News Product

Torq Signed the CISA Secure by Design Pledge

By Aner Izraeli
February 7, 2025
7 Minute Read

Contents

At Torq, our commitment to security has always been at the forefront of our mission to empower businesses through our SaaS platform.

Today, we’re proud to announce a significant step forward in our security journey: Torq has signed the CISA Secure by Design Pledge.

This pledge underscores our dedication to ensuring that our customers can trust our platform to uphold the highest security standards, enabling customers to focus on their goals without concerns about their security posture.

Advancing Security by Design

The CISA Secure by Design Pledge perfectly aligns with our approach to security. This initiative emphasizes the importance of building security into the foundation of all products and services.

For Torq, this means integrating robust security measures throughout our development lifecycle, from initial concept to deployment and beyond.

By signing this pledge, we are reinforcing our commitment to:

  • Proactive security measures: Embedding security into every layer of our platform, ensuring our customers’ data is protected at all times.
  • Transparency: Providing clear, actionable information about managing and securing data, empowering our customers to make informed decisions.
  • Continuous improvement: Regularly evaluate and enhance our security practices to stay ahead of evolving threats.

What This Means for Our Customers

When you choose Torq, you’re not just selecting a SaaS solution but partnering with a company that prioritizes your security. Our adherence to Secure by Design principles means:

  • Minimal configuration risks: Our platform is designed to work securely out of the box, reducing the burden on your team to configure complex security settings.
  • Enhanced resilience: With built-in safeguards and automated protections, your organization’s security posture remains robust despite emerging threats.
  • Ongoing support: We’re committed to providing tools, resources, and guidance to help you confidently navigate security challenges.

This blog post outlines our commitment, investments, and transparency in those Secure by Design principles and our plans for the upcoming security year 2025.

Multi-factor authentication (MFA)

“Within one year of signing the pledge, demonstrate actions taken to measurably increase the use of multi-factor authentication across the manufacturer’s products.”

Torq’s customer’s default application authentication is SSO-based via federation through external identity providers, ensuring uncompromised authentication standards for our customers.

This approach ensures consistent MFA configuration and enforcement with their identity provider’s MFA settings.

Torq supports SAML 2.0 and OpenID Connect with code flow and implicit grant type. It’s compatible with many enterprise IDPs, including:

  • Google
  • Microsoft Entra ID
  • Okta
  • OneLogin

Supported SSO Methods and Protocols

  • Open ID connect
  • SAML 2.0

Default passwords

“Within one year of signing the pledge, demonstrate measurable progress towards reducing default passwords across the manufacturers’ products.”

Torq’s customers are invited to their new workspace by an invite email directly sent to their corporate mailbox.

The invite email contains a unique invite link, and clicking it invokes the authentication process.

When a customer’s admin user logs in to their Torq account using the invite link, they use their email and self-generated password; hence, no default passwords are involved.

Per policy, customers are informed that 2FA is necessary to continue.

The user must scan the QR code presented or enter the activation code into a recognized authenticator application on their cellular device.

Upon completion, the customer can set up the organization’s SSO, which neglects password usage thereafter.

Torq’s application password policy enforces the following criteria:

  • Between 8 to 20 characters
  • At least one capital letter
  • At least one lowercase letter
  • At least one number
  • At least one special character

Reducing entire classes of vulnerability

“Within one year of signing the pledge, demonstrate actions taken towards enabling a significant measurable reduction in the prevalence of one or more vulnerability classes across the manufacturer’s products.”

Torq adopts a “security by design” approach to effectively minimize attack surfaces that are vulnerable to potential threats.

That said, to effectively deal with zero-day attacks and reduce vulnerabilities, Torq has a few key components aiming at that goal, such as:

  • Penetration testing
  • Scanning Torq’s supply-chain pipeline, including code dependencies (open source), containers (dockerfiles), code (SAST), Secrets, and IaC as part of SDLC and CICD
  • Utilizing the world’s best-of-breed CNAPP
  • Utilizing Distroless cloud workloads
  • Utilizing an EDR vulnerability scanning module on Torq’s laptop devices fleet and addressing findings through automation

Looking ahead:

Over the course of the following year, we intend to focus on improving runtime visibility, gaining better and higher vulnerability verdict.

Security patches

“Within one year of signing the pledge, demonstrate actions taken to measurably increase the installation of security patches by customers.”

As a SaaS offering, Torq’s application is updated continuously through a process where Torq manages the deployment of new features, bug fixes, and security patches. Customers benefit from automatic updates without needing to install new versions manually. Torq’s Continuous integration and deployment (CI/CD) pipelines enable rapid, frequent updates, allowing it to deliver improvements and patches quickly while ensuring stability and performance.

No action is necessary on the customer’s part to have these patches automatically applied to their workspaces.

Customers are notified through Torq’s “what’s new” segment and through https://kb.torq.io/en/

Vulnerability disclosure policy

“Within one year of signing the pledge, publish a vulnerability disclosure policy (VDP).”

In addition to Trust Center, where customers can obtain up-to-date reports, policies, and the status of Torq’s security posture, Torq also maintains a Security and Compliance public page within its torq.io commercial website – https://torq.io/security-compliance/

At the bottom of this page, visitors are introduced to Torq’s privacy and security mail accounts for any security-related matter, including vulnerability disclosure.

Torq addresses and responds to any approach made.

https://torq.io/security-compliance/

As a continuous improvement, the process could be enhanced by having a dedicated online form for a better vulnerability disclosure experience within Torq’s security-compliance page.

CVEs

“Within one year of signing the pledge, demonstrate transparency in vulnerability reporting.”

At Torq, we take security seriously and continuously monitor our platform for vulnerabilities. Unlike traditional software that requires customers to manage their own patches, SaaS platforms like ours are centrally managed, allowing us to rapidly mitigate security issues without requiring customer intervention.

CVE (Common Vulnerabilities and Exposures) program focuses on publicly disclosed security vulnerabilities in software products, hardware, and firmware.

Torq is a SaaS offering that, by its operational fashion, is non-distributable and installed on its customers’ end. Hence, it does not directly fit and is obligated to issue CVEs disclosure.

We believe in transparency and proactive security measures.

Our approach to vulnerability management includes:

Continuous monitoring and rapid patching – We detect and remediate security issues before they impact customers.

Customer notification – We will notify impacted customers if a vulnerability affects data security or compliance.

Third-party component reporting – If an issue involves open-source or third-party software, we may issue a CVE when appropriate.

Security bulletins – We publish important security updates via our Trust Center.

Regulatory compliance – We align with industry standards (e.g., SOC 2, ISO 27001, FedRAMP) to ensure best-in-class security.

Evidence of intrusions

“Within one year of signing the pledge, demonstrate a measurable increase in the ability for customers to gather evidence of cybersecurity intrusions affecting the manufacturer’s products.”

Torq generates audit logs. These logs provide a comprehensive record of events within a workspace, capturing various actions and changes. They record events such as user activities, workflow changes, and resource modifications. Typically, log entries are created immediately after an action is taken. The audit logs include the event occurrence, timestamp, the user or service that initiated the action, and the affected entity.

To enhance the security and oversight of your workspace, audit logs could be streamlined to a SIEM or bucket using Torq workflows, steps, or API.

Looking Ahead

As cyber threats evolve, Torq’s security journey doesn’t stop here. Signing the CISA Secure by Design Pledge is just one of many steps we’re taking to ensure our platform remains a trusted partner for businesses worldwide. Our team will continue to innovate, collaborate, and advocate for security practices that benefit not only our customers but the broader digital ecosystem.

We’re excited about this new chapter and its meaning for our customers. By seamlessly integrating security into our solutions, we’re not just mitigating risks — we’re enabling your success.

Stay tuned for more updates on how we’re driving security excellence at Torq, and feel free to reach out if you have any questions about our Secure by Design journey.

Share

Related Articles

Integrations

Cloud Security Automation with Torq + Sweet Security

By Torq
February 4, 2025
5 Minute Read
Learn how Torq and Sweet Security empower SOCs to detect threats in real-time with cloud security automation, neutralizing threats in minutes, not days.

Contents

For security teams, resolving a cloud incident takes an average of 10 days — time attackers can exploit to cause further damage. The problem? SOCs often lack the context and cloud security automation they need to respond faster. That’s where the partnership between Torq and Sweet Security changes the game.

Why SOCs Need Torq and Sweet Security

Sweet Security delivers the real-time, cloud visibility SOCs need to identify threats quickly and accurately. Torq takes it further by automating the response process, bridging the gap between detection and action. Together, they empower SOC teams to neutralize threats in minutes — not days — reclaiming control over their cloud environments and staying ahead of attackers.

Sweet Security: Raising the Bar for Cloud Detection and Response

Sweet Security approaches cloud protection with precision and expertise that stands apart. Their platform combines unified cloud visibility across the cloud infrastructure, workloads, and applications with deep runtime context, enabling SOCs to detect and neutralize real-time threats as they unfold. By integrating cutting-edge, cloud-native technologies, Sweet equips security teams to handle even the most sophisticated attacks with confidence and resilience. 

Sweet’s Detection & Response capabilities reduce MTTR by enriching incident insights with detailed information on human and non-human identities, including roles, users, and service accounts. By correlating siloed cloud events into a comprehensive attack story and leveraging an advanced threshold mechanism to minimize false positives, Sweet ensures deeper context and alerts only on high-probability malicious incidents. Seamless orchestration with Torq further amplifies these capabilities.

Torq Hyperautomation: Transforming SOC Operations

Torq has redefined what’s possible for SOCs by enabling Hyperautomation across workflows. With Torq, SOC teams can design, deploy, and scale automated incident responses — reducing manual work and freeing analysts to focus on critical decision-making. Whether it’s accelerating the triage process, auto-remediating threats, or optimizing collaboration between tools and teams, Torq’s platform brings unmatched speed and precision to security operations.

Together, Torq and Sweet Security’s integration achieves what was once thought impossible: full-spectrum cloud protection, automated at scale.

What the Integration Delivers to SOC Teams

Torq and Sweet’s integration creates a seamless threat detection and resolution pipeline. Here’s how:

  1. Unified cloud visibility meets real-time automation: Sweet Security provides SOCs unparalleled insight into cloud environments, while Torq transforms these insights into automated actions. When Sweet’s platform identifies an anomaly, Torq can immediately trigger a workflow to respond to the threat.
  2. Proactive incident response: Cloud attacks often unfold in seconds, leaving SOC teams little time to react. With this integration, Sweet’s real-time detection feeds directly into Torq’s cloud security automation workflows, enabling SOCs to mitigate threats faster. For example, Sweet’s advanced capabilities allow for the detection of the human identity responsible for an incident and the ability to directly question the user about their activity — without requiring SOC intervention.
  3. Customizable workflows for every cloud environment: No two organizations operate the same cloud stack. Torq’s no-code platform allows security teams to tailor response workflows that align perfectly with their unique cloud setups, ensuring that Sweet Security’s detections are met with tailored, effective responses.
  4. Enhanced SOC efficiency and morale: Automation doesn’t just eliminate repetitive tasks — it empowers SOC teams to operate at their best. By integrating Sweet’s intelligence with Torq’s workflows, analysts are no longer bogged down by manual processes, allowing them to focus on strategic initiatives that strengthen overall security posture.

A Use Case: From Detection to Mitigation in Minutes

Imagine this scenario: Sweet Security identifies unusual activity in a cloud environment, flagging a misconfigured container with potential malware. The alert triggers a prebuilt Torq workflow that:

  • Enhances alerts with additional context from threat intelligence sources, as well as data from cloud provider APIs and log services, such as AWS CloudTrail and CloudWatch.
  • Automatically reaches out to asset owners through Slack or Microsoft Teams, enabling them to remediate minor issues without involving the SOC.
  • Isolates the container while verifying the presence of malware.
  • Deploys a remediation script to correct the misconfiguration.
  • Directly engages the suspected user to verify their activity — eliminating the need for SOC intervention.

All of this occurs in minutes — not hours or days — significantly reducing the attack’s impact.

Example cloud security automation workflow with Torq and Sweet Security.

Looking Ahead: Strengthening the Future of Cloud Security

The Torq and Sweet Security partnership isn’t just about solving today’s cloud security challenges — it’s about preparing SOCs for the future. With the increasing sophistication of cloud-native attacks, the ability to integrate real-time detection with scalable automation will be a non-negotiable for every security team.

At its core, this collaboration underscores a simple but powerful truth: when detection meets automation, SOCs can achieve extraordinary outcomes. By combining Sweet Security’s advanced cloud-native detection with Torq’s Hyperautomation platform, security teams are no longer playing catch-up. They’re setting the pace.

Ready to See Cloud Security Automation in Action?

For a detailed walk-through on integrating Torq and Sweet, check out the Knowledge Base article

To learn more about how Torq and Sweet Security are transforming cloud security, schedule a demo today and experience the future of SOC operations firsthand. 

Share

Related Articles

Insights

Torq Announces 300% Revenue Growth and Opens EMEA HQ in London

By Don Jeter, CMO, Torq
January 28, 2025
4 Minute Read
Torq’s new London headquarters

Contents

Last year was an absolutely amazing year for Torq. The stats are just mind-blowing: 300% revenue growth and 200% employee growth. We also closed our $70M Series C round, bringing our total funding to $192M.

In 2024, we officially closed the door behind us on SOAR and blew open the door ahead for Torq Agentic AI security solutions, which are now used by some of the biggest names in cybersecurity, consumer packaged goods, industrial automation, retail, and telecommunications. We’re talking about companies you know and love, like Abnormal Security, Check Point Security, Chipotle Mexican Grill, Deepwatch, Inditex (you may know them better by their brands Zara, Bershka, and Pull & Bear), Informatica, PepsiCo, Procter & Gamble, Siemens, Telefonica, and Wiz. And our unique security operations approach was validated by Gartner, IDC, Forrester, and GigaOm

EMEA Expansion and New London HQ

Well, guess what? We’re just getting started. In 2024, Torq achieved incredible market penetration across North and South America, and APAC, where Torq HyperSOC and Torq Hyperautomation products are now firmly established as the premiere Agentic AI and autonomous SOC solutions of choice for global enterprises. And now, I’m so pleased to let you know we’ve dramatically expanded operations across EMEA. 

We’ve got brand new EMEA headquarters in London, and we’ve appointed Usman Gulfaraz as our new VP of EMEA Sales. Usman is a high-octane, phenomenal leader, who was most recently responsible for global revenue at Speechmatics. Previously, he ran EMEA for Tessian, which he helped lead to acquisition by Proofpoint. And prior to that, he ran EMEA for Shape Security which he helped lead to acquisition by F5.  We’ve also just appointed Jaicee Matthews as our Head of EMEA Marketing. Jaicee previously led marketing teams for GTT, Edgio, and Lumen Technologies. Both of them are based in London.

I asked Usman for his thoughts and here’s what he told me: “I’m absolutely elated to join this world-class team of cybersecurity professionals making such a huge difference for enterprises around the world. Every day, I’m increasingly hearing from EMEA customers and prospects about their excitement about Torq HyperSOC featuring our Agentic AI Multi-Agent Framework. Demand is so high for Torq, I barely have time to write this quote for you, Don. The sky’s the limit for Torq and the fact that my email and phone are constantly blowing up says it all.”

Accelerating EMEA Partner Momentum

Our EMEA partner base is also increasing by leaps and bounds. It already includes AdvanceSec, Bytes Software Services, Check Point, GlobalDots, Nubera, Nueva Group, Softcat, Tata Group, Wiz, and WWT, with dozens more about to sign. 

Here’s what Adam McCaig, Head of Security Strategy and Services at Bytes Software Services, had to say: “We’re thrilled to partner with Torq and continue to deliver innovation that matters to our customers. Demand for Torq’s game-changing Hyperautomation Platform and Torq HyperSOC continues expanding exponentially. Together, Torq and Bytes Software Services are making enterprise SecOps teams across EMEA more productive and focused with their AI-driven SecOps and autonomous SOC solutions, ensuring organizations can mitigate existential security issues before they have a chance of creating adverse impacts.”

Focus on Autonomous SOC

In 2025, you can expect even more generational, transformational shifts from Torq as we take our AI-driven, autonomous SOC focus to the next level. You’re going to witness some of the most innovative product and capability unveilings in the history of modern cybersecurity. We’re going to deliver on the promise of true autonomy and introduce SecOps efficiencies and productivity boosters the likes of which you’ve never seen before.

We can’t wait to show you what’s coming up!

Share

Related Articles

Hyperautomation Product

AI-Driven Case Management Built for the Modern Security Team

By Torq
January 22, 2025
5 Minute Read
Traditional security defenses are failing. Learn how AI case management from Torq combats the crisis of overburdened SecOps teams and escalating threats.

Contents

Case management for modern SOCs can be a maze of endless alerts, overwhelming data, and intense pressure. Legacy solutions often exacerbate these issues with rigid workflows, limited automation capabilities, and a lack of real-time adaptability, leaving teams ill-equipped to handle the growing complexity of threats. The volume of cases, manual workflows, and processes leave analysts overwhelmed, exhausted, and struggling to keep pace. Traditional approaches just don’t cut it and leave teams feeling stuck in a constant state of frustration.

Applying Agentic AI to Case Management

Torq HyperSOC is an AI-driven case management solution crafted by industry veterans with decades of experience leading SOC transformations and developing cutting-edge security solutions. With a deep understanding of operational pain points, Torq built a robust platform to address these challenges. By Hyperautomating mundane, time-consuming case management tasks, Torq’s system of AI Agents acts as a reliable team of analysts who never tire. 

This AI-driven approach to case management cuts through the noise, prioritizes what truly matters, and speeds up the entire security operations lifecycle so human analysts can redirect their energy toward strategic thinking and complex investigations.

Torq’s Agentic AI, combined with the power of Hyperautomation, turns traditional case management chaos into a coordinated, manageable effort.

Here’s How:

Socrates, the AI SOC Analyst

Socrates, Torq’s AI SOC Analyst, follows your organization’s established runbooks and remediation protocols to orchestrate critical tasks such as endpoint quarantines and account lockdowns. Socrates analyzes historical case data, enriches cases with third-party threat intelligence, and autonomously handles 95% of Tier-1 cases.

For critical cases that do require human-in-the-loop remediation, Socrates coordinates your subject matter experts, escalates cases through the appropriate collaboration channels, and eliminates operational silos to streamline decision-making.

This seamless integration of Agentic AI into the DNA of your case management strategy ensures swift and coordinated responses, so nothing slips through the cracks, like having a trusted colleague who never sleeps and is always ready to jump in and handle the heavy lifting at machine speed.

AI-Generated Case Summaries

With so many incidents to handle, digging through endless lines of raw data can be overwhelming — especially when time is of the essence. Through AI-generated case summaries, Torq’s Case Management Agent distills intricate datasets into concise, actionable insights.

These AI case summaries quickly give analysts the essence of complex incidents without having to sift through mountains of logs, IOCs, and other event data linked to the case. By organizing and contextualizing case details into a consistent structure — i.e., “what”, “when”, “impact”, and “key indicators” — these summaries drastically reduce the time it takes for a human analyst to get caught up and take decisive response action, especially in situations like SOC shift transfers. It’s like having a seasoned mentor beside you, simplifying complicated cases so anyone, from a Tier-1 to a Tier-3 analyst, can make high-impact decisions more quickly and confidently.

Event Ingestion and Correlation

Imagine a security tool that consolidates over 300 data sources. Torq HyperSOC does just that. It gathers massive amounts of information in seconds and synthesizes data from your SIEM, EDR, IAM, and more while creating contextual cases at scale — without impacting the availability or usability of the case management platform.

This intelligent aggregation not only speeds up the discovery of threats but also dynamically updates existing cases as incidents unfold. AI-driven case management prioritizes what matters, filtering out the noise so analysts can focus on pressing issues without being bogged down by irrelevant data.

Achieving Autonomous Case Management

By combining Agentic AI with a powerful Hyperautomation engine, applied to a purpose-built case management platform, Torq HyperSOC automates routine triage and remediation processes with surgical precision.

Consider a simple but common headache of handling phishing responses. Torq’s AI swiftly analyzes suspicious emails, flags malicious links, and employs URL sandboxing to neutralize threats within seconds. Torq also automates account remediation, ensuring that compromised accounts are contained quickly to prevent further damage. By doing so, Torq frees up analysts to concentrate on more complex, high-stakes challenges, reducing manual workload and minimizing fatigue.

What Does AI Case Management Mean for the Future of Security Operations? 

Torq’s AI-driven case management capabilities remove security teams from a constant reactive mode. It does so by leveraging historical data and real-time analysis to detect anomalies that might signal trouble ahead. Maybe a sneaky vulnerability is lurking in your network, or a misconfiguration is about to open the door to bad actors — AI can spot these issues instantly, sometimes even before anyone else does.

By embedding AI into every case management stage, Torq HyperSOC transforms security teams’ operations, enabling human analysts to step in only when their experience is truly needed. Tasks that once took days are done in seconds, human errors shrink, and teams can finally breathe a little easier knowing the Autonomous SOC is within their reach.

Curious how this works in action? Schedule a demo and see firsthand how AI case management can speed up SOC operations, reduce stress, and make dealing with cybersecurity threats more manageable.

Share

Related Articles

AI

Maximizing AI Autonomy: Achieving Reliable AI Execution Through Structure and Guardrails

By Gal Peretz
January 21, 2025
5 Minute Read

Contents

Gal Peretz, Head of AI & Data at Torq

Gal Peretz is Head of AI & Data at Torq. Gal accelerates Torq’s AI and data initiatives, applying his deep learning and natural language processing expertise to advance AI-powered security automation. He also co-hosts the LangTalks podcast, which discusses the latest AI and LLM technologies.

Our previous blog post explored how planning with AI systems can set the stage for smooth collaboration between humans and machines. However, a solid plan alone isn’t enough. The next step is orchestrating the execution — ensuring that the AI system can carry out tasks autonomously while maintaining guardrails that prevent errors, hallucinations, or false actions.

The Challenge of Direct Execution: LLMs Alone Aren’t Enough

Moving from a free-text runbook to execution without a structured schema is where most AI implementations fail. While large language models (LLMs) are powerful, they continue to struggle with AI autonomy due to:

  • Hallucinations: Making incorrect assumptions or executing invalid steps.
  • Ambiguity: Choosing the wrong tools or extracting incorrect arguments from the execution context to pass to the next step.
  • Lack of Determinism: Struggling to execute tasks consistently without a clear structure, often leading to indeterministic execution where the AI agent may jump between steps out of order or skip them altogether.

Simply put, letting the LLM orchestrate execution without structure and guardrails lacks the precision needed for a reliable execution process.

Streamlining the Execution of a Clear and Reliable Plan

To address this, Torq implements a concrete structured execution scheme that ensures Torq’s AI system performs tasks deterministically and without ambiguity. Once the high-level plan is developed, the AI extracts each step as an atomic unit — clear, precise, and sequential. 

This structured approach eliminates the risks of indeterministic execution, where the AI agent might skip steps, go out of order, select incorrect tools, or misinterpret arguments due to vague instructions. 

Think of it like following a recipe step by step: after deciding to ‘make dinner,’ you break your activities into clear, sequential micro-tasks like ‘bring water to a boil’, then ‘add pasta to the water.’ 

Similarly, Torq built our AI to execute a detailed plan one micro task at a time, in the right order. This allows Torq’s AI system to analyze and break down instructions and examples for each step, ensuring the AI completes the overarching task accurately. By eliminating ambiguity, the structured execution guides the AI to select the right tools and arguments at every stage, delivering consistent and reliable results.

AI Guardrails: Balancing AI Autonomy and Control

While we aim to maximize AI autonomy, balancing it with guardrails is critical to ensuring its safe and reliable execution. These guardrails act as safety nets that prevent the AI from taking false or unintended actions, ensuring human oversight remains available when necessary.

The key is for the AI to be able to break down the execution process into atomic steps that it can handle precisely. The system then focuses on clear micro-tasks for each step, reducing ambiguity and enabling the AI to perform confidently. 

However, when the AI encounters uncertainty — such as ambiguous context, missing tools, or incomplete arguments — it pauses execution and escalates the decision to a human operator. This human-in-the-loop mechanism mitigates the risks of hallucinations or incorrect tool usage, providing a safety checkpoint before the AI proceeds.

By combining structured execution with these dynamic guardrails, we can push the boundaries of AI autonomy. This allows the AI to operate efficiently and autonomously in most cases, saving significant time and resources while ensuring that safety and accuracy are never compromised.

Screenshot showing an example of an AI system seamlessly delegating control to a human when it lacks permission to execute a critical task, demonstrating how AI autonomy and human oversight work together seamlessly.
Figure 1: Example of an AI system seamlessly delegating control to a human when it lacks permission to execute a critical task, demonstrating how AI autonomy and human oversight work together seamlessly.

Reliable AI-Powered Execution at Scale

Orchestrated execution unlocks AI’s full potential by combining precision, autonomy, and control. By leveraging a step-by-step structure, AI can focus on atomic tasks, ensuring consistency and reliability at every stage. This approach streamlines workflows requiring constant human intervention, enabling AI to act efficiently while remaining grounded in a structured plan.

For Security Operations Center (SOC) teams, this translates to faster and more reliable execution of security runbooks at scale. This reduces the need to micromanage AI-powered SOC processes or perfect the prompts to control the AI, giving SOC teams more time for higher-value tasks while ensuring confidence in the AI’s structured execution.

The Future of AI Autonomy in the SOC

Choosing solutions that orchestrate AI execution with appropriate guardrails is critical for building trust, efficiency, and precision in today’s SOC operations. AI that structures execution as a series of deterministic micro steps and balances AI autonomy with human oversight allows SOC teams to confidently rely on AI systems to streamline their workflows.

This collaborative approach enables SOC analysts, engineers, and managers to:

  • Maintain control over automated processes
  • Trust in AI’s reliability for step-by-step execution
  • Focus on higher-value work while reducing uncertainty

The result is a stronger, more efficient autonomous SOC environment where human expertise and AI capabilities work seamlessly together. Schedule a demo today.

Read the rest of Gal’s blog series about AI in the SOC:

Share

Related Articles

Hyperautomation Product Use Cases

Impossible Travel Detection with Torq: Defend Against the Most Prominent and Expensive Breach

By Brian Higgins
January 13, 2025
5 Minute Read

Contents

With widespread remote work and global access, organizations face mounting challenges in securing user identities against sophisticated threats. One critical identity risk signal is impossible travel, where a user appears to log in from two unrecognized, geographically distant locations within an unrealistic timeframe, indicating the possibility of compromised credentials or session hijacking.

Identity is the New Security Perimeter

According to IBM, stolen or compromised credentials account for up to 40% of malicious incidents in Fortune 500 companies. These breaches also rank among the most expensive, adding over $1 million in costs per incident. Despite best practices like multi-factor authentication (MFA) and employee security training, the human element remains the weakest link — 68% of breaches stem from social engineering or user error.

To address identity-driven threats efficiently, organizations must shift from reactive security models to automated, identity-centric operations (IdentityOps). Torq enables security teams to detect and remediate compromised credentials in real time without adding operational burden.

Automating Identity Threat Detection with Torq

To save security analysts from legacy systems and alert fatigue, Torq created an Impossible Travel Detection workflow to eliminate reliance on legacy, manual security processes. Torq automates Impossible Travel Detection with your existing best-of-breed toolstack. 

With 300+ integrations, this workflow can integrate with Okta, Microsoft Entra (Azure AD), Google IAM, and other leading identity providers, leveraging geolocation, user behavior analytics, and AI-driven security automation to identify and block suspicious logins instantly.

How To Detect Impossible Travel

Torq autonomously triggers its detection workflow based on successful login events from your identity access management (IAM) provider of choice (i.e., Okta, Microsoft Entra, Google IAM, etc.) and follows this streamlined identity-centric process:

  1. Login Event Capture → Activates the workflow when a user logs into Okta (or another IAM solution).
  2. Geolocation Analysis → Determines the IP address’s physical location via integrated intelligence tools.
  3. Historical User Behavior Comparison → Compares the login’s geolocation with previous locations stored as identity baselines.
  4. Distance & Speed Calculation → Uses the Haversine formula to determine the travel distance and computes implied travel speed.
  5. Anomaly Detection → Flags logins that exceed a predefined speed threshold (e.g., 1,000 km/h).
  6. Risk Scoring & Identity Context Awareness → Incorporates additional risk intelligence to minimize false positives.

By analyzing real-time user behavior and risk signals, Torq enables automated, intelligent decision-making to determine whether a login attempt is legitimate or an identity-based attack.

Beyond Geolocation: Intelligent Identity Threat Analysis

The power of IdentityOps lies in your ability to integrate across the security ecosystem — leveraging multiple threat intelligence and user behavior signals to detect, assess, and remediate compromised identities dynamically.

Advanced Risk Signals Integrated into Torq’s IdentityOps Workflow

Torq enriches Impossible Travel Detection with best-in-class security integrations, ensuring high-fidelity threat identification through:

  • IP Reputation Enrichment → Queries VirusTotal, Recorded Future, or CrowdStrike to determine if the login originates from a known malicious or suspicious source.
  • User Behavior Profiling → Establishes a historical baseline of each user’s login habits to detect anomalous patterns.
  • Context-Aware Decisioning → Analyzes additional identity context, VPN usage, corporate IP addresses, and cloud service access patterns to reduce false positives.

These multi-layered identity security checks ensure precision threat detection while maintaining a seamless user experience.

User Verification and Automated Remediation

With this workflow, Torq detects potential takeovers. Then, Torq automatically engages users and security teams for real-time resolution.

Step 1: User Notification & Verification

When a potentially suspicious login is detected, Torq immediately alerts the user with a contextual security challenge:

🚨 Suspicious Login Detected

We noticed a suspicious login to your account from [Geo IP City]; your last login was from [Cache Geo IP City].

📍 Distance between logins: [Calculated Distance]

❓ Do you recognize this login as yours? [Yes] / [No]

This proactive approach serves three key purposes:

  1. Alerts the user of potential credential compromise.
  2. Provides contextual insight into login activity.
  3. Engages users in real-time identity verification.

Step 2: Adaptive, Automated Remediation

If the login is verified as legitimate, Torq updates the user’s location history, adds a security audit log, and continues normal operations.

If the login is denied (or is ignored or times out), Torq automatically initiates remediation by:

  1. Forcing an immediate password reset.
  2. Sending a secure password reset link to the user via email.
  3. Notifying the security team via Slack, SIEM, or ITSM.
  4. Creating an incident ticket for tracking and investigation.

Optional: AI-Driven Investigation & Escalation

If a high-risk event is detected, Torq triggers an escalation workflow that can automate additional security responses — such as disabling the account, revoking OAuth sessions, or requiring reauthentication through step-up MFA.

IdentityOps with Complete Flexibility & Customization

Torq is a highly flexible, fully integrated no-code/low-code solution that allows security teams to tailor IdentityOps workflows to exact requirements with:

Organizations can fine-tune Impossible Travel Detection to align with their unique security policies, compliance needs, and identity protection strategy.

Bringing IdentityOps to Life with Torq

By shifting to IdentityOps automation, security teams can radically transform how they detect, manage, and respond to identity threats. Torq’s Impossible Travel Detection workflow offers a scalable, intelligent, and automated approach to protecting user accounts — reducing incident response times, analyst workloads, and security gaps.

Instead of relying on reactive security controls and manual investigations, Torq proactively enforces identity security at scale — ensuring only trusted users access your most sensitive resources. 

Sign up for a demo to see it in action. Current users can start customizing the workflow template today.

Share

Related Articles

AI

Cut Through the Hype: Tips for Evaluating AI Solutions for an Autonomous SOC

By Torq
January 9, 2025
6 Minute Read
What are the best AI cybersecurity tools for achieving an autonomous SOC? Learn how to evaluate Agentic AI for SecOps.

Contents

As C-suites and boards are bombarded with headlines about AI revolutionizing cybersecurity, it’s no wonder they’re putting pressure on SOC leaders to adopt AI. The promise of AI in the SOC is rightfully alluring. An AI-native autonomous SOC has the potential to create a world where AI Agents collaborate with each other to take care of repetitive tasks and handle the majority of low-level alerts, freeing your human team up for strategic, proactive work. 

The hurdle? The AI cybersecurity landscape is swarming with vendors — and new ones are seemingly popping up out of stealth mode every day with shiny marketing and grand claims. 

This leaves SOC leaders wading through the noise to figure out which tools are overexaggerated AI-washed vaporware and which ones are truly operational, integrated, and trustworthy. Below are some tips for cutting through the hype to find the right AI solutions to help build an autonomous SOC. 

Start with the End Goal in Mind — and Think Big Picture

How do useful AI cybersecurity tools impact operational outcomes, functional goals, and strategic objectives?

Step back and start with the big picture. To avoid “scattergun” AI adoption in the SOC that leads to a flood of AI-generated alerts with no context or prioritization, begin by defining clear AI objectives aligned with your overarching security strategy. Before you dive into the AI vendor pool, take a moment to reflect on your SOC’s practical needs. What are your biggest pain points? Where could AI make the biggest impact? Are your analysts drowning in a sea of alerts? Or are they having to spend too much time on tedious tasks? Prioritize AI solutions that directly address these day-to-day challenges.

“I believe the successful use of AI in SOC operations shows up in practical outcomes. With Torq Agentic AI, the answer is ‘yes’ to questions such as: Are analysts happier? Are they sticking around? Do they have time to focus on more interesting and complex investigations? Are MTTM and MTTR lower? Torq Agentic AI extends and enhances our team so it can make better decisions more quickly — resulting in stronger security all around.”

– Mick Leach, Field CISO, Abnormal Security

Leverage AI for tasks where human limitations — such as fatigue and information overload — lead to inefficiencies. Generative AI-powered AI Agents are adept at tasks involving natural language processing and the creation of logical workflows. This makes AI ideal for automating repetitive, monotonous tasks, intelligently triaging alerts and autonomously handling incidents, and providing real-time insights and recommended next steps to speed up human decision-making. In turn, human analysts are freed up to focus on strategic activities and make faster, more informed decisions, significantly improving overall efficiency and effectiveness.

Think holistically to maximize the value of your investment. One-off AI tools from different vendors can’t add up to an autonomous SOC because they can’t connect security signals across your stack and provide meaningful, context-rich insights. Prioritize investing in a centralized automation platform with enterprise-grade scalability and the ability to integrate with every solution in your security environment. Purpose-built AI Agents for the SOC built on this foundation can work as a unifying force at the heart of your security stack to correlate disparate event data, uncover deep, contextual insights, and accelerate efficiency gains across your security operations.

Stay ahead of threats by keeping up with autonomous SOC advancements. Hyperautomation is now table stakes for Security Operations, demanding platforms with native, fully embedded AI capabilities rather than bolted-on GPT wrappers. Agentic AI,  the new frontier for delivering on the promise of the autonomous SOC, is now a reality. Torq just announced a groundbreaking Multi-Agent System for security operations with specialized AI Agents that collaborate, plan, and reason to autonomously analyze and resolve security threats. 

“SecOps organizations that adopt GenAI-based Hyperautomation will benefit from the most advanced LLMs ever, enabling analysts to auto-analyze more events and identify novel threats at the beginning of their cascade of potential impact, rather than after they’ve had a chance to create serious damage. GenAI will also further democratize SecOps, so employees at all levels are able to deploy, manage, and monitor Hyperautomation systems.”

– Leonid Belkind, Torq CTO and Co-Founder | 2025 Predictions: How GenAI and Hyperautomation Will Reshape SecOps and Threat Landscapes

Tips for Evaluating AI Cybersecurity Tools for the SOC

Establish your evaluation criteria: Given the potential risks associated with AI solutions, careful third-party risk management is crucial.  Collaborate with IT teams, business leaders, and legal to ensure alignment with company-wide AI usage policies. Below are some key considerations when choosing a vendor for AI in the SOC:

  • Flexibility and integration: Make sure the AI solution you choose can easily integrate with your existing security stack and ingest and intelligently transform data in any format. A flexible platform that can adapt to your evolving needs is essential so you don’t get locked in. 
  • Security and privacy: Any solution deployed in your SOC should meet enterprise-grade security standards and have tiers of controls to protect data confidentiality. 
  • Transparency: One of the most crucial elements for building trust in AI is to ensure the model can explain why it made the decisions it made and how it came to the conclusions it did. 
  • Human-AI collaboration: Effective AI Agents in the SOC facilitate a collaborative, back-and-forth relationship with the human analysts they work with, clearly communicating its capabilities and limitations. When encountering roadblocks, the AI should seek human input or validation.

Ask the right questions: Overexaggerated,  misleading, and outright false claims about AI capabilities are all too common. We’ve got a list of 40 questions to help you understand a vendor’s AI capabilities, integrations, and more, such as:

  1. Is all customer data encrypted in transit? Is stored data encrypted on disk? Is data stored in vendor data centers or only in memory? 
  2. What countermeasures does the solution have in place to prevent AI hallucinations?
  3. Does the system keep immutable records of all inputs and outputs for AI-driven actions?
  4. Does the solution have robust and versatile role-based access controls? 

Refine your shortlist: Use your evaluation criteria to narrow down your list of potential vendors. Consider factors like cost, features, and vendor reputation. Conduct thorough research and request demos from your shortlisted vendors. 

Test before you invest: The proof of whether an AI solution is vaporware or truly operational is in the POC. Ask for demos and conduct a proof-of-concept for a key use case to see the AI solution in action in a controlled environment. Pay attention to the scalability, ease of use, and overall performance. 

Consider long-term partnerships: Build strong relationships with vendors who can provide ongoing support and innovation. Ask about their AI product roadmap.

40 Questions to Ask AI SOC Vendors

To help you sharpen your evaluation of AI solutions for the SOC, we’ve put together this list of 40 critical questions to ask vendors. Cut through the noise of “AI-washed” marketing and dig into the AI’s operational and integration capabilities to ensure you get real value.

Get the List
Share

Related Articles

AI Hyperautomation Product

The AI SOC Analyst: How Torq Socrates Automates 90% of Tier-1 Analysis With Generative AI

By Leonid Belkind, CTO and Co-Founder, Torq
January 7, 2025
7 Minute Read
What is an AI SOC Analyst? Find out how Torq Socrates revolutionizes SOC operations with Generative AI.

Contents

Meet Torq Socrates and learn how a Large Language Model (LLM)-powered AI SOC Analyst can revolutionize SecOps.

Artificial intelligence (AI) in the SOC has generated significant hype in recent years, and separating the promise from reality can be challenging. However, at Torq, AI is not just a concept — it is a reality that is revolutionizing the SecOps field, specifically in the area of Tier-1 security analysis. 

This is increasingly important as cybercriminals become more sophisticated in their tactics and techniques, including using AI to launch attacks at scale. Traditional security tools continue to fall short in detecting and mitigating modern attacks effectively, driving the need for AI-powered autonomous SOC solutions that can reduce the burden on human analysts and shore up defenses.

Introducing Torq Socrates, the AI SOC Analyst

Torq Socrates, the AI SOC analyst, introduces dramatic new efficiencies and incident response accuracy by hyperautomating key security operations activities using AI. This alleviates security analysts’ critical challenges, including alert fatigue, false positives, decreased visibility, and job burnout. Socrates is an AI Agent based on cutting-edge Large Language Models (LLMs)  and Generative AI that intelligently analyzes and understands organizations’ unique SOC playbooks to become an integral extension of their SOC teams.

Imagine having a bird’s-eye view of your complete enterprise environment from on-premise, hybrid to full SaaS applications, with all the relevant information at your fingertips. Torq Socrates makes this dream a reality by utilizing the security tooling already connected to the Torq Hyperautomation platform and performing any actions and activities only when explicitly authorized.

What is an AI SOC Analyst? 

An AI SOC Analyst, sometimes known as an “AI SOC Agent”, can serve as an extension of SOC teams that automates incident response by interpreting natural language instructions in security runbooks to execute tasks such as alert triage, containment, and remediation actions. Human analysts remain in control of the processes and critical decisions and can interface with AI agents using natural language for additional enrichment, investigation, and recommended next steps.

AI SOC Analysts are a key component of an AI-powered SOC.

How an AI SOC Analyst Uses LLMs to Perform Tier-1 Tasks

So, how does this transformation happen? Let’s journey through a typical security event and see how tasks previously handled by human analysts are now handled with unprecedented efficiency by Torq’s AI SOC Analyst, Socrates.

Watch Socrates, Torq’s AI SOC Analyst, following the guidelines in a SOC runbook to triage a case automatically.

1. Automatic Runbook Analysis

When a security event arises, an analyst traditionally consults a “runbook” – a guide specifying the response to that specific type of event. Today, these “runbooks” exist in all modern SOCs and are prepared by senior architects to benefit Tier-1 and Tier-2 analysts.

Torq Socrates automatically analyzes runbooks written in natural language, typically containing step-by-step procedures for handling various security incidents. By analyzing the semantic meaning of the natural language instructions, the AI SOC Analysts derives action flow from the recommended response strategies for different security events.

The imported runbook is written in natural language that Socrates, the AI SOC Analyst, analyzed, “understood,” and can follow.
The imported runbook is written in natural language that Socrates, the AI SOC Analyst, analyzed, “understood,” and can follow.

2. Workflow Choice to Perform the Designated Runbook Actions 

The next step for a human analyst is to carry out the activities outlined in the runbooks, choosing the proper tool and executing the instructions.

Based on the content of the runbook, the AI SOC Analyst utilizes its semantic analysis capabilities to suggest suitable workflows and security tools from the list of ones explicitly made available inside the Torq platform. These workflows align with the specific steps outlined in the document conveyed in natural language. 

Each workflow made available to Torq Socrates comes with a natural language description of the tasks it can accomplish.

Torq Socrates performing the initial actions within the runbook.
Torq Socrates performing the initial actions within the runbook.

3. Interpreting the Outcome of Executed Actions to Follow the Next Step Prescribed by the Runbook

Various security tools available in the arsenal of Tier-1 SOC analysts can return a large amount of detailed information. The analyst’s goal is to try and synthesize this information into a decision about which next steps should be taken according to the runbook’s guidance.

An LLM-powered AI SOC Analyst like Socrates excels at processing both structured and unstructured security tool data. This enables it to analyze complex information and create dynamic decision trees based on runbook analysis. These decision trees adapt to the specific context of each incident, allowing for more efficient and accurate incident handlingFor example, Socrates can determine: Is the file malicious? Is the user a very important person (VIP)? Is the activity frequent or infrequent during a specific time period indicating anomalous behavior?

Execution showing the Torq AI SOC Analyst's semantic interpretation of a threat intel result.
Execution showing the Torq AI SOC Analyst’s semantic interpretation of a threat intel result.

4. Leveraging Knowledge of Security Frameworks for Context

More experienced alert triage specialists bring their own contextual knowledge and understanding of networking, endpoint architecture, and attack techniques into the mix.

LLMs are trained on an immense body of natural language documents containing information about the above and more. This allows the semantic analysis of an LLM to match between the observed outcome of a security tool and the technique described in a documented framework, such as the MITRE ATT&CK framework.

Using the above technique, Torq’s AI SOC Analyst Socrates leverages the information available in numerous documents describing attack frameworks, such as the MITRE ATT&CK framework, and maps its tactics and techniques to the outcomes observed in the security event being analyzed.

Intelligent modeling with Torq’s AI SOC Analyst Socrates enables it to mimic a human-like thinking process, correlating information efficiently and mapping the appropriate outcomes to common frameworks like the MITRE, NIST, and more.
Intelligent modeling with Torq’s AI SOC Analyst Socrates enables it to mimic a human-like thinking process, correlating information efficiently and mapping the appropriate outcomes to common frameworks like the MITRE, NIST, and more.

5. Automated Incident Investigation

Just as human analysts rely on insights from the runbook, Socrates can assist in automating investigation or even incident response tasks. This includes executing tasks such as alert triage, data enrichment, containment, and remediation actions, which speeds up response times and reduces the manual effort required from analysts.

Socrates utilized Splunk, Crowdstrike Falcon, and a Microsoft Windows WMI query information to distill the relevant information to the SOC analyst.
Socrates utilized Splunk, Crowdstrike Falcon, and a Microsoft Windows WMI query information to distill the relevant information to the human SOC analyst.

6. Summarizing Relevant Security Case Information

An important pillar of any operational practice is meticulous documentation of all actions taken, decisions, and achieved outcomes. 

LLMs have proven to be efficient at rephrasing and summarizing large amounts of natural language text. Torq Socrates leverages this capability to summarize the “conclusions” and desired next steps, and document them in the “case timeline.”

Torq Socrates summarized the findings and actions taken of the security event and automatically added them to Torq’s built-in ticket management system timeline.
Torq Socrates summarized the findings and actions taken of the security event and automatically added them to Torq’s built-in ticket management system timeline.

Reducing the Burden on Tier-1 SOC Analysts with AI

Here’s a summary of how Torq Socrates uses powerful LLMs to perform Tier-1 SOC analyst duties:

Human Tier-1 AnalystAI SOC Analyst
1. Tier-1 analysts work strictly according to defined runbooks1. LLMs effectively analyze natural language text to and break runbooks down into components.
2. Analysts match directives from the runbooks with tools at their disposal.2. LLMs are effective at finding similarities, in this case, between a “desired action” and an “available tool to execute this action.”
3. Analysts digest the output of different tools to choose the correct follow-up course of action.3. LLMs semantically analyze the output of different tools and match it to the runbook directives related to follow-up steps.
4. Analysts can bring in context from their training.4. LLMs can load related context from the myriad of documents scanned during the model’s training.
5. Analysts are required to document all actions taken and the reasoning behind the conclusions. 5. LLMs summarize the matches made and audit all the performed activities.
See how human security analysts can leverage Torq’s AI SOC Analyst, Socrates, to assist the triage of security alerts.

Torq Socrates is designed to handle up to 90% of Tier-1 triage actions by mapping the tasks and activities of human Tier-1 analysts to use cases leveraging LLMs. With Torq Socrates as their AI SOC Analyst, human security analysts remain in charge of processes and outcomes. The AI-powered system introduces dramatic new efficiencies and incident response accuracy, alleviating security analysts’ most critical challenges.

Get the latest on Torq’s AI capabilities >

Share

Related Articles

Integrations

Simplifying Non-Human Identity Security with Torq and Clutch Security

By Torq
December 18, 2024
3 Minute Read
Learn how Clutch Security and Torq are reshaping non-human identity management and security — extending Zero Trust to NHIs as your attack surface expands.

Contents

The rise of Non-Human Identities (NHIs) — think APIs, bots, service accounts, and machine identities — has expanded the attack surface in ways we’re only beginning to understand. NHIs now outnumber human identities in enterprise environments, often by a staggering ratio. While they streamline processes, enable scalability, and facilitate automation, these identities also present significant security risks.

The Growing Importance of Non-Human Identity Management & Security

Traditional approaches struggle to address the dynamic nature of NHIs, especially when it comes to:

  • Lifecycle governance: Stale or orphaned accounts are often left unchecked, creating vulnerabilities and increasing the risk of unauthorized access.
  • Contextual visibility: A lack of insight into what non-human identities are doing and why they are being used leaves security teams in the dark.
  • Zero Trust alignment: Continuously validating the usage of non-human identities is critical to enforcing least-privilege policies and maintaining security.

Security teams are left grappling with blind spots, operational inefficiencies, and increasing exposure to breaches. This is not just a challenge — it’s a mandate for change.

Enter Torq and Clutch Security: a partnership reshaping how security teams tackle the complexity of non-human identity management and security. 

Empowering SOC Teams with Seamless Zero Trust and Incident Response 

Clutch delivers visibility into NHI activity, offering deep insights into how these identities are created, used, and misused. Torq enhances this visibility with AI-driven Hyperautomation that transforms insights into action. When used together, SOCs are given the power to:

  1. Simplify complexity: Automatically ingest and contextualize Clutch’s NHI inventory into Torq workflows, enabling real-time decision making.
  2. Enhance Zero Trust: Dynamically enforce least-privilege policies for NHIs with automated remediation.
  3. Accelerate incident response: Detect NHI misuse through Clutch, then trigger Torq workflows to contain and remediate threats instantly.
  4. Future-proof security: Transition to ephemeral identities without operational friction, ensuring NHIs always align with your Zero Trust goals.

Real-World Implementation, From Detection to Resolution

Consider a common scenario: a temporary service account is created for a one-off task but inadvertently granted excessive permissions. Without the right tools, detecting and remediating the issue might take hours or even days. With Torq and Clutch, this process becomes seamless:

  1. Detection: Clutch identifies the account’s risky behavior in real time, flagging it for immediate review.
  2. Automation: Torq triggers a workflow to revoke the account’s excessive permissions, notify the SOC, and autonomously document the event for compliance.
  3. Prevention: Clutch provides recommendations for transitioning the account to an ephemeral identity, which Torq enforces automatically.

In short, this partnership enables security teams to do what they do best: defend their organizations with precision and confidence.

Ready to Transform Your Non-Human Identity Management and Security?

If you’re ready to bring Zero Trust to your NHIs and revolutionize your SOC, explore the Clutch-Torq integration today. Together, we’re setting a new standard for how enterprises secure their most overlooked — but most critical — identities.

Share

Related Articles

News Product

New to the Torq Library: Analyze Files, Manage Identity, and More

By Brian Higgins
December 5, 2024
3 Minute Read
Discover the new workflow templates, smarter integrations, and utility steps in the Torq Hyperautomation Platform.

Contents

This month, we’ve continued to expand Torq’s offerings. Discover the new workflow templates, intelligent integrations, and utility steps — all meticulously crafted to streamline security operations and amplify your team’s impact.

New Workflow Templates

Analyze Files with CrowdStrike Falcon Sandbox or Retrieve Cached Results
Put a stop to redundant file analyses. This template checks cached results for files analyzed in the last 24 hours, delivering instant insights when available. Need fresh data? The workflow submits the file for analysis, returning a detailed report featuring MITRE TTPs, related hashes, and more.

Synchronize Torq Runbooks with GitHub Automatically
Keep your runbooks effortlessly in sync. This automation updates your Torq runbooks whenever changes are committed to your GitHub repository. As a result, you can maintain up-to-date runbooks without lifting a finger.

Create Torq Cases from Proofpoint Clicks Permitted
Phishing attacks keep on coming, but this workflow has your back. It scans Proofpoint for “clicks permitted” events, enriches URLs with VirusTotal data, and automatically opens Torq cases.

Intelligent Automation Integrations

Your favorite tools are amplified with new Torq steps.

Seven new steps for the Abnormal integration provide deeper visibility into activities like employee logins and vendor actions:

  • Get Vendor Activity
  • Get Employee Login Details
  • Get Vendor Case Details
  • List Vendor Cases
  • Get Employee Analysis
  • Get Employee Information
  • Get Vendor Details

Gain more control with several new steps in the Elastic integration:

  • Upgrade Elastic Agent version
  • Unenroll Elastic Agent from Fleet
  • Get Agent Details by ID
  • Get Agent Details by Query

The new “Get a Pull Request” step for the GitHub integration simplifies code review workflows.

Manage identity and access with enhanced options for the Okta integration:

  • Reset User Password
  • Create Policy Rule
  • Get Policy
  • List Policies
  • Set Policy Rule Status
  • Revoke API Token
  • List API Tokens
  • List Policy Rules

New Utility Steps for Seamless Operations

Smarter tools for transforming data and processes.

Output Utils: Effortlessly transform your data and turn complex logs into actionable information with the simplicity and elegance you expect.

  • CLF to JSON: Seamlessly convert Common Log Format (CLF) logs into JSON, ready for integration with SIEMs, EDRs, XDRs, and beyond.
  • CEF to JSON: Easily transform Common Event Format (CEF) data into JSON, unlocking enriched analysis and compatibility across your tools.

Utils: Discover new possibilities with tools that bring clarity to network data.

  • DNS Resolution: Instantly resolve IP addresses into domain names, transforming raw data into meaningful insights. Connect malicious IPs to their domains for faster detection and response, and enrich your threat intelligence with actionable details.
  • CIDR Validation: Validate IPv4 addresses effortlessly, ensuring they fall within authorized ranges. Automate access controls and dynamic firewall rules and flag unexpected traffic outside defined ranges to protect your most sensitive systems — even blocking entire regions or countries with precision and ease.

Stay Ahead with Torq

This month’s updates are just scratching the surface. With new workflow templates, smarter steps, and expanded integrations, Torq continuously improves to equip your security team to get more done, faster and strategically.

Now, you can do even more with the top-tier tools you trust, such as SecurityScorecard, Autotask, BitSight, CrowdStrike, Jamf Protect, Jira Cloud, Palo Alto Networks Cortex XDR, SentinelOne, Sumo Logic, ThreatConnect, urlscan.io, and Wazuh.

Want to see it all? Dive into the Full Content Digest for details.

Share

Related Articles