blackpoint-cyber-api-patternslisted

# Blackpoint Cyber (CompassOne) MCP Tools & API Patterns ## Overview Blackpoint Cyber is a managed detection and response (MDR) provider. The CompassOne portal exposes a partner-tenant-asset hierarchy: a partner (the MSP) sees many tenants (their customers), each tenant has many assets (endpoints, identities, cloud accounts), and detections / vulnerabilities are produced against those assets. ## Connection & Authentication Blackpoint uses an API token passed via header. CompassOne issues the token in the partner portal. | Header | Value | |--------|-------| | `X-Blackpoint-Api-Token` | The raw CompassOne token | The gateway maps the environment variable `BLACKPOINT_API_TOKEN` onto the `X-Blackpoint-Api-Token` header automatically. Internally, the Blackpoint MCP server forwards this to CompassOne as a `Bearer` token — you do not need to add the `Bearer ` prefix yourself. ```bash export BLACKPOINT_API_TOKEN="your-compassone-token" ``` Optional: `BLACKPOINT_BASE_URL` overrides the CompassOne base URL for regional or partner-specific deployments. ## Hierarchy ``` Partner (MSP) └── Tenant (customer) └── Asset (endpoint / identity / cloud account) └── Detections / Vulnerabilities ``` Always pivot top-down: identify the tenant first, then drill into assets, then look at detections/vulnerabilities for that asset. ## Navigation Tools | Tool | Purpose | |------|---------| | `blackpoint_navigate` | Discover available domains | | `blackpoint_back` | P