Tracecat

Incident.io MCP server

Query incidents, alerts, schedules, and escalations on incident.io.

On-call
http
Official docs

About

Connect Tracecat to incident.io to coordinate response across security and reliability incidents for SOC analysts and SRE on-call responders. You can open a sev-2 incident the moment a SIEM alert correlates and page the right rotation in seconds. From there, post structured timeline updates, acknowledge escalations, and create post-incident follow-ups that flow back into engineering's backlog with confidence.

Setup

  1. 1

    Sign in with OAuth

    You'll authorize Tracecat to access Incident.io on your behalf. No API keys to manage.

  2. 2

    Select the Incident.io tile in the Tracecat MCP catalog

    Open the MCP catalog in your workspace, select the Incident.io tile, and complete the OAuth flow.

  3. 3

    Enable Incident.io in your agent

    In your ai.agent action or Agents tools tab, select Incident.io from the MCP integrations dropdown.

Tools

incident_create

Open a new incident with severity, summary, and affected services.

incident_list

List incidents with filters for status, severity, time range, and assigned user.

incident_show

Fetch a single incident with its timeline, roles, and linked alerts.

incident_update

Update an incident's status, severity, summary, or custom fields.

alert_list

List alerts received from connected monitoring sources.

escalation_respond

Acknowledge or resolve an active escalation on behalf of the connected user.

schedule_show

Fetch an on-call schedule with its rotations and current responders.

follow_up_create

Create a post-incident follow-up linked to an incident and assignee.

ask_incident

Ask a natural-language question about a specific incident and get a grounded answer.

Deploy the Incident.io MCP server in minutes

Connect your security agents to 50+ hosted MCP servers.

Self-host free