Welcome to The Torqtionary. From Hyperautomation and agentic AI to SIEM integration and zero-trust workflows, this is your go-to glossary of definitions for building, scaling, and owning the autonomous SOC.
Get rid of the false positives. SOC automation uses AI-powered workflows to surface, investigate, and respond to real threats instantly — so analysts can stop chasing alerts and start strategizing.
No ordinary automation. Security Hyperautomation blends orchestration, AI agents, and low/no-code workflows to eliminate manual tasks — resulting in faster, more efficient threat detection and response.
Instead of waiting for human input, Agentic AI autonomously evaluates conditions and responds, freeing up analysts to focus on critical threats, not busy work.
Legacy SOAR is dead weight. Ditch the brittle playbooks, costly coding, and clunky UIs for a platform that’s flexible, scalable, and actually built for the modern SOC.
Agentic AI
Autonomous, goal-oriented AI that plans, executes, and adapts across multi-step processes without human intervention.
AI Adoption
The moment your team realizes humans shouldn’t be doing all the work and decides to integrate AI technologies into existing security workflows and systems.
AI Agent
An AI-powered specialist that handles specific tasks like enrichment, remediation, or ticket updates.
AI Cybersecurity Tools
Software platforms that use AI to make security operations more integrated, seamless, and fast.
AI Guardrails
The rules, filters, and controls that keep AI from misinterpreting instructions or going rogue.
AI Hallucinations
When AI makes stuff up and presents it with confidence..
AI SOC
A Security Operations Center (SOC) powered by artificial intelligence (AI) to automate threat detection, triage, investigation, and response.
AI SOC Analyst
The AI team leader that directs specialized AI agents to deal with low-level security threats from start to finish independently. It also gives human analysts context and insights to make better, faster decisions for critical cases.
AI Washing
Slapping exaggerated “AI-powered” claims on old tech like it’s a rebrand.
Alert Fatigue
The exhaustion analysts feel when bombarded by excessive alerts — many of which are false positives or low-priority. Often leads to missed threats or slower response.
All Gas, No Brakes
A mindset. How we build, ship, and support. We move fast because our customers need us to. Just bold ideas, rapid execution, and relentless focus on delivering real outcomes.
Artificial Intelligence (AI)
Robots that can reason. In cybersecurity, AI detects threats, predicts attacks, automates responses, and handles case grunt work.
Automated Incident Response
The use of AI-driven workflows to instantly detect, investigate, and remediate security threats without human intervention.
Automated Security Operations
Using scripts, platforms, or AI to execute security tasks through technology-driven workflows. Essential for reducing manual effort and improving SOC efficiency.
Automated Threat Hunting
Proactive, always-on AI sleuthing that uncovers the threats hiding in your blind spots.
Automated Threat Intelligence
Data about cyber threats and threat actors used to inform detection, investigation, and response.
Autonomous SOC
Your dream come true. A fully automated SOC where AI independently handles most Tier-1 alerts, freeing analysts to focus on critical cases and strategic work.
Auto-Remediation
Automated actions taken to fix or contain a security issue without human input.
Bone Bucks
An ancient currency shrouded in mystique, exclusively redeemable in the Torq store in exchange for our iconic merch.
Builder Agent
The brains behind the build. This Hyperautomation agent takes plain English prompts and turns them into fully functional, enterprise-grade workflows
Case Management
Tracking evidence, actions, and decisions from the beginning to end of a security issue, all in one place.
Case Management Agent
The AI “brain” behind Torq HyperSOC’s incident tracking — prioritizing alerts and organizing evidence, actions, and context so analysts don’t have to.
Case Summaries
Recaps of security incidents. Like TL;DRs for alerts.
Chatbot
An AI-driven assistant that collects information, initiates workflows, and streamlines SOC processes.
CISA Secure By Design
A government-backed pledge to build cybersecurity in from the start, not bolt it on later. (Yes, we signed it.)
Cloud
Hosts your apps, data, and infrastructure off-prem.
Cloud-Native
Built for the cloud from Day 1. Designed to run, scale, and evolve in dynamic cloud environments.
Cloud Security
The technologies and processes used to protect cloud-based infrastructure, applications, and data.
Cloud Security Automation
Automated workflows and tools that monitor, detect, and remediate cloud-specific threats, such as misconfigurations, unauthorized access, or insecure APIs.
Cloud Security Posture Management (CPSM)
Tools that identify and fix cloud misconfigurations and compliance issues to reduce risk.
Compliance
Adhering to cybersecurity standards, laws, and frameworks like PCI DSS, HIPAA, or NIST.
Continuous Integration and Continuous Deployment (CI/CD)
Automates building, testing, and deploying code so updates go live fast and securely.
Cyber Crisis Simulation
A dress rehearsal for your worst day. A scenario emulating a real cyber threat, challenging teams to prioritize actions, assess risks, and make decisions under tight time constraints so you’re ready for the real thing.
Cyber Resilience
How well your organization can prepare for, respond to, and recover from cyber threats.
Dashboards
Visual interfaces used to monitor SOC operations, track security metrics, and gain insight into alerts, threats, and automation performance.
Data Agent
The data wrangler. This Hyperautomation agent transforms JSON on the fly, generating JQ commands to ensure seamless compatibility between workflow steps.
Data Security Automation
Automated controls and policies that keep sensitive data locked down, even when environments shift.
Data Transformation
Reformatting and enriching raw data so it’s compatible across tools and can actually be used in workflows and alerts.
DevOps
The fusion of software development and operations into one fast-moving, automation-first machine.
DevSecOps
DevOps with security baked in, not bolted on. DevSecOps weaves security checks, scans, and controls into every stage of the software pipeline.
Email Security
Technology that protects against phishing, spam, and malware threats delivered via email.
Endpoint Detection and Response (EDR)
Security tools that detect, investigate, and respond to threats at the device level.
Enterprise-Grade Architecture
Structural foundation that connects business goals to IT and security processes, data, and tech so you can drive change fast, stay aligned, and automate securely.
Extended Detection and Response (XDR)
A unified approach to threat detection and response that pulls together data from across endpoints, networks, cloud, and more.
Fraud Response (Automated)
Instant, AI-driven action triggered by suspicious activity, like freezing accounts, blocking transactions, or triggering investigations.
Generative AI (GenAI)
AI that learns from massive datasets to write, explain, and summarize.
gRPC
An open-source framework that enables high-performance communication between services.
Human-in-the-Loop
Humans step in to review or approve what AI suggests.
Human-on-the-Loop
AI does the work, humans oversee the strategy.
Human-AI Collaboration
The cybersecurity dream team. AI gives insights, analysts lead, and AI executes.
Hyperautomation (Security Hyperautomation)
The combination of advanced automation, AI, and orchestration that replaces manual SOC processes at scale.
HyperSOC
Torq’s AI-driven, fully autonomous Security Operations Center platform powered by agentic AI and Hyperautomation.
Identity and Access Management (IAM)
Managing who gets in, what they do, and how fast they’re locked out if things go south.
Impossible Travel Detection
Flags logins from geographically distant locations that defy physics — often a sign of credential compromise.
Indicators of Compromise (IOC)
Digital breadcrumbs left behind by attackers, like malicious IPs, domain names, file hashes, or registry changes, that signal your environment may have been breached.
Incident Response Automation
Automating the detection, triage, containment, and remediation of security incidents.
Integration
Tool A talks to Tool B, C, D, and E. Your workflows get more effective.
ITOps
The team managing infrastructure, uptime, and systems.
Investigation Agent
The AI Agent in Torq HyperSOC that connects the dots between alerts, context, and evidence — fast.
Just-In-Time (JIT) Access
Providing temporary access privileges only when needed, then revoking them automatically to reduce risk.
Kill Your SOAR
The bold, necessary act of replacing brittle, code-heavy legacy SOAR tools with AI-native, no-code Hyperautomation.
Large Language Model (LLM)
The “brain” behind GenAI. It reads, writes, and predicts — but still needs context.
Lift and Shift
Moving legacy SOAR playbooks to modern automation solutions without rethinking or consolidating your workflows. (BAD)
Log
Recorded data from systems and devices that provide context for detecting and investigating security events.
Managed Detection and Response (MDR)
A third-party team that detects, analyzes, and responds to threats so you don’t have to fly solo.
Mean Time to Detect (MTTD)
How fast your tools and team spot a threat. Lower is better.
Mean Time to Identify (MTTI)
How long it takes to figure out if something is a real threat or a false positive.
Mean Time to Respond (MTTR)
The average time it takes to resolve a security incident from detection to remediation.
MTTx
Any SOC metric that starts with “Mean Time To…”
MITRE ATT&CK Framework
A knowledge base of adversary tactics, techniques, and procedures to improve threat detection and response.
Model Context Protocol (MCP)
A protocol ensuring AI outputs are grounded in the specific context of your environment and data.
Multi-Agent System (MAS)
A collection of autonomous AI agents, each with specialized tasks, working collaboratively to solve complex, multi-step problems in the SOC.
Multi-SIEM
The strategic art of juggling multiple SIEM platforms — made easier with Hyperautomation.
Managed Security Service Provider (MSSP)
A third-party provider that manages and monitors security services for organizations.
Natural-Language
Everyday language to interact with AI systems and build automations without writing code.
No-Code/Low-Code Automation
Building workflows and automations without the need for programming skills.
Non-Human Identity (NHI) Management
Controlling access for bots, service accounts, and anything else that isn’t a person but still has credentials.
OmniAgent
The master AI Agent in Torq’s HyperSOC that orchestrates the behavior of all other Agents based on strategic goals.
Orchestration
Connecting tools, people, and processes into a seamless symphony of security automation.
Phishing
Emails pretending to be legit. Don’t click.
Platform Lock-In
When your security stack traps you in one ecosystem.
Proof of Concept (POC)
A trial run of a solution to prove it works.
Pyramid of Pain (SOC Automation)
A framework showing how to gradually automate more of your security operations. The higher the pain, the better the payoff.
Ransomware
Malicious software that encrypts files and demands payment to restore access.
Remediation Agent
This AI Agent in Torq HyperSOC takes decisive action, blocks IPs, isolates hosts, and kills sessions on your terms.
Retrieval-Augmented Generation (RAG)
An AI method that pulls relevant data from internal or external sources to improve the accuracy and relevance of generative AI responses.
Runbook Agent
Torq HyperSOC’s AI Agent that executes automated security playbooks end-to-end.
Runbook Automation
Automating pre-defined security procedures to standardize and accelerate incident response.
Scripting Agent
Writes the code so you don’t have to. Generates high-level, no-code steps with expert logic and syntax for scripts, CLI commands, and data manipulation.
SDLC Automation
Automated enforcement of security best practices throughout the software development lifecycle.
SecOps
The collaboration of IT security and operations teams to detect, respond, and remediate threats.
SecOps Automation
Streamlining security and operations through automation to detect, neutralize, and resolve threats faster.
Security Automation
The use of technology to automatically perform security tasks and reduce manual workloads.
Security Operations Center (SOC)
A centralized team and environment that monitors, detects, and responds to cybersecurity threats.
Security Orchestration
Coordinating security tools, workflows, and processes through a centralized platform to streamline threat detection, response, and remediation.
Security Posture
Your current state of readiness against threats.
Security Stack
The collection of tools in your SOC — SIEMs, EDRs, firewalls, and (hopefully) Torq tying them all together.
Security Workflow Automation Software
Software (like Torq) that builds, runs, and scales security workflows across tools, teams, and clouds.
Shift Handover/Handoff
The SOC baton pass. Ensures incoming analysts quickly get a complete picture of ongoing incidents, open cases, and priorities.
SIEM Integration
Connecting Security Information and Event Management (SIEM) systems with automation platforms for enhanced detection and response.
Slack Event
A trigger or action in a security workflow that involves collaboration or alerting in Slack.
SOAR is Dead
A legacy approach to automating security tasks using pre-scripted playbooks. It tried to help analysts move faster — but often ended up complex, brittle, and hard to scale. RIP.
SOAR Migration
Moving from a traditional SOAR platform to a next-generation automation solution to gain scalability, flexibility, and AI-driven capabilities.
SOAR Replacement
Your current SOAR isn’t cutting it. Torq does. Enough said.
SOC Automation
The use of software, AI, and orchestration to streamline and execute SOC tasks with minimal human intervention.
Socrates
Torq’s Omniagent AI SOC Analyst. It thinks, orchestrates, and keeps every AI agent laser-focused.
SOC Rationalization
Justify your SecOps budget by consolidating tools, cutting redundancies, and simplifying your stack with smarter automation.
SOC Reporting
Insights on SOC performance, response times, and incident trends.
SOC Transformation
The evolution from manual, reactive security to proactive, AI-powered, autonomous operations.
Stress Test
Simulated pressure on your SOC workflows to uncover failure points before attackers do.
Tactics, Techniques, Procedures (TTPs)
The blueprint behind every cyberattack. How adversaries operate: high-level goals, how they achieve them, and the specific tools they use.
Task Agent
Executes custom tasks from natural language prompts, unlocking endless automation possibilities. Drop it into any workflow stage and choose your preferred LLM to power it.
Threat Detection
Identifying malicious activity before it becomes an incident.
Threat Enrichment
Enhancing alerts with additional context from internal logs, threat intelligence, or user behavior to improve accuracy.
Threat Hunting
Actively searching for hidden threats that bypass traditional defenses.
Tier-1 Alert
High-volume, low-complexity alerts — think noise, false positives, and known threats. With Torq, 95% are triaged, enriched, and resolved automatically by agentic AI before an analyst ever needs to look.
Tier-2 Alert
Escalated alerts that demand deeper analysis. These require context correlation, threat intel, and tailored response.
Torq
The autonomous SecOps platform — powered by AI and Hyperautomation — that’s redefining how modern SOCs operate.
TorqTV
Our official broadcasting network — home to all things chaotic, creative, and occasionally informative.
Triage
Analyzing and prioritizing alerts to determine which require immediate attention.
Trigger
An event or condition that kicks off an automated workflow or security action.
Vendor-Agnostic
Flexible by design. A vendor-agnostic platform works across any tool, stack, or provider, so you’re never locked into one ecosystem and can adapt as your needs evolve.
Workflow
A structured sequence of automated tasks or actions used to respond to a security event.
XSOAR
Palo Alto Networks’ legacy SOAR platform. Requires heavy coding and manual maintenance. It’s time to move on.
Zero Trust
A security model that assumes no user or device is trustworthy by default, requiring continuous verification for access.
You’ve made it to the end of The Torqtionary!
Consider yourself fluent in the language of modern SecOps. Now go automate something great (preferably with Torq).
Get a demo to see how Torq helps you harness AI in the SOC to detect, prioritize, and respond to threats faster.
Is your security team ready to automate more, faster?
