# incidentoracle MCP server

IncidentOracle - 12-tool incident management MCP: triage, BaFin DORA reporting, RCA.

## Links
- Registry page: https://www.getdrio.com/mcp/io-tooloracle-incidentoracle
- Repository: https://github.com/ToolOracle/incidentoracle

## Install
- Endpoint: https://tooloracle.io/incident/mcp/
- Auth: Not captured

## Setup notes
- Remote endpoint: https://tooloracle.io/incident/mcp/

## Tools
- log_incident - Log a new ICT-related incident. First step in the DORA incident management process (Art. 17). Endpoint: https://tooloracle.io/incident/mcp/
- classify_incident - Classify an incident against the 6 DORA criteria (RTS 2024/1772). Determines if MAJOR (triggers 4h/72h/1m reporting) or NON-MAJOR. Endpoint: https://tooloracle.io/incident/mcp/
- major_incident_check - Quick check: would these criteria values classify as a MAJOR incident? No incident record needed — use for pre-assessment. Endpoint: https://tooloracle.io/incident/mcp/
- initial_notification - Generate the 4h initial notification for a MAJOR incident (ITS 2025/302 Annex I). Must be submitted within 4h of classification, max 24h after detection. Endpoint: https://tooloracle.io/incident/mcp/
- intermediate_report - Generate the 72h intermediate report for a MAJOR incident (ITS 2025/302). Must include action plan if incident is not yet resolved. Endpoint: https://tooloracle.io/incident/mcp/
- final_report - Generate the 1-month final report with root cause analysis and lessons learned. Endpoint: https://tooloracle.io/incident/mcp/
- deadline_tracker - Track all active MAJOR incident reporting deadlines. Shows overdue and upcoming. Endpoint: https://tooloracle.io/incident/mcp/
- reclassify - Reclassify an incident (MAJOR to NON-MAJOR or vice versa). Competent authority must be notified of reclassification. Endpoint: https://tooloracle.io/incident/mcp/
- incident_stats - Dashboard: total/open/major incidents, overdue deadlines, by severity/status. Endpoint: https://tooloracle.io/incident/mcp/
- cyber_threat_notify - Voluntary notification of a significant cyber threat (Art. 19(2)). Uses ITS 2025/302 Annex III template. Endpoint: https://tooloracle.io/incident/mcp/
- incident_log - Full incident register with filters (status, classification, severity, search). Endpoint: https://tooloracle.io/incident/mcp/
- health_check - Server status. Endpoint: https://tooloracle.io/incident/mcp/

## Resources
Not captured

## Prompts
Not captured

## Metadata
- Owner: io.tooloracle
- Version: 1.0.0
- Runtime: Streamable Http
- Transports: HTTP
- License: Not captured
- Language: Not captured
- Stars: Not captured
- Updated: May 7, 2026
- Source: https://registry.modelcontextprotocol.io