Contents
One of the Torq Hyperautomation platform’s superpowers is its ability to integrate with anything. By partnering with top security vendors like Wiz, Torq empowers SOC teams to automate and streamline critical cloud security workflows, dramatically improving security posture while freeing up analyst time.
Wiz is known for delivering rich context and visibility into cloud risk. Torq takes those alerts and turns them into real-time action. Together, they help security teams address high-priority issues and the long tail of medium- and low-priority vulnerabilities that often slip through the cracks.
With Torq and Wiz, SecOps teams can build fully automated or human-on-the-loop remediation flows for tasks like expired secrets, unused privileged access keys, or public S3 buckets. These cloud security automations are more flexible and powerful than legacy SOAR platforms offer.
Below are three key examples of how to automate cloud security with Torq and Wiz.
Handle Wiz Alerts For Public AWS S3 Bucket With Sensitive Data
Looking for a simpler way to deal with Wiz alerts for when public AWS S3 buckets contain sensitive data? You’re in luck.
This workflow receives an alert from Wiz when an AWS S3 bucket with sensitive personal data is found to be exposed to the public. The alert triggers on Wiz ID wc-id-1264.
When the trigger is received, the workflow pulls the bucket’s public access settings and tags and looks for an owner tag. If one is not found, it sets notifications to a specific Slack channel.
From there, it checks the public settings on the S3 bucket to see if the issue was resolved before the alert from Wiz was triggered. If it is still publicly accessible, it will ask to limit access to the bucket.
Once the user agrees, the bucket settings are updated, and the Wiz alert is moved to in progress. If the user does not agree or the question times out, a Jira issue is opened to track the issue, and the issue ID will be added to the Wiz alert.
It’s important to note that this workflow will set the public block settings on the S3 bucket to “true” and block all public access. Your application may need a more granular update to the JSON policy to block the existing access; the existing policy will be provided in the Slack message.
The bottom line: 2-4 hours of time saved per alert.
Depending on your existing process, the time it currently takes to find the questionable S3 bucket manually, assess the data sensitivity, verify public access, dig through logs or tags to identify the bucket owner, and finally adjust the public access setting when the owner responds may vary. With Hyperautomation, however, the entire process can be executed in minutes.
The risk of allowing sensitive data to live in a public AWS S3 bucket is high and incredibly time sensitive, making it the perfect use case for hyperautomation. The longer sensitive data is publicly exposed, the higher the probability of it leaking into the wrong hands.
Pairing Torq with Wiz ensures immediate, efficient, and accurate response, reducing the organization’s overall risk and saving analysts from spinning tires on these high-volume alerts.
Enable AWS S3 Bucket Encryption On Alert From Wiz
This workflow is a simple and effective way to ensure encryption is turned on for an AWS S3 bucket.
First, the workflow receives an alert from Wiz and is triggered by an event with the control name “S3 bucket default encryption disabled.” If the owner tag is found, the owner will be contacted or notified in the Slack channel about the issue.
This workflow then checks the bucket’s encryption status to see if it is still disabled and suggests remediation by enabling the default AES256 encryption on the bucket.
If the user or Slack channel rejects the notification, the workflow collects a reason, opens a follow-up ticket, and updates the notes on the Wiz issue.
The bottom line: 30-60 minutes of time saved per alert.
While seemingly a simpler workflow than the previous public access to sensitive data risk, manually handling this high-volume, low-complexity Wiz alert requires context, attention to detail, and switching back and forth between a few different platforms.
Ensuring encryption is turned on for an ASW S3 bucket is more of a proactive security measure. It is often a risk factor deprioritized, forgotten, or inconsistently enforced across the cloud environment. Again, a perfect scenario to let Hyperautomation take the reins.
There is still a significant risk associated with an unencrypted AWS S3 bucket. If a data breach or successful ransomware attack were to occur, gaining access to the unencrypted data would be a walk in the park for the bad actor, and likely one of the first places they would look.
Using Wiz to identify this risk in your cloud environment and Torq to Hyperautomate the remediation ensures consistent and efficient encryption across all AWS S3 buckets, records a clear audit trail for compliance, and prevents SOC analysts from burning out by eliminating mundane, repetitive, and low-risk alerts.
Remediate AWS EC2 Instance With Open SSH Access From Wiz Alert
This workflow receives an alert from Wiz and is triggered by an event with the control name “Instances with open SSH to the world in AWS.”
If an owner tag is found, the user will be looked up in Slack; otherwise, the Slack channel will be updated. The user or channel is then asked to remediate the instance by shutting it down or removing the open SSH rule in the Security Group and adding a specific network rule allowing SSH from a corporate-owned network.
The user or channel will also have the option to open a Jira issue instead of doing the remediation. A Jira issue is opened for any process issue and will be added to the issue notes in Wiz.
The bottom line: 1-3 hours of time saved per alert.
The most time-consuming part of investigating an AWS EC2 instance with open SSH access is communicating with the developer or system owner. The risk here is high and urgent, and it needs to be handled immediately, but also with care and precision, as incorrectly disrupting a critical production instance could significantly negatively impact the business.
This could make analysts hesitant to take action without additional context, extending the length of the investigation and the potential risk. Worse, the instance owner could push back, claiming that the access is intentional and required (Don’t worry; we have an answer for this, too… See Bonus use case! below).
Hyperautomation not only handles the communication on behalf of the security team but also takes action immediately upon response, reducing the time it takes for the security analyst to find the system owner, wait for the reply, and modify the access in the AWS console. Together, Wiz and Torq ensure contextual remediation strategies are presented to the correct stakeholders and take rapid action in response to a critical threat without disrupting business as usual.
Bonus Use Case!
While leaving SSH open to the world is a significant security risk and generally discouraged, there are still a few niche reasons why a developer may push back against shutting down access for a legitimate business reason. Even still, these use cases should be considered an exception to the rule and handled with care.
Hyperautomation offers a better, more secure alternative through self-service just-in-time (JIT) access. This allows only certain users to gain temporary SSH access for only a short period of time — rather than opening the flood gates completely — controlling who has permissions through IAM policies and minimizing risk to the organization.
These are just three of the myriad ways that Wiz and Torq partner to help SOC teams achieve smarter, faster cloud defense.
Wiz + Torq is the Future of Cloud Security Automation
With Wiz delivering deep cloud visibility and Torq translating that insight into real-time remediation, security teams can respond to threats faster, smarter, and more consistently.
Together, they provide a proactive, efficient defense posture that legacy SOAR tools simply can’t match. Whether it’s public S3 buckets, disabled encryption, or open SSH ports, every second counts. By combining Wiz and Torq, you gain precision, speed, and control — hallmarks of a truly modern cloud security strategy.
Ready to transform your cloud security strategy? Watch our demo with Wiz.
