Overview
The incident.io integration brings your active incident feed into Pwnbook’s Security Workbench. You can monitor incident severity and status, create new incidents from findings, and link open incidents back to the security work that triggered them — without switching tools.Prerequisites
- An incident.io account
- Admin or Owner access in Pwnbook
Setup
Generate an API key
- In incident.io, go to Settings → API keys.
- Click Create API key, give it a name like “Pwnbook”, and copy the key.
What’s available
Once connected, incident.io appears as a card in your Security Workbench and as a full-page view in the sidebar.| Feature | Description |
|---|---|
| Active incidents | Count of incidents not in a closed state, broken out by severity |
| Incident list | Filterable table of incidents with status, severity, and creation time |
| Incident detail | Direct link to incident in incident.io for full context and timeline |
| Create incident | Push a finding or threat to incident.io as a new incident |
Workbench card
The incident.io card on your Security Workbench shows:- The 3 most recently created active incidents with severity and relative time
- Active incident count and total incident count
- A View all button that opens the full incident list in a side sheet
Severity mapping
incident.io uses its own severity scale (configured per workspace). The card and list view display severity names exactly as configured in your incident.io workspace, so they’ll match what your team already uses.API reference
The integration proxies these incident.io v2 endpoints:| Pwnbook route | incident.io endpoint |
|---|---|
GET /api/organizations/:id/incidentio/incidents | GET /v2/incidents |
GET /api/organizations/:id/incidentio/incidents/:id | GET /v2/incidents/:id |
POST /api/organizations/:id/incidentio/incidents | POST /v2/incidents |
PATCH /api/organizations/:id/incidentio/incidents/:id | PATCH /v2/incidents/:id |
GET /api/organizations/:id/incidentio/severities | GET /v2/severities |