Torq Knowledge Base

Ask Anything. Automate Everything.

Search results for:endpoint alert enrichment

Workflow Template: QuickAction - Fetch a File from Device on SentinelOne

It enhances Endpoint Detection and Response (EDR) and threat intelligence enrichment by automating file… Designed for security analysts, this workflow allows users to select files from a specified path or alert… Threat Intelligence Enrichment The analyst can choose a specific file path or files from

Workflow Template: Open or Update a Jira Issue on an Uptycs Alert

Take Me to the Template Uptycs Endpoint Detection and Response (EDR) , Threat Intelligence Enrichment… Receive an alert from Uptycs on a medium or high severity alert Gather information on… Upon receiving an alert, the process involves automatically gathering information about the affected

Workflow Template: Enrich SentinelOne Incident with Threat Intelligence from Intezer

Trigger from a Singularity Webhook on a new threat and provide threat enrichment from Intezer with optional Live Agent Endpoint Scan… Take Me to the Template SentinelOne Endpoint Detection and Response (EDR) , Threat Intelligence… Enrichment Setup the remote script in SentinelOne using the documentation link on the workflow

Microsoft Defender for Endpoint

Sometimes known as Microsoft Defender for XDR. Integrate Defender for Endpoint with Torq to automate threat detection and more… for Endpoint Run Antivirus Scan on a device on Microsoft Defender for Endpoint … Use Microsoft Defender for Endpoint Steps in a Torq Workflow

Use Case: Automate SOC Triage with AI Agents

Objective: Analyze the alert information, including all added triage/enrichment/user response information… Create a Case with the alert details and define a severity based on all the enrichment data and responses… Configure VirusTotal IOC Enricher (template)

Workflow Template: QuickAction - Fetch a File from Device on MS Defender Endpoint

Fetch a file from a device on MS Defender Endpoint when a quick action button is pressed… The "QuickAction - Fetch a File from Device on MS Defender Endpoint" workflow template is designed to… streamline case management and enhance threat hunting and intelligence enrichment

Workflow Template: Poll for New Microsoft Defender for Endpoint Events for Cases

Automatically pull new Microsoft Defender for Endpoint alerts on a schedule, then create cases with a field mapper… Map alert fields to a predefined case layout. Create a case for each new alert… Utils, Microsoft Defender for Endpoint, Torq, Torq Cases A case is created for each new alert

Workflow Template: Initial Microsoft Defender for Endpoint Case Creation

Fetch Alert Details by supplying an alert id and create a case using a Field Mapper… The workflow automates the collection of alert details based on an alert ID and maps pertinent fields… Map alert fields to a predefined case layout. Create a case for each new alert

Workflow Template: QuickAction - Run a command on a device with MS Defender Endpoint

Execute commands on a remote endpoint using LiveResponse… commands like ping, tracert, netstat, and ipconfig on remote endpoints using Microsoft Defender for Endpoint… It automates the process of waiting for the target endpoint to come online, executing the commands, and

Workflow Template: AlienVault Combined Observable Enrichment

Extract multiple observables from raw text and performs enrichment for each observable in AlienVault returns analysis information… This Torq workflow template, "AlienVault Combined Observable Enrichment," automates the process of extracting… The workflow integrates with nested processes to ensure efficient and cache-aware enrichment, making