Team Management

Endpoints for managing teams, members, shared rules, analytics, and audit trails. Available on Team and Enterprise tiers.

All team endpoints require JWT authentication. Team-level features are not accessible via API keys.

Create Team


POST /v1/team

Auth: JWT only (Team/Enterprise tier) | Role: Any


curl -X POST https://cloudsigma.a13e.com/v1/team \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name": "Detection Engineering"}'

The requesting user becomes the team owner.

Get Team


GET /v1/team

Auth: JWT only | Role: Any team member


curl https://cloudsigma.a13e.com/v1/team \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Returns team details including name, members, and roles.

Invite Member


POST /v1/team/invite

Auth: JWT only | Role: Owner or Admin

Field	Type	Required	Description
`email`	string	Yes	Email of the user to invite
`role`	string	No	`member` (default) or `admin`


curl -X POST https://cloudsigma.a13e.com/v1/team/invite \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"email": "analyst@example.com", "role": "member"}'

Remove Member


DELETE /v1/team/members/{userId}

Auth: JWT only | Role: Owner or Admin


curl -X DELETE https://cloudsigma.a13e.com/v1/team/members/USER_ID \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

List Team Rules


GET /v1/team/rules

Auth: JWT only | Role: Any team member

Returns all rules generated by team members.


curl https://cloudsigma.a13e.com/v1/team/rules \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Get Team Rule


GET /v1/team/rules/{ruleKey}

Auth: JWT only | Role: Any team member

Returns a specific rule by key.

Team Analytics


GET /v1/team/analytics

Auth: JWT only | Role: Any team member

Returns team-wide statistics: total rules generated, top techniques, member activity.


curl https://cloudsigma.a13e.com/v1/team/analytics \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Audit Trail


GET /v1/team/audit

Auth: JWT only | Role: Owner or Admin

Export the team’s audit trail in JSON or CSV format.

Parameter	Type	Required	Default	Description
`format`	string	No	`json`	`json` or `csv`


# JSON
curl "https://cloudsigma.a13e.com/v1/team/audit?format=json" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"
 
# CSV
curl "https://cloudsigma.a13e.com/v1/team/audit?format=csv" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -o audit.csv

Errors

HTTP	Code	Description
401	`Unauthorized`	Invalid or missing JWT token
403	`Forbidden`	Not a team member, or insufficient role
404	`NotFound`	Team not found
409	`Conflict`	Team already exists, or seat limit reached