Incident.io MCP server
Query incidents, alerts, schedules, and escalations on incident.io.
About
Connect Tracecat to incident.io to coordinate response across security and reliability incidents for SOC analysts and SRE on-call responders. You can open a sev-2 incident the moment a SIEM alert correlates and page the right rotation in seconds. From there, post structured timeline updates, acknowledge escalations, and create post-incident follow-ups that flow back into engineering's backlog with confidence.
Setup
- 1
Sign in with OAuth
You'll authorize Tracecat to access Incident.io on your behalf. No API keys to manage.
- 2
Select the
Incident.iotile in the Tracecat MCP catalogOpen the
MCP catalogin your workspace, select theIncident.iotile, and complete the OAuth flow. - 3
Enable
Incident.ioin your agentIn your
ai.agentaction orAgents→toolstab, selectIncident.iofrom theMCP integrationsdropdown.
Tools
incident_create | Open a new incident with severity, summary, and affected services. |
incident_list | List incidents with filters for status, severity, time range, and assigned user. |
incident_show | Fetch a single incident with its timeline, roles, and linked alerts. |
incident_update | Update an incident's status, severity, summary, or custom fields. |
alert_list | List alerts received from connected monitoring sources. |
escalation_respond | Acknowledge or resolve an active escalation on behalf of the connected user. |
schedule_show | Fetch an on-call schedule with its rotations and current responders. |
follow_up_create | Create a post-incident follow-up linked to an incident and assignee. |
ask_incident | Ask a natural-language question about a specific incident and get a grounded answer. |