A
Activity Log
Activity logs include information for the following activities: triggered Workflows, single-Step executions, and events that didn't trigger a Workflow. They are searchable and filterable. You can access activity logs via the UI or the API.
AI Task
An Operator that incorporates the power and capabilities of large language models (LLMs) at any Workflow stage.
Application Programming Interface (API)
A way for two or more computer programs to communicate with each other. It is a type of software interface, offering a service to other pieces of software. In Torq, it's how information is passed and sent to third-party applications.
API Key
A unique token generated on a user level within a workspace. It's used to authorize Torq's API calls when making requests, retrieving data, or performing actions.
Audit Log
Audit logs record the occurrence of an event, the timestamp, the instigating user or service, and the impacted entity. Audit logs come from the workspace the calling API key originates from—not all organizational workspaces.
B
Break
An Operator that can be used within a loop to stop and exit the loop.
C
Canvas
The Canvas (or Designer) refers to the visual area where Torq users drag and arrange Steps and build Workflows.
Cases
Cases automate tracking, investigating, and managing security incidents by centralizing relevant data and facilitating the incident response process.
CIS AWS
CIS (Center for Internet Security) AWS (Amazon Web Services) refers to a set of security guidelines and best practices for safely using Amazon's cloud computing services.
Claims Mapping
A claim mapping describes how the value of a specific user attribute in the IdP will be translated into a role in Torq when using single sign-on (SSO). For example, add a claim with the name groups that will assign each user in the IdP group engineers (claim value) the Contributor role in Torq.
Closed
(Cases) A status that indicates that all actions related to the Case have been completed.
Context Expressions
Context expressions are a way to reference parameters or output from within previous Workflow Steps.
Contributor
The Contributor role can view, trigger, edit, and publish Workflows and integration data.
Creator
The Creator role can view, trigger, create, and modify Workflows and integrations.
Custom Role
A role tailored to your organization’s unique needs. Custom roles can be created within your Workspace using the custom roles API or available Steps.
Custom Step
Custom steps are user-made from HTTP mode, a cURL command, or nested Workflows. They are workspace-specific unless imported.
D
Dashboards
(Cases) Visual interfaces used to monitor SOC operations, track security metrics, and gain insight into alerts, threats, and automation performance.
Data Transformation
Reformatting and enriching raw data for cross-tool compatibility and use in Workflows and alerts.
Designer
The Designer (or Canvas) refers to the visual area where Torq users drag and arrange Steps and build Workflows.
Disable
Disabling an Operator keeps it in the Designer but excludes it from Workflow executions.
Draft
Draft is a Workflow mode wherein the Workflow is being worked on. Draft modes are not operational (they will not run and effect changes) until published.
Deduplicate
An Operator that determines whether an expression's value is unique within a specified time window across executions of the same Workflow.
E
Enable
Event
An event is a notification that responds to a specific action, allowing Torq to respond or trigger other actions accordingly.
Execute/Execution
An execution is an alternative word for a Workflow or Step run.
Exit
An Operator that ends and exits the Workflow.
Export
F
Folder
Folders allow for workspace organization by sorting Workflows into categories.
G
gRPC
An open-source framework that enables high-performance communication between services.
H
HTTP Request
An HTTP request is a message sent to a server to retrieve information or submit data over the web using methods like GET (retrieve) or POST (submit).
Hyperautomation
The combination of advanced automation, AI, and orchestration that replaces manual SOC processes at scale.
HyperSOC
Torq’s AI-driven, fully autonomous Security Operations Center platform powered by agentic AI and Hyperautomation.
I
If
An Operator that checks if a given condition is true or false before performing a specific action.
Internet Mail Access Protocol (IMAP)
A protocol for retrieving email messages from a mail server. In Torq, the IMAP trigger is used to ingest emails as events from a configured IMAP server.
Import
To bring a Workflow or Step from outside Torq (stored locally) into your workspace.
Indicator of Compromise (IOC)
Digital traces left behind by attackers, like malicious IPs, domain names, file hashes, or registry changes that signal your environment may have been breached.
Insights
Insights is Torq's analytics dashboard, which contains information on time saved through Torq and Workflow stats.
Integration
Integrations are connections to third-party services (see vendors). There are separate Trigger and Step integrations.
Interact/Interaction
Interact (or Torq Interact) is a secure web page built using Torq. The Interact Operator and Trigger allow you to send and create secure and interactive web pages and web forms.
J
Just-In-Time (JIT) Access
Providing temporary access privileges only when needed, then revoking them automatically to reduce risk.
L
Loop
An Operator that repeats the same Steps multiple times until a specific condition is met.
M
Metadata
The workflow metadata is information about the current execution that's available in the context automatically, such as the workspace ID, Workflow name, user email, etc.
Mock Output
Use mock outputs to execute Steps without making the API requests they are based on and get a manually preconfigured response instead.
N
Nested Workflow
A way to perform a common action or set of actions that you intend to reuse across Workflows by placing one Workflow within another Workflow—the nested Workflow will run when triggered by the parent Workflow.
National Institute of Standards and Technology (NIST)
A U.S. government agency responsible for developing and promoting measurement standards, guidelines, and best practices in various fields, including cybersecurity.
O
Observable
(Cases) OCSF-compliant objects that represent the indicators related to each Case, such as IP addresses, URLs, file hashes, and resource UIDs.
Operator
Operator may have two meanings: when referring to a role, the Operator role can view and trigger Workflows. When referring to a Step, an Operator is a type of Step that performs actions on data within the Workflow (e.g. If, Loop, Switch).
Owner
A role that can view, modify, trigger, publish, and delete Workflows and integrations within a workspace and manage the users and SSO.
P
Parameter
A variable used in a Step that allows you to input values or settings, influencing the Step's behavior or output. Optional parameters can be found in each individual Step under the Manage parameters icon.
Publish/Published
Publish a Workflow to switch it from draft mode into an operational Workflow that will run when its Trigger conditions are met.
Q
Queue
Queuing a Workflow involves placing tasks or requests in a line and ensuring they are processed sequentially or based on priority.
Quick Actions
(Cases) Quick actions are shortcuts to run Workflows that were suggested for a Case.
R
Reporter
(Cases) The Workflow or user that created a Case.
Resolved
(Cases) A status that indicates that the issue has been addressed but may have some follow-up tasks remaining.
Role
Users within Torq are assigned workspace-specific roles that designate which materials they can view, edit, and create.
Run
A run refers to when a Workflow or Step performs its actions.
Runner
See Step Runner.
Runbook
(Cases) A documented set of predefined procedures and instructions that serve as a guiding framework for Case investigations.
S
Schedule
Schedule a Workflow to run at a specific time by using a Scheduled Event Trigger.
Severity
(Cases) Reflects the level of urgency for a Case. These correspond to the OCSF schema event severity identifier.
Service Level Agreement (SLA)
The duration in which a Case should be resolved.
Service Organization Control 2 (SOC 2)
An auditing standard that assesses the security, availability, processing integrity, confidentiality, and privacy of an organization's systems and processes.
Socrates
Torq's autonomous AI SOC analyst designed to transform your Case investigations.
Single Sign-On (SSO)
A security mechanism that allows users to log in to multiple applications or systems using a single set of credentials, simplifying access management and security.
State
(Cases) States correspond to the OCSF schema state identifier and are another word for Severity.
Step Runner
Step Runners (a.k.a Runners) are the components responsible for scheduling a Step's execution and retrieving the Step's output by using an adapter (either Kubernetes or Docker). Step Runners can be hosted by Torq or your organization.
Steps
Single-purpose, automated actions. There are built-in Steps (which are customizable) or you can create your own from scratch.
T
Tag
A tag is a keyword or label assigned to Workflows to aid in filtering and organization.
Template
A template is a customizable Workflow built by security experts that can serve as either a starting point for creating Workflows with certain vendors or use cases or that can be quickly filled in and utilized as is.
Timeback Benchmark
The TimeBack benchmark is a way to monitor how much time each automated Workflow saves you.
tqfile
Tqfiles are non-shareable file links with the format tqfile://steps/XXXXXXXXX
. These links are used to reference files within Torq Workflows, often for handling large outputs or binary content. They are typically generated when a Step is configured to return the output as a file.
Trigger
A Trigger defines the conditions under which the Workflow begins. When used as a verb, it means to start running the Workflow.
U
User
Organization members utilizing Torq.
Utilities
Utility Steps assist with arrays, mathematics, debugging, functions, date and time, and more recurring tasks.
V
Variable
A variable is a named storage location containing data or information used in Steps within the Workflows.
Vendor
Third-party services that can be securely connected and used within Torq through integrations.
Version History
The Version History is a record of previous published Workflow versions.
Viewer
The Viewer role can view Workflows and integrations but not make changes.
W
Wait
An Operator that temporarily pauses the execution of a Workflow for a specified duration before proceeding to the next Step.
Webhook
Webhooks are listeners that wait to notify you about events and send forth data. Webhooks are created with a randomized URL and secured through obscurity.
Workflow
Workflows are the logic you build for automating security tasks and processes. They consist of a Trigger and a sequence of Steps that implement an automation use case. Create Workflows to automate tasks at scale, freeing security professionals for strategic activities.
Workspace
A workspace is an account within an organization.
Workspace Variable
A workspace variable is saved information (number, JSON, string, or Boolean) that can be accessed and used across multiple Workflows within one workspace.
Y
YAML
A human-readable data serialization format for configuration files and data exchange between computer languages. Steps and Workflows can be converted to YAML format.