Use the Switch operator to create branches to handle different scenarios, keeping your workflow organized and adaptable to various security conditions.
Each branch within the Switch operator works with its own set of conditions and actions, allowing for precise responses to different situations. Branches are checked from left to right, and the steps in the first branch whose conditions are met are executed. If no branch conditions are met, the default branch runs instead.
How to use
Add the operator: Drag and drop the Switch operator into your workflow.
Configure branches: In the roperties panel, set up each branch of your Switch operator.
Add branches: Click + Add branches to add more branches. Each Switch can have up to 26 branches.
Rename each branch: Give each branch a clear and logical name by clicking on the branch name.
Define conditions: Set up the conditions for each branch. Click + Add condition to add conditions, choosing either And or Or condition logic.
Read more about conditions in Torq in If Operator: Using Conditions in Torq.
Prioritize Branches: Use the arrows to rearrange branches to position higher-priority ones to the left. The first branch to have conditions met is the branch that is executed.
Default branch: The last branch is the default branch, which runs if no other branch's conditions are met.
Track execution: Check the Execution Log to see which branch was executed.
Branches are checked from left to right. The first branch that has its conditions met is executed. If no branch conditions are met, the default branch runs instead.
If there are no steps in the default branch, no action will be performed.
Example: Determine IOC type
Use the Switch operator to check the data type for each IOC.
Set up the following Switch branches:
URL: if the data type is URL
Domain: if the data type is FQDN
IP: if the data type is an IP address
File hash: if the data type is a file hash
Default: if none of the branch's conditions are met
In each branch, run the following logic, tweaked to the IOC type: