This workflow template automates the synchronization of Torq case state changes to corresponding Microsoft Sentinel incidents, ensuring timely and accurate communication with external stakeholders. By mapping Torq case states to Sentinel incident statuses, the workflow maintains consistency between systems, enhancing incident response efficiency. Utilize this seamless integration for streamlined case management and improved collaboration across platforms.

Use Cases

Case Management

Workflow Breakdown

Workflow triggers when a case state changes.
Fetch Sentinel Incident ID from Case Custom Fields.
Map Torq Case States with Microsoft Sentinel Incident States.
Creates a new session on Microsoft Sentinel and updates an incident with the updated state.

Vendors

Utils, Torq Cases, Microsoft Sentinel

Tips

Original Community Post: https://community.torq.io/case-management-getting-started-7m5qtn0s/post/case-mirroring-with-microsoft-sentinel-cWKc7JL4AX9yg46

Synchronize Torq Case Tags to Microsoft Sentinel Incidents - Workflow Template

Synchronize Torq Case Severity to Microsoft Sentinel Incidents - Workflow Template

Synchronize Torq Case Assignee to Microsoft Sentinel Incidents - Workflow Template

Synchronize Torq Case State Change to ServiceNow - Workflow Template

Synchronize Torq Case Comment to Microsoft Sentinel Incidents - Workflow Template

Synchronize Torq Case State Change to Microsoft Sentinel Incident - Workflow Template

Use Cases

Workflow Breakdown

Vendors

Tips