Team Tier $99/seat/mo
For growing SOCs and consulting teams that have outgrown Professional. Team raises uploads to 2 GB, lifts the per-capture packet limit to whatever your local hardware can stream, and unlocks OIDC single sign-on, ICS/SCADA dissection, SIEM forwarders, and real-time collaboration.
Need multi-tenant case isolation, SCIM provisioning, NIST / PCI / HIPAA compliance mapping, BYOK, or a dedicated SLA? See Enterprise / MSSP.
What you unlock
| Feature | Pro | Team |
|---|---|---|
| Packets per capture | 500,000 | Unlimited (host-memory bound) |
| File size | 500 MB | 2 GB per capture |
| Seats | 5 | Unlimited |
| Single sign-on (SSO) | — | OIDC |
| ICS/SCADA module | — | Yes |
| Real-time collaboration | — | Yes |
| SIEM integration | — | Splunk, ELK, Syslog |
| Campaign analysis | — | Yes |
| Priority email support | — | 24-hour SLA |
Single sign-on
OIDC is the production-grade SSO path on Team. Configure under Settings → Identity:
- Provider URL (issuer)
- Client ID and client secret
- Redirect URI:
https://<your-intreys-host>/auth/oidc/callback - Group-to-role mapping (admin / analyst / viewer)
Tested IdPs: Okta, Microsoft Entra ID, Auth0, Google Workspace, JumpCloud.
SAML 2.0 SSO is available on the Enterprise / MSSP plan as a controlled preview — contact [email protected] to enable it for your tenant.
ICS/SCADA module
10 industrial protocol dissectors with security-policy enforcement:
- Modbus TCP, DNP3, S7comm, IEC 60870-5-104, OPC UA
- BACnet, PROFINET, CIP/EtherNet-IP, GE-SRTP, Niagara Fox
- Dangerous-operation detection (writes to PLC registers, firmware uploads)
- Per-host industrial health scoring
- Whitelist learning for engineering-station behavior
SIEM integration
Forward findings to your SIEM in real time:
- Splunk via HEC
- ELK via Beats / Elastic Common Schema
- Syslog RFC 5424 / 3164 with TLS
- Webhook generic JSON for custom integrations
Configure forwarders under Settings → SIEM.
Real-time collaboration
Multiple analysts on a single case see each other’s cursors, annotations, and selections live (Server-Sent Events). Comment threads anchor to specific packets, hosts, or findings.
Campaign analysis
Cluster related threat indicators across many captures into APT-style groupings. Useful for tracking long-running adversary infrastructure across customer engagements.
Procurement
Team can be purchased self-service via Stripe at intreys.com. Volume discounts apply at 10+, 50+, and 100+ seats — contact sales for an annual MSA / PO.