Torq Knowledge Base

Ask Anything. Automate Everything.

Search results for:endpoint alert enrichment

Workflow Template: QuickAction - Fetch a File from Device on SentinelOne

It enhances Endpoint Detection and Response (EDR) and threat intelligence enrichment by automating file… Designed for security analysts, this workflow allows users to select files from a specified path or alert… Threat Intelligence Enrichment The analyst can choose a specific file path or files from

Workflow Template: Open or Update a Jira Issue on an Uptycs Alert

Take Me to the Template Uptycs Endpoint Detection and Response (EDR) , Threat Intelligence Enrichment… Receive an alert from Uptycs on a medium or high severity alert Gather information on… Upon receiving an alert, the process involves automatically gathering information about the affected

Workflow Template: Enrich SentinelOne Incident with Threat Intelligence from Intezer

Trigger from a Singularity Webhook on a new threat and provide threat enrichment from Intezer with optional Live Agent Endpoint Scan… Take Me to the Template SentinelOne Endpoint Detection and Response (EDR) , Threat Intelligence… Enrichment Setup the remote script in SentinelOne using the documentation link on the workflow

Microsoft Defender for Endpoint

Sometimes known as Microsoft Defender for XDR. Integrate Defender for Endpoint with Torq to automate threat detection and more… for Endpoint Run Antivirus Scan on a device on Microsoft Defender for Endpoint … Use Microsoft Defender for Endpoint Steps in a Torq Workflow

Use Case: Automate SOC Triage with AI Agents

Objective: Analyze the alert information, including all added triage/enrichment/user response information… Create a Case with the alert details and define a severity based on all the enrichment data and responses… Configure VirusTotal IOC Enricher (template)

Workflow Template: QuickAction - Fetch a File from Device on MS Defender Endpoint

Fetch a file from a device on MS Defender Endpoint when a quick action button is pressed… The "QuickAction - Fetch a File from Device on MS Defender Endpoint" workflow template is designed to… password-protected archives, and attaches them to cases for further analysis, enhancing threat intelligence enrichment

Workflow Template: Poll for New Microsoft Defender for Endpoint Events for Cases

Automatically pull new Microsoft Defender for Endpoint alerts on a schedule, then create cases with a field mapper… Map alert fields to a predefined case layout. Create a case for each new alert… Utils, Microsoft Defender for Endpoint, Torq, Torq Cases A case is created for each new alert

Workflow Template: Initial Microsoft Defender for Endpoint Case Creation

Fetch alert details by supplying an alert id and create a case using the field mapping nested workflow… It fetches alert details using a specified alert ID, maps alert fields to a predefined case layout, and… Alert ID by machine ID

Alerts: Monitor, Review and Track Ingested Alerts

Review verdicts, enriched context and actions taken by Auto Triage on ingested alerts… The alert view shows details from the original acknowledged alert and the Auto Triage enrichment and… The following events generate entries in the history: Alert ingested Enrichment completed

Workflow Template: QuickAction - Run a command on a device with MS Defender Endpoint

Execute commands on a remote endpoint using LiveResponse… The "QuickAction - Run a command on a device with MS Defender Endpoint" workflow template is designed… analysts to efficiently execute diagnostic commands on remote endpoints using Microsoft Defender for Endpoint