What's New?

Four new native data connectors are now available for both endpoint security: SentinelOne and Microsoft Defender. Each connector provides continuous ingestion, filtering, backfill, and reliability out of the box, no custom integrations required, and routes alerts, threats, and security events directly to Auto-Triage and workflows. This enables faster operationalization of security signals and scalable automated triage and response.

Innovation at Torq never stands still — and the Product Spotlight keeps you up to speed. This Q1 2026 edition covers the latest in how you build and investigate, with scannable summaries of what's new and why it matters.
The full edition is available in the Knowledge Base.

Alongside the existing Organization Manager role, the new Organization Viewer role provides read-only access to the Organization Management page, giving designated users visibility into org-level data without administrative permissions. Users with this role can view the full list of workspaces, identify workspace owners, and monitor key license metrics, supporting governance and transparency across your organization.

We've introduced new steps and improvements for new and existing integrations, and templates. For full details, check out the complete digest.

Socrates can now use steps as tools, complementing existing built-in and workflow tools, to enable more granular actions on cases.
​
Make your ask, and Socrates chooses the right combination of tools to execute it.
​
Learn more here.

You can now add Markdown text blocks to your dashboards. This allows you to provide context, explanations, and suggestions alongside your data.

You can now deploy Kubernetes and Docker Step Runners from the deployment wizard as non-root.

This allows you to comply with strict security policies and run Torq workflows without root access or privileged container flags.

Within the Step Runner deployment wizard, you can now choose whether to assign a custom label to Kubernetes jobs and the pod template spec.

These labels help meet strict governance requirements and allow admission controllers to validate jobs spawned by Step Runners.
​

We've introduced new steps and improvements for new and existing integrations. For full details, check out the complete digest.

You can now create and manage dashboards in the Organization Management space to make them available across all or selected workspaces. This enables you to build dashboards once and maintain them in one place without needing to recreate them in each workspace.

Case search just got smarter with the free-text search now also searching in case notes. Match-location chips highlight where matches occur and let you quickly filter—so you can find the right case faster.

We've released Step Runner v26.03.8. See the list of additions, improvements, and fixes to determine whether you should update your Runners.

The Cases Dashboards page has a fresh new look. Changes include updated colors across all charts and widgets, and an improved widget creation experience with a new layout.

We've introduced new steps and improvements for new and existing integrations, as well as new templates. For full details, check out the complete digest.

You can now deploy privileged Podman Step Runners with the deployment wizard.

This option allows you to configure the Step Runner from the UI without manually editing its deployment configuration file.

You can now add test pads to your workflow canvas to experiment with steps. This allows you to brainstorm, collaborate, and iterate without affecting the main production workflow.

AI agent tools can now run on remote runners, allowing execution inside on-premises systems or restricted network environments. This enables agents to interact securely with internal infrastructure while preserving the familiar Torq workflow interface and full visibility into execution status and logs.

We've released Step Runner v26.02.19. See the list of additions, improvements, and fixes to determine whether you should update your Runners.

Add MCP tools to Torq AI Agents to enable seamless discovery and invocation of vendor-defined capabilities, no manual API integration required. By acting as MCP clients, agents can reason over and use tools exposed by supported MCP servers directly in workflows, simplifying integrations with modern security platforms.

You can now use Row Selection and Editable Table input elements to let end users select rows or edit values in table-type workspace variables directly within an Interaction. This extends the existing static Table capability with controlled, auditable user input, making it easier to collect structured data and guide human decisions.