Rootly MCP server
Drive Rootly incidents, alerts, and on-call schedules from your AI agents.
About
Connect Tracecat to Rootly to manage incidents, alerts, and on-call schedules for SOC analysts and SRE responders. You can open a Rootly incident from a SIEM alert and pull historically similar incidents to ground the agent's first response. From there, page the right rotation, suggest a remediation playbook, and write the post-incident follow-up with confidence.
Setup
- 1
Create an API key
The Rootly MCP server authenticates with a Rootly API token passed as a bearer credential. Rootly issues three token types, global, team-scoped, or personal, so you can match the credential to the agent's blast radius.
- 2
Select the
Rootlytile in the Tracecat MCP catalogOpen the
MCP catalogin your workspace, select theRootlytile, and paste your API key. - 3
Enable
Rootlyin your agentIn your
ai.agentaction orAgents→toolstab, selectRootlyfrom theMCP integrationsdropdown.
Tools
list_incidents | List Rootly incidents with filters for status, severity, time range, and team. |
getIncident | Fetch a single incident with its timeline, roles, and linked alerts. |
createIncident | Open a new incident with severity, summary, and affected services. |
find_related_incidents | Suggest historically similar incidents for a given description or alert. |
suggest_solutions | Surface suggested remediation steps based on past incidents and playbooks. |
get_oncall_shift_metrics | Return on-call workload metrics for a user or schedule over a time window. |
check_oncall_health_risk | Flag rotations at risk of burnout based on alert load and shift patterns. |
list_alerts | List alerts ingested from connected monitoring sources. |
list_schedules | List on-call schedules with rotations and current responders. |