Managing Teams

Teams let multiple users collaborate on detection rule generation under a shared subscription. Available on the Team and Enterprise tiers.

Creating a Team

Team owners can create a team from the Team page  in the web app, or via the API:

curl -X POST https://cloudsigma.a13e.com/v1/team \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name": "Detection Engineering"}'

The user who creates the team becomes the owner.

Roles

Inviting Members

Owners and admins can invite members by email:

curl -X POST https://cloudsigma.a13e.com/v1/team/invite \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"email": "analyst@example.com", "role": "member"}'

The invited user receives an email and is added to the team upon accepting.

Seat Limits

Removing Members

Owners and admins can remove team members:

curl -X DELETE https://cloudsigma.a13e.com/v1/team/members/USER_ID \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Shared Rule Library

Team members’ generated rules are automatically shared in the team rule library. View shared rules at Team → Rules  or via the API:

curl https://cloudsigma.a13e.com/v1/team/rules \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Team Analytics

View team-wide generation statistics, top techniques, and member activity:

curl https://cloudsigma.a13e.com/v1/team/analytics \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Audit Trail

Owners and admins can export the team’s audit trail in CSV or JSON format:

# JSON format
curl "https://cloudsigma.a13e.com/v1/team/audit?format=json" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"
 
# CSV format
curl "https://cloudsigma.a13e.com/v1/team/audit?format=csv" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Usage Attribution

Team members’ rule generations count against the team subscription (unlimited for Team and Enterprise), not individual limits. Individual usage counters are still tracked for analytics.