Tools expand what Agents can do by turning static, one-time logic into dynamic, goal-driven execution. Instead of relying solely on initial instructions, AI Agents can assess situations in real time, choose the best tool for the task, and execute complex actions. AI Agents can operate more autonomously and intelligently, independently determining whether and when to use each tool. This makes them more adaptable, capable of handling a broader range of use cases, and more effective at delivering results without relying on rigid, pre-scripted logic.
Key values include:
Guided execution: Tools include descriptions and configurations that help the Agent understand when and how to apply them effectively.
Seamless workflow integration: Since tools are built on workflows and steps already available in Torq, they fit naturally into existing automation processes without requiring additional coding.
Scalability across use cases: From SOC and IT operations to DevOps and compliance, tools make it possible to tailor Agents for goal-specific tasks while reusing the same flexible framework.
Efficiency and consistency: By standardizing how Agents call workflows and steps, tools reduce redundancy, prevent errors, and ensure consistent execution of tasks.
How to use
Select and open an AI Agent: Choose the AI Agent you want to assign a tool to, then click Configure Agent to begin setup.
Add a tool: Go to the Toolbox tab, click Add Tool, then select a relevant tool:
Steps: Choose a specific step to add as a tool.
Cases: Select a case-management step (e.g., update case, assign task, delete observable).
Workflows: Pick a full workflow to make available as a tool. For example, if a SecOps analyst wants their AI Agent to assist with phishing response, select a predefined remediation workflow as an available tool.
Utilities: Add Torq’s built-in utility steps (such as Array, String, or Date & Time utilities) to let the AI Agent perform data transformations or handle logic inline.
MCP: Select tools discovered from connected MCP servers, allowing the AI Agent to invoke vendor-defined tools exposed through the Model Context Protocol. See Model Context Protocol (MCP) tools below.
Configure tool details: For each tool, provide:
Name: A clear, recognizable name for the tool.
Description: A natural-language explanation of what the tool does, when it should be used, and what outcomes it produces. For example, “Use this tool to quarantine phishing emails and notify the SOC.”
If the AI Agent Instructions and a tool description contain conflicting guidance, the tool description takes precedence.Integration (if required): Select the external system connection. If the integration is missing, configure it first. For example, for a phishing response workflow, connect the necessary integrations, such as email and ticketing systems, ensuring the Agent can take the appropriate automated actions, like quarantining messages and opening SOC tickets.
(Optional) Configure remote runner: Select a registered runner to execute the tool in a specific environment, such as an on-premises network or restricted infrastructure. The selected runner determines where the tool will execute.
Parameters: Some tools may require additional configuration:
Required parameters must have a value for the tool to run. They can be set by the AI agent, provided as a static value, or mapped from a dynamic reference.
Optional parameters are not mandatory. They can be disabled by switching them Off. If enabled, they can be configured the same way as required parameters (AI-decided, static value, or dynamic reference).
Save and apply: Once configured, save the tool settings. The tool is now part of the AI Agent’s toolset. The Agent will autonomously determine whether and when to use the tool during workflow execution.
Missing integrations are flagged with a warning icon; configure them before continuing.
Model Context Protocol (MCP) tools
MCP tools let Torq AI Agents connect to external platforms using the Model Context Protocol (MCP), enabling agents to discover and invoke vendor-defined capabilities without manual API integration. By acting as MCP clients, AI Agents can reason over tools exposed by supported MCP servers and use them directly in workflows, making it easier to integrate with modern security platforms while relying on interfaces designed specifically for AI-driven automation.
Supported providers
Users can manually select capabilities from supported MCP providers:
GitHub
Wiz
Splunk
Network requirements (Splunk only)
When connecting Torq AI Agents to Splunk, outbound traffic from Torq originates from a set of static public IP addresses (CloudNAT IPs).
If your Splunk environment restricts API access by source IP, you must allowlist Torq’s CloudNAT IP addresses to enable successful communication.
US instance
146.148.96.182
34.72.118.25
EU instance
35.246.211.3
34.159.64.155
Adding these IP addresses to Splunk’s source IP allowlist lets AI Agents to interact with Splunk via MCP.
Connect an MCP server
Add an MCP server connection: Click Connect MCP sever to create a new server connection.
Name the MCP server: Enter a clear, friendly MCP name to identify the server in Torq.
Provide the MCP endpoint: Paste the MCP URL for the server (for example,
https://api.githubcopilot.com/mcp/).Select an integration instance: Choose the Integration instance that Torq will use to authenticate and communicate with the MCP server.
Save and validate the connection: Click Connect to validate connectivity and make the server’s capabilities available to AI Agents. Once connected, Torq displays the list of vendor-specific MCP tools discovered from the server, which are then available for selection and use by AI Agents.