Skip to main content

Workflow Template: Create an Orion Case using a Field Mapper

Automatically create a fully formatted Torq case from an Orion Security alert with mapped fields, observables, and markdown tables.

The "Create an Orion Case using a Field Mapper" workflow template is designed to streamline case management by automating the creation of Torq cases from Orion Security alerts. Upon receiving an alert, the workflow constructs a detailed field mapping JSON, which includes case metadata, custom fields, and markdown tables. This data is then processed by a shared workflow to generate a new Torq case, complete with Orion branding and enriched with user, destination, file, and classification details. This automation enhances data loss prevention (DLP) and case management efficiency.

Take Me to the Template

Trigger

Use Cases

Case Management , DLP

Workflow Breakdown

  1. Triggered by an Orion Security alert

  2. Set the Orion field mapping JSON variable with case fields and markdown tables

  3. Pass the field mapping into the shared case creation workflow

Vendors

Utils, Torq Cases

Related Articles
Workflow Template: Initial Intezer Case Creation
Workflow Template: Initial CrowdStrike Case Creation
Workflow Template: Initial SentinelOne Case Creation
Workflow Template: Create Security-Cases from Cyera
Workflow Template: Initial CrowdStrike Streaming Case Creation
Did this answer your question?