What's New?

We've introduced new steps and improvements for new and existing integrations. For full details, check out the complete digest.

Four new native data connectors are now available for both endpoint security: SentinelOne and Microsoft Defender. Each connector provides continuous ingestion, filtering, backfill, and reliability out of the box, no custom integrations required, and routes alerts, threats, and security events directly to Auto-Triage and workflows. This enables faster operationalization of security signals and scalable automated triage and response.

Innovation at Torq never stands still — and the Product Spotlight keeps you up to speed. This Q1 2026 edition covers the latest in how you build and investigate, with scannable summaries of what's new and why it matters.
The full edition is available in the Knowledge Base.

Alongside the existing Organization Manager role, the new Organization Viewer role provides read-only access to the Organization Management page, giving designated users visibility into org-level data without administrative permissions. Users with this role can view the full list of workspaces, identify workspace owners, and monitor key license metrics, supporting governance and transparency across your organization.

We've introduced new steps and improvements for new and existing integrations, and templates. For full details, check out the complete digest.

Workspace groups are here!

Bringing scalable team-based access control to restricted cases — making it easier to protect sensitive data, and reduce noise so analysts can focus only on cases relevant to them.

Groups can be provisioned statically by adding members manually, or dynamically via automatic syncing from your IdP.

Socrates can now use steps as tools, complementing existing built-in and workflow tools, to enable more granular actions on cases.
​
Make your ask, and Socrates chooses the right combination of tools to execute it.
​
Learn more here.

You can now add Markdown text blocks to your dashboards. This allows you to provide context, explanations, and suggestions alongside your data.

You can now deploy Kubernetes and Docker Step Runners from the deployment wizard as non-root.

This allows you to comply with strict security policies and run Torq workflows without root access or privileged container flags.

Within the Step Runner deployment wizard, you can now choose whether to assign a custom label to Kubernetes jobs and the pod template spec.

These labels help meet strict governance requirements and allow admission controllers to validate jobs spawned by Step Runners.
​

We've introduced new steps and improvements for new and existing integrations. For full details, check out the complete digest.

You can now create and manage dashboards in the Organization Management space to make them available across all or selected workspaces. This enables you to build dashboards once and maintain them in one place without needing to recreate them in each workspace.

You can now deploy privileged Podman Step Runners with the deployment wizard.

This option allows you to configure the Step Runner from the UI without manually editing its deployment configuration file.