MCP Server

一个模型上下文协议服务器,它使大型语言模型能够通过结构化的可访问性快照与网页进行交互,而无需视觉模型或屏幕截图。

官方
精选
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

一个由人工智能驱动的工具,可以从自然语言描述生成现代化的用户界面组件,并与流行的集成开发环境(IDE)集成,从而简化用户界面开发流程。

官方
精选
本地
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

通过模型上下文协议启用与 Audiense Insights 账户的交互,从而促进营销洞察和受众数据的提取和分析,包括人口统计信息、行为和影响者互动。

官方
精选
本地
TypeScript
VeyraX

VeyraX

一个单一的 MCP 工具,连接你所有喜爱的工具:Gmail、日历以及其他 40 多个工具。

官方
精选
本地
graphlit-mcp-server

graphlit-mcp-server

模型上下文协议 (MCP) 服务器实现了 MCP 客户端与 Graphlit 服务之间的集成。 除了网络爬取之外,还可以将任何内容(从 Slack 到 Gmail 再到播客订阅源)导入到 Graphlit 项目中,然后从 MCP 客户端检索相关内容。

官方
精选
TypeScript
Kagi MCP Server

Kagi MCP Server

一个 MCP 服务器,集成了 Kagi 搜索功能和 Claude AI,使 Claude 能够在回答需要最新信息的问题时执行实时网络搜索。

官方
精选
Python
e2b-mcp-server

e2b-mcp-server

使用 MCP 通过 e2b 运行代码。

官方
精选
Neon MCP Server

Neon MCP Server

用于与 Neon 管理 API 和数据库交互的 MCP 服务器

官方
精选
Exa MCP Server

Exa MCP Server

模型上下文协议(MCP)服务器允许像 Claude 这样的 AI 助手使用 Exa AI 搜索 API 进行网络搜索。这种设置允许 AI 模型以安全和受控的方式获取实时的网络信息。

官方
精选