ceven

incident.io

Triggers incidents from external alerts, syncs service catalogs with your infrastructure, and automates the assignment of roles and severity levels during an outage.

Try incident.io in Ceven

Ask Ceven anything
Standard

Why use Ceven?

  1. AI native incident.io integration

    • Describe the outcome and Ceven picks the right incident.io calls, fills the parameters, and checks the result.
    • Structured, agent friendly tool schemas so each call runs reliably instead of by guesswork.
    • Rich coverage for reading, writing, and querying your incident.io data, across all 86 of its actions.

  2. Managed auth

    • Built in OAuth with automatic token refresh and rotation.
    • One place to manage, scope, and revoke incident.io access.
    • Per user and per environment credentials instead of shared keys.

  3. Agent optimized design

    • Actions are tuned from real success and error rates so reliability climbs over time.
    • Full execution logs so you always know what ran in incident.io, when, and on whose behalf.
    • The agent pauses and asks when incident.io is unclear instead of plowing ahead.

  4. Enterprise grade security

    • Fine grained access so you control which agents and people can reach incident.io.
    • Least privilege by default, read scopes first and only the writes a workflow needs.
    • A full audit trail of every incident.io action to support review and sign off.

Supported tools

Every action Ceven's agents can run on incident.io, and when to use it.

Create incident
Use this when a monitoring alert triggers a need to report and track a new operational issue or outage.
Edit incident
Use this to update incident details like name, summary, severity, or status during an active response.
Create escalation
Use this to page specific users or follow an escalation path to ensure a responder is active.
Create catalog entry
Add a new service, team, or resource to the organization catalog to map ownership for future incidents.
Create catalog type
Define a new custom resource type for the organization catalog, such as a specific infrastructure component.
Create alert source
Set up a new integration to receive alerts from external systems via HTTP webhooks.
Create alert route
Configure how incoming alerts are processed and converted into incidents based on specific conditions.
Create alert attribute
Define structured data fields that the system should parse from incoming alerts for better routing.
Create incident role
Define a new role type, such as Incident Commander, to organize responsibilities during a crisis.
Create severity
Establish a new severity level with a specific rank and description for incident classification.
Get catalog entry
Pull details about a specific catalog entry including its attributes and associated values.
Show alert route
Retrieve the configuration of an alert route to view its conditions and escalation bindings.
Create custom field
Add a new custom field to track specialized information during the incident lifecycle.
Create incident status
Add a custom status to categorize incidents as live, learning, or closed.
Create Alert Attribute V2
Tool to create an alert attribute in incident.io. Use when you need to define structured data fields that can be parsed from alerts coming in via alert sources. Alert attributes allow you to extract and organize information from incoming al
Create Alert Route V2
Tool to create an alert route in incident.io. Use when you need to configure how alerts should be processed, routed, and potentially converted into incidents based on conditions, grouping rules, and templates.
Create Alert Source V2
Tool to create a new alert source in incident.io. Use when you need to set up a new integration for receiving alerts from external systems via HTTP webhooks or manual entry.
Create Catalog Entry V2
Tool to create a catalog entry in incident.io. Use when you need to add a new entry to a catalog type with specific attribute values. Catalog entries represent items like teams, services, or custom resources in your incident management work
Create Catalog Entry V3
Tool to create a catalog entry in incident.io using the V3 API. Use when you need to add a new entry to a catalog type with specific attribute values. Catalog entries represent items like teams, services, or custom resources in your inciden
Create Catalog Type V3
Tool to create a new catalog type in incident.io V3 API. Use when you need to define custom resource types for your organization's catalog, such as teams, services, or infrastructure components.
Create Custom Field Option
Tool to create a new custom field option in incident.io. Use when you need to add a new selectable value to an existing custom field.
Create Custom Field V2
Tool to create a custom field in incident.io using the V2 API. Use when you need to add a new custom field to track additional information during incidents.
Create Escalation V2
Tool to create an escalation in incident.io. Use when you need to page users to respond to alerts. You must specify either an escalation_path_id or direct targets (users/schedules).
Create Incident Role V2
Tool to create a new incident role in incident.io using the V2 API. Use when you need to define a new role type that can be assigned during incidents to organize responsibilities and ensure the right people are engaged during incident respo
Create Incident V1
Tool to create a new incident in incident.io. Use when you need to report and track an operational issue or outage. Requires at minimum an idempotency_key and visibility setting.
Create Incident V2
Tool to create a new incident in incident.io using the V2 API. Use when you need to report and track an operational issue or outage. Requires at minimum an idempotency_key and visibility setting. Optionally specify severity, incident type,
Create Managed Resource V2
Tool to create a managed resource in incident.io. Use when you need to mark a resource (schedule, escalation path, or workflow) as being managed by an external system like Terraform or a custom automation tool. This helps track which resour
Delete Alert Attribute V2
Tool to delete an alert attribute from incident.io. Use when you need to remove an alert attribute that is no longer needed or was created in error.
Delete Alert Route V2
Tool to delete an alert route from incident.io. Use when you need to remove an alert route configuration that is no longer needed or was created in error.
Delete Alert Source V2
Tool to delete an alert source from incident.io. Use when you need to remove an alert source that is no longer needed or was created in error.

30 actions · scroll to see them all

Frequently asked questions

Ceven is built to handle the transition between API versions by mapping specific actions to the most stable endpoint available. For example, catalog management uses the V3 API to ensure support for the latest attribute structures, while certain incident creation flows still leverage V2 for backward compatibility. When you trigger a workflow, the agent automatically selects the correct version based on the tool definition. This means you do not have to worry about whether you are calling a V2 or V3 endpoint for a catalog entry. Ceven manages the payload transformations in the background to ensure that the data sent to incident.io matches the expected schema for that specific resource.
Yes. By combining the Create Incident Role and Edit Incident actions, Ceven can automate the staffing of an incident. You can define a workflow that identifies the on call engineer from your schedule and assigns them the Responder role, while assigning a senior lead the Incident Commander role. This happens in real time as the incident is created, removing the need for a human to manually assign roles in the Slack interface or the dashboard. The agent ensures that the role ID matches your organization's specific configuration so that the right notifications are sent to the right people immediately.
incident.io enforces rate limits on their API to ensure platform stability, which can occasionally affect high volume automation. If a Ceven workflow attempts to sync thousands of catalog entries in a single burst, you may encounter a 429 Too Many Requests error. To handle this, Ceven implements an exponential backoff strategy, pausing the workflow and retrying the request after a short delay. We recommend batching large catalog updates or scheduling them during off peak hours to avoid hitting these limits. For most incident response flows, which are event driven and low volume, these limits are rarely an issue in practice.
Ceven can both manage and react to alert routes. You can use the agent to create new alert routes that define how specific monitoring signals should be handled. Once those routes are active, incident.io processes the incoming webhook and creates the incident. Ceven then picks up that event via a webhook and can perform follow up actions, such as adding custom fields or updating the severity based on the alert attribute data. This creates a loop where the configuration is managed by the agent and the execution is handled by the incident.io routing engine, ensuring a seamless flow from signal to resolution.
Absolutely. Ceven can read from and write to the incident.io catalog. Use this to keep your service ownership data in sync with a source of truth like a GitHub repository or a CMDB. The agent can create new catalog types for different resource categories and add entries with specific attributes. This is critical for automated routing, as it allows the agent to look up which team owns a failing component and route the incident to them without manual intervention. You can set up a weekly sync workflow to ensure that any new services deployed to production are automatically added to the catalog.
Yes, Ceven can create and manage custom fields and their options. This allows you to track business specific data during an incident, such as a customer impact score or a specific regulatory flag. When an incident is created, the agent can automatically populate these custom fields based on the data found in the triggering alert. For example, if an alert contains a region tag, Ceven can map that to a custom field in incident.io called Affected Region. This makes reporting and post incident analysis much more powerful because the data is structured rather than buried in a Slack thread.
Ceven monitors the status of incidents and can trigger workflows based on changes. When an incident moves from live to learning, the agent can automatically create a Jira ticket for the post mortem action items. Conversely, it can move an incident to the learning status once it detects that a fix has been deployed and verified in production. By using the Edit Incident action, the agent ensures that the lifecycle of the incident is tracked accurately without requiring the incident commander to manually click through the dashboard for every state change.
Yes, you can use the Create Escalation action to programmatically define who gets paged and in what order. This is particularly useful for organizations with dynamic teams or rotating schedules that change more frequently than manual configuration allows. You can build a workflow that pulls the current on call person from an external HR tool and updates the incident.io escalation path in real time. This ensures that when a critical alert fires, the system is paging the person actually on shift, reducing the time to acknowledge and the time to resolve the issue.

Alternatives to incident.io

Other tools that solve a similar problem. Ceven supports these too, so you can switch or run more than one at once.

PagerDuty logoPagerDutyOpsgenie logoOpsgenieSplunk On Call logoSplunk On Call

Try Ceven on your stack

Plug Ceven on top of the tools you already run. Connect incident.io and the rest of your stack, describe the outcome, and its agents handle the work end to end, days of it in minutes.

Get started for free