What's New?

Innovation at Torq never stands still — and now it’s even easier to keep up.

Introducing the Product Spotlight, a quick roundup of the latest Torq updates. This release covers Q4 new capabilities in automation and case management, with scannable intros so you can instantly see what’s new and why it matters.
The full edition is available in the Knowledge Base.

You can now enhance your reports by selecting different types of predefined ranges for the Time range dashboard filter, such as Previous week, Year to date, and Past 1 year.

This allows you to quickly compare previous periods and review yearly trends faster and more consistently.

We've released Step Runner v26.02.3. See the list of additions, improvements, and fixes to determine whether you should update your Runners.

Add an optional Output JSON Schema to AI Agents to enforce strict, machine-readable responses that conform to the JSON Schema specification, ensuring predictable structure, reliable parsing, and seamless downstream consumption.

Torq AI Agents bring task-driven decision-making into workflows, allowing you to place Agents where decisions are needed, define their tasks in plain language, and equip them with the tools required to take action in real time. Every run is fully transparent and auditable, with live Action Flow streaming, clear rationales reasoning, and preserved logs so teams can trust and verify Agent behavior.

With Bring Your Own Subscription (BYOS), prebuilt Agent templates, reusable custom Agents, and AI tools that enhance Agent capabilities, you can choose the models and configurations that best fit your performance, cost, and governance needs.

Learn by doing: AI Agents course

We've introduced new steps and improvements for new and existing integrations, as well as new templates. For full details, check out the complete digest.

Within the Step Runner deployment wizard, you can now choose whether to pull container images from Torq's managed registry or a private registry.

Pulling vetted images from private registries helps meet compliance requirements, improves multi-region performance, and enhances security by reducing the attack surface.

You can now use the Secret user input element to securely collect sensitive values, such as API keys, credentials, or tokens, directly within an Interaction Flow. Inputs are masked during entry and never exposed in logs, making it safe for one-time use, initial setup, or secret rotation. If the value needs to persist beyond a single execution, workflows can explicitly save it as a Torq secret or an integration API key, ensuring secure handling without manual sharing or exposure.

You can now set a default integration instance so Torq automatically selects the correct integration whenever it’s used in workflow steps. This removes repetitive setup, speeds up configuration, and reduces errors, especially when the same integration is used across many workflows.

The new Cases Dashboards page allows you to access and customize dynamic and interactive dashboards that provide insights into SOC metrics in real time.

You can create widgets to visualize and analyze case trends based on case count, historic case events, or SLA timers. These widgets will enable you to drill down into data segments over selected time ranges.

Learn more: Knowledge Base | Academy course

Easily surface the case data you want to see using customized case tabs.

Organize related information into focused, purpose-built tabs for faster case review and clearer insights.

We've introduced new steps and improvements for new and existing integrations, as well as new templates. For full details, check out the complete digest.

You can now stream Google SecOps detections into Torq using Google’s streaming architecture, reducing response delays with real-time alert delivery, simplifying setup by eliminating polling schedules and custom queries, and optionally enabling an offset to backfill past detections. This provides faster, more reliable delivery than traditional polling-based integrations.

The Observable history logs key changes and actions—like reputation updates, enrichments and case linking.

Analysts can quickly understand an observable's evolution and make faster, more confident investigations.

Display observable and custom field details directly in the case description with embedded case details.

Critical data points are more visible, so you can view essential information at a glance.

We've introduced new steps and improvements for new and existing integrations, as well as new templates. For full details, check out the complete digest.

Where SecOps skills move from theory to real-world practice.
Hands-on courses, role-based certifications, and guided Playgrounds to help you build real expertise and get more out of Torq.
Explore the Academy

You can now control who can access each Interaction Flow from Flow Settings > Access Control. By default, Interaction Flows are available to all workspace users, but not to external SSO users. However, you can restrict access by user email, role, or context-based arrays of emails or roles.

Torq also introduced the Interact Only role, so you can invite users to participate in Interactions, seeing only the Interaction Flows they can run or those awaiting their input, without giving full Torq app access.

Together, these features provide stronger security and more flexible Interact deployments.

You can now share Step Runners manually or automatically across workspaces to enable seamless collaboration.

You can now deploy Docker and Kubernetes Step Runners with the deployment wizard.

The wizard allows you to configure a Runner's basic and advanced deployment settings without having to manually edit its deployment configuration file.