What's New?

The new Cases Dashboards page allows you to access and customize dynamic and interactive dashboards that provide insights into SOC metrics in real time.
​
You can create widgets to visualize and analyze case trends based on case count, historic case events, or SLA timers. These widgets will enable you to drill down into data segments over selected time ranges.

Easily surface the case data you want to see using customized case tabs.

Organize related information into focused, purpose-built tabs for faster case review and clearer insights.

We've released Step Runner v25.12.8. See the list of additions, improvements, and fixes to determine whether you should update your Runners.

We've introduced new steps and improvements for new and existing integrations, as well as new templates. For full details, check out the complete digest.

You can now stream Google SecOps detections into Torq using Google’s streaming architecture, reducing response delays with real-time alert delivery, simplifying setup by eliminating polling schedules and custom queries, and optionally enabling an offset to backfill past detections. This provides faster, more reliable delivery than traditional polling-based integrations.

The Observable history logs key changes and actions—like reputation updates, enrichments and case linking.
​
Analysts can quickly understand an observable's evolution and make faster, more confident investigations.

Display observable and custom field details directly in the case description with embedded case details.

Critical data points are more visible, so you can view essential information at a glance.

We've introduced new steps and improvements for new and existing integrations, as well as new templates. For full details, check out the complete digest.

Where SecOps skills move from theory to real-world practice.
Hands-on courses, role-based certifications, and guided Playgrounds to help you build real expertise and get more out of Torq.
​Explore the Academy

You can now control who can access each Interaction Flow from Flow Settings > Access Control. By default, Interaction Flows are available to all workspace users, but not to external SSO users. However, you can restrict access by user email, role, or context-based arrays of emails or roles.

Torq also introduced the Interact Only role, so you can invite users to participate in Interactions, seeing only the Interaction Flows they can run or those awaiting their input, without giving full Torq app access.

Together, these features provide stronger security and more flexible Interact deployments.

You can now generate Actionplans from runbooks associated with Socrates-assigned cases.

Actionplans provide a transparent and structured set of Actions for Socrates to ensure reliability and reduce errors.

You can now share Step Runners manually or automatically across workspaces to enable seamless collaboration.

Organization Managers can now create an allowlist of service API keys for automatic sharing across workspaces. When enabled, keys are shared instantly without manual approval, and all actions are logged for transparency.

Configuring SSO in Torq is now easier, safer, and more reliable with the new SSO Configuration Wizard. The guided setup streamlines configuration, prevents account lockouts, and ensures accurate claims mapping before activation.

We've introduced new steps and improvements for new and existing integrations. For full details, check out the complete digest.

You can now deploy Docker and Kubernetes Step Runners with the deployment wizard.

The wizard allows you to configure a Runner's basic and advanced deployment settings without having to manually edit its deployment configuration file.

You can now filter your runbook list by Lock status, Created at, Updated at, and Source name.

You can now resend events that triggered workflow executions that ended from the Activity Log page.

This enhances incident response by enabling efficient recovery from multiple simultaneous workflow execution failures.

You can now use workflows to add the source of automatically synced runbooks, allowing better runbook traceability.

You can also lock a runbook's content to prevent unauthorized edits.

You can now enhance your RBAC capabilities with the new Roles Management page (Settings > Security > Roles).

The page allows you to create, edit, delete, and assign custom roles to users.