ilert MCP Server

Introduction

This MCP server provides comprehensive incident management and alerting capabilities through ilert's platform. ilert is a German-based AI-first incident management solution that focuses on privacy and helps operations teams maintain high system reliability. The server enables seamless integration with ilert's full incident response lifecycle, from initial alerting through resolution and post-incident analysis.

The MCP server exposes tools across several key categories: user and resource management, alert lifecycle management, incident creation and tracking, and automated action execution. These tools work together to provide a complete incident response workflow, allowing teams to programmatically manage alerts, coordinate response efforts, and maintain visibility throughout critical incidents.

With strong integration capabilities and AI-enhanced features, this server is particularly valuable for DevOps, SRE, and IT operations teams who need to automate incident response processes while maintaining human oversight and control.

Use Cases

Personal Alert Dashboard and Triage Quickly retrieve and prioritize your assigned alerts to focus on the most critical issues first.

Sample prompt: Show me all my pending and accepted alerts from the last 24 hours, and give me details on the highest priority ones

Incident Response Coordination Coordinate team response by adding the right experts to critical alerts and managing escalations effectively.

Sample prompt: There's a database outage affecting our payment system. Find users with "database" expertise, add them as responders to alert ID 12345, and escalate it to level 2 if needed

Alert Investigation and Documentation Thoroughly investigate alerts by gathering all relevant information and documenting findings for knowledge sharing.

Sample prompt: Get full details for alert 67890 including all current responders and escalation info, then add a comment with my investigation findings about the root cause being a memory leak in the API service

Automated Alert Resolution Workflow Streamline resolution by accepting ownership, documenting the fix, and properly closing alerts with audit trails.

Sample prompt: Accept alert 11223, add a comment explaining that I restarted the failing service and verified it's healthy, then resolve the alert

Cross-Team Alert Routing Ensure alerts reach the appropriate teams by rerouting misassigned alerts to the correct escalation policies.

Sample prompt: This alert 44556 about the payment gateway was routed to the frontend team by mistake. Find the payments escalation policy and reroute this alert there

Manual Incident Creation for Proactive Issues Create alerts for issues discovered through monitoring or customer reports before they escalate.

Sample prompt: Create a high priority alert for the API service about intermittent 500 errors I'm seeing in the logs, assign it to the backend escalation policy and add John and Sarah as initial responders

Service Status and Incident Communication Create comprehensive incidents for major outages that require broader stakeholder communication and coordination.

Sample prompt: Create an incident for the payment processing service with major outage impact level - customers can't complete purchases due to database connectivity issues

Alert Action Automation Discover and execute automated remediation actions available for specific alerts to speed up resolution.

Sample prompt: Show me what automated actions are available for alert 78901 about the web server being down, then invoke the service restart action if available

Team Resource Discovery Find the right people, services, and policies when coordinating incident response across multiple teams.

Sample prompt: I need to create an alert for the user authentication service. Find the auth service details, locate the security team's escalation policy, and show me who's currently on-call for that schedule

Historical Alert Analysis Analyze resolved alerts to identify patterns and improve incident response processes.

Sample prompt: Get all resolved alerts from the past week that were assigned to the infrastructure team, and show me details on any that took longer than 2 hours to resolve

Details

MCP Server URL:

https://mcp.ilert.com/mcp

Type:

HTTP Stream

Authentication:

API Key (Bearer Token)

How to connect this MCP server

Tools

get-my-profile

Get the current authenticated user's profile information. This tool provides current user context that is useful for other tools. This tool should be called for user context before working with alerts of the current user. Returns user ID, name, email, role, timezone, language, and other profile details needed for subsequent alert operations. Use this to determine user permissions, timezone for date filtering, and to establish the user's alert ownership context. The returned user ID can be used with list-alerts (assignedTo parameter) to get 'my alerts'.

find-users

Search and retrieve users with optional filtering. This tool provides user IDs that are required by other tools. Use this to find users by name or email, check user roles and permissions, and get user IDs for adding responders or assigning alerts. The returned user IDs can be used with: add-responder-to-alert (userId parameter), create-alert (responders array), and list-alerts (assignedTo parameter).

list-alerts

Retrieve alerts with flexible filtering options. This tool provides alert IDs that are required by other alert management tools. Key usage patterns: (1) Personal alerts - include the user's ID in 'assignedTo' parameter (2) All/team alerts - leave 'assignedTo' empty or specify multiple user IDs. The 'states' parameter filters by status - only use when specifically requested, otherwise defaults to active alerts (PENDING + ACCEPTED). Supports pagination and can include escalation details. The returned alert IDs can be used with: show-alert-details, accept-alert, resolve-alert, comment-alert, escalate-alert, reroute-alert, add-responder-to-alert, list-alert-action, and invoke-alert-action tools.

show-alert-details

Retrieve comprehensive details about a specific alert including all metadata, status information, and context needed for incident response. This tool requires an alert ID from list-alerts tool. Returns: alert summary and description, current status (PENDING/ACCEPTED/RESOLVED), all current responders and their status, escalation policy and rules, alert source and integration details, priority level, creation and update timestamps, next escalation information, assigned user details, and any custom fields. Use this tool before taking any actions on an alert to understand the full context, current ownership, and available escalation paths.

accept-alert

Accept responsibility for an open alert and begin working on it. This tool requires an alert ID from list-alerts tool. This action changes the alert status from PENDING to ACCEPTED, marking you as the active responder. Prerequisites: (1) Alert must be in PENDING status, (2) Alert must be assigned to the current user through escalation policy or manual assignment. Once accepted, you can add investigation comments, escalate to higher levels if needed, add additional responders for collaboration, or resolve the alert when the incident is fixed. This creates an audit trail showing when responsibility was taken.

resolve-alert

Mark an alert as resolved. This tool requires an alert ID from list-alerts tool. This action changes the alert status to RESOLVED and closes the incident. Only works on ACCEPTED or PENDING alerts that are assigned to the current user. Use this when the incident has been fully addressed and resolved. Ask the user to add a comment before resolving to document the resolution details.

comment-alert

Add a comment to an alert. This tool requires an alert ID from list-alerts tool, and content (the comment text). Comments are visible to all users assigned to the alert and help track progress or provide updates on the incident. Use this to document investigation steps, status updates, resolution details, or any relevant information about the alert. Comments are timestamped and help maintain a complete audit trail of the incident.

escalate-alert

Escalate an alert to the next level or specified escalation policy. This tool requires an alert ID from list-alerts tool. Use this when the current responder cannot handle the alert and it needs to be escalated to another person or team.

reroute-alert

Reroute an alert to a different escalation policy or team. This tool requires an alert ID from list-alerts tool and an escalation policy ID from find-escalation-policies tool. Use this to redirect an alert to the appropriate team when it was initially assigned incorrectly or needs different expertise.

add-responder-to-alert

Add additional team members as responders to an existing alert for collaboration and expertise. This tool requires an alert ID from list-alerts tool and optionally a user ID from find-users tool or schedule ID from find-schedules tool. Use this when: (1) The current responder needs specialized knowledge from another team member, (2) The incident requires multiple people working together, (3) You want to involve subject matter experts, (4) The alert needs escalation to a specific person without changing the escalation policy. The added responder will receive notifications, can accept the alert, add comments, and help resolve the incident. Multiple responders can work on the same alert simultaneously, creating a collaborative incident response.

create-alert

Create a new alert manually. This tool can use various IDs from other tools: alert source IDs from find-alert-sources, escalation policy IDs from find-escalation-policies, and user IDs from find-users. Use this to create alerts for incidents that need immediate attention but weren't automatically detected by monitoring systems.

list-alert-action

List available actions for a specific alert. This tool requires an alert ID from list-alerts tool. Use this to see what actions can be performed on an alert before executing them. The returned webhook IDs can be used with invoke-alert-action tool.

list-alert-actions

List all available alert actions across the system. This tool provides webhook IDs that are required by other tools. Use this to discover what automated actions, integrations, and workflows are available that can be triggered on alerts. This shows global alert actions that can be invoked, along with their webhook IDs needed for the invoke-alert-action tool. Use this before invoking alert actions to find the correct webhook ID. The returned webhook IDs can be used with: invoke-alert-action (webhookId parameter).

invoke-alert-action

Invoke a specific action on an alert. This tool requires an alert ID from list-alerts tool and a webhook ID from list-alert-action or list-alert-actions tools. Use this to perform automated remediation steps, trigger integrations, or invoke custom workflows associated with an alert. Workflow: 1) Use list-alert-action to find available actions for a specific alert, 2) Use the webhookId from that response in this tool. Example: { alertId: 123, webhookId: 456 }

find-alert-sources

Search and retrieve alert sources with optional filtering. This tool provides alert source IDs that are required by other tools. Use this to find available alert sources by name, view their IDs and integration details, and understand what sources can be used when creating alerts. Alert sources represent integrations like monitoring tools, applications, or manual sources that can generate alerts. The returned data includes source IDs needed for alert creation. The returned alert source IDs can be used with: create-alert (alertSource.id field).

find-escalation-policies

Search and retrieve escalation policies with optional filtering. This tool provides escalation policy IDs that are required by other tools. Use this to find escalation policies by name, view policy details, get policy IDs for creating alerts or rerouting, and understand escalation routing rules with level information. The returned escalation policy IDs can be used with: reroute-alert (escalationPolicyId parameter) and create-alert (escalationPolicy.id field).

find-services

Search and retrieve services with optional filtering. This tool provides service IDs that are required by other tools. Use this to find services by name, check service status, view service details, and get service IDs for creating incidents or alerts. The returned data prominently shows service IDs needed for other operations. The returned service IDs can be used with: create-incident (affectedServices.service.id field) and create-alert (optional alertSource.id field).

create-incident

Create a new incident to track major service disruptions or issues. This tool requires service IDs from find-services tool. Use this for coordinating incident response, communication, and resolution tracking for significant problems affecting multiple services or users. Example: { summary: 'Database outage', affectedServices: { impact: 'MAJOR_OUTAGE', service: { id: 123 } }, message: 'Primary database is down' }

find-schedules

Find on-call schedules to see who is currently on duty. This tool provides schedule IDs that can be used by other tools. Returns schedule details including current and upcoming on-call rotations. The returned schedule IDs can be used with: add-responder-to-alert (scheduleId parameter) to add schedules as responders to alerts.

Introduction

Use Cases

Details

Tools

Want to create a similar playground for your MCP?