Blumira MSP Operations
Overview
Blumira's MSP path group (/msp/*) enables managed service providers to operate across multiple client organizations from a single set of credentials. This skill covers account management, cross-account queries, and per-account operations.
Key Concepts
MSP vs Org Paths
| Feature | Org Path (/org/*) | MSP Path (/msp/*) |
|---|---|---|
| Scope | Single organization | Multiple managed accounts |
| Findings | Own findings only | All accounts or per-account |
| Devices | Own devices only | Per-account device lists |
| Users | Own users only | Per-account user lists |
| Auth | Org-level JWT | MSP-level JWT |
Account Context
MSP tools require an account_id parameter to target a specific client account. Use blumira_msp_accounts_list to enumerate available accounts.
API Patterns
List Managed Accounts
blumira_msp_accounts_list
page_size=100
Get Account Details
blumira_msp_accounts_get
account_id=<UUID>
Cross-Account Findings
blumira_msp_findings_all
status.eq=10
severity.in=HIGH,CRITICAL
order_by=-created
Returns findings from ALL managed accounts with account context included.
Per-Account Findings
blumira_msp_findings_list
account_id=<UUID>
status.eq=10
Get a Finding in Account Context
blumira_msp_findings_get
account_id=<UUID>
finding_id=<UUID>
Resolve an Account's Finding
blumira_msp_findings_resolve
account_id=<UUID>
finding_id=<UUID>
resolution_type=10
notes="Confirmed and remediated."
Assign a Finding
blumira_msp_findings_assign
account_id=<UUID>
finding_id=<UUID>
user_id=<UUID>
Account Finding Comments
blumira_msp_findings_comments_list
account_id=<UUID>
finding_id=<UUID>
blumira_msp_findings_comments_add
account_id=<UUID>
finding_id=<UUID>
comment="Investigation notes..."
Per-Account Devices
blumira_msp_devices_list
account_id=<UUID>
page_size=50
blumira_msp_devices_get
account_id=<UUID>
device_id=<UUID>
Per-Account Agent Keys
blumira_msp_keys_list
account_id=<UUID>
blumira_msp_keys_get
account_id=<UUID>
key_id=<UUID>
Per-Account Users
blumira_msp_users_list
account_id=<UUID>
Common Workflows
MSP Dashboard Overview
blumira_msp_accounts_listto get all managed accountsblumira_msp_findings_allwithstatus.eq=10for open findings across all accounts- Group findings by account to produce per-account open finding counts
- Highlight accounts with CRITICAL/HIGH severity findings
Per-Account Triage
blumira_msp_findings_listfor the target account withstatus.eq=10- Sort by severity to prioritize
- Investigate with
blumira_msp_findings_getand comments - Resolve with
blumira_msp_findings_resolve
Cross-Account Security Posture
blumira_msp_accounts_listto enumerate accounts- For each account, query open findings by severity
- Query device counts with
blumira_msp_devices_list - Compile into a posture report showing coverage and risk per account
Agent Coverage Audit
blumira_msp_accounts_listto get accounts- For each account,
blumira_msp_devices_listto count devices - Compare against known device counts per client
- Identify coverage gaps
Error Handling
403 on MSP Endpoints
Cause: JWT token is org-level, not MSP-level Solution: Generate an MSP-scoped JWT token from the Blumira portal.
Account Not Found
Cause: Invalid account ID or account not managed by this MSP
Solution: Use blumira_msp_accounts_list to verify available accounts.
Cross-Account Query Timeout
Cause: Too many accounts or too broad a filter Solution: Narrow filters (date range, severity) or query accounts individually.
Best Practices
- Cache the account list at the start of MSP operations to avoid redundant calls
- Use
blumira_msp_findings_allfor overview, then drill into specific accounts - Maintain consistent resolution standards across all managed accounts
- Document per-account context in finding comments for compliance
- Schedule regular cross-account posture reviews
- Use severity filters on cross-account queries to focus on what matters
Related Skills
- API Patterns — Filtering and pagination
- Findings — Finding lifecycle (org-level)
- Agents — Device management (org-level)
- Resolutions — Resolution types
- Users — User management