Query and list incidents with flexible filtering options. Filter by status (triggered, acknowledged, resolved), urgency (high, low), date ranges, service, user, or team. Returns paginated results with incident details including title, status, urgency, service, assignees, and timestamps. Use this to monitor active incidents, audit historical incidents, or find specific incidents matching criteria.

Retrieve detailed information about a specific incident by its ID. Returns comprehensive incident data including title, description, status, urgency, priority, service, escalation policy, assignments, acknowledgments, last status change time, and full incident timeline. Use this when you need complete details about a known incident for investigation or reporting.

Manually create a new incident in PagerDuty. Requires a title and service ID at minimum. Optionally specify urgency (high/low), priority, escalation policy, body/details, and assignments. The incident will be created and routed according to the service's escalation policy unless overridden. Use this to manually report incidents, create test incidents, or integrate external monitoring tools.

Update properties of an existing incident. You can modify the title, urgency, priority, status (acknowledged/resolved), escalation policy, or assignments. To acknowledge or resolve incidents in bulk, use the dedicated Acknowledge Incident or Resolve Incident tools instead. Use this for general incident updates like changing priority, reassigning, or updating details.

Acknowledge one or more incidents to indicate that work has begun on resolving them. Acknowledging stops the escalation process and prevents further notifications. Supports bulk operations - you can acknowledge multiple incidents in a single request. The user performing the acknowledgment must be specified via from_email for audit purposes. Use this when responding to incidents to signal active work.

Resolve one or more incidents to mark them as fixed and close them. Once resolved, incidents stop generating notifications and are moved to the resolved state. Supports bulk operations - you can resolve multiple incidents in a single request. The user performing the resolution must be specified via from_email for audit purposes. Use this when incidents are fully addressed and no longer require attention.

Retrieve all alerts associated with a specific incident. An incident can be triggered by one or multiple alerts from monitoring systems. This returns the individual alert details including severity, summary, source, custom details, and timestamps. Use this to investigate the root cause of an incident by examining all triggering alerts and their context.

Browse and search all services in your PagerDuty account with pagination. Services represent the applications, systems, or components you monitor. Filter by team to see services owned by specific teams. Optionally include escalation policy and integration details in the response. Use this to discover available services, audit service configuration, or find specific services for incident creation.

Retrieve detailed information about a specific service by its ID. Returns comprehensive service details including name, description, status, escalation policy, integrations, incident urgency rules, alert grouping settings, and associated teams. Use this to inspect service configuration, understand routing rules, or get integration details for a known service.

Modify configuration of an existing service. You can update the service name, description, escalation policy, acknowledgement timeout, auto-resolve timeout, and alert grouping settings. Changes to escalation policy affect how future incidents are routed. Use this to maintain service configuration, update escalation rules, or adjust incident handling behavior.