Tracecat

Rootly MCP server

Drive Rootly incidents, alerts, and on-call schedules from your AI agents.

On-call
stdio
Official docs

About

Connect Tracecat to Rootly to manage incidents, alerts, and on-call schedules for SOC analysts and SRE responders. You can open a Rootly incident from a SIEM alert and pull historically similar incidents to ground the agent's first response. From there, page the right rotation, suggest a remediation playbook, and write the post-incident follow-up with confidence.

Setup

  1. 1

    Create an API key

    The Rootly MCP server authenticates with a Rootly API token passed as a bearer credential. Rootly issues three token types, global, team-scoped, or personal, so you can match the credential to the agent's blast radius.

  2. 2

    Select the Rootly tile in the Tracecat MCP catalog

    Open the MCP catalog in your workspace, select the Rootly tile, and paste your API key.

  3. 3

    Enable Rootly in your agent

    In your ai.agent action or Agents tools tab, select Rootly from the MCP integrations dropdown.

Tools

list_incidents

List Rootly incidents with filters for status, severity, time range, and team.

getIncident

Fetch a single incident with its timeline, roles, and linked alerts.

createIncident

Open a new incident with severity, summary, and affected services.

find_related_incidents

Suggest historically similar incidents for a given description or alert.

suggest_solutions

Surface suggested remediation steps based on past incidents and playbooks.

get_oncall_shift_metrics

Return on-call workload metrics for a user or schedule over a time window.

check_oncall_health_risk

Flag rotations at risk of burnout based on alert load and shift patterns.

list_alerts

List alerts ingested from connected monitoring sources.

list_schedules

List on-call schedules with rotations and current responders.

Deploy the Rootly MCP server in minutes

Connect your security agents to 50+ hosted MCP servers.

Self-host free