Skip to main content

Torq Glossary

A glossary of terms and phrases to help you navigate the Torq product, documentation, and community.

Updated over 2 weeks ago

A

Activity Log

Activity logs include information for the following activities: triggered Workflows, single-Step executions, and events that didn't trigger a Workflow. They are searchable and filterable. You can access activity logs via the UI or the API.

AI Task

An Operator that incorporates the power and capabilities of large language models (LLMs) at any Workflow stage.

Application Programming Interface (API)

A way for two or more computer programs to communicate with each other. It is a type of software interface, offering a service to other pieces of software. In Torq, it's how information is passed and sent to third-party applications.

API Key

A unique token generated on a user level within a workspace. It's used to authorize Torq's API calls when making requests, retrieving data, or performing actions.

Audit Log

Audit logs record the occurrence of an event, the timestamp, the instigating user or service, and the impacted entity. Audit logs come from the workspace the calling API key originates from—not all organizational workspaces.


B

Break

An Operator that can be used within a loop to stop and exit the loop.


C

Canvas

The Canvas (or Designer) refers to the visual area where Torq users drag and arrange Steps and build Workflows.

Cases

Cases automate tracking, investigating, and managing security incidents by centralizing relevant data and facilitating the incident response process.

CIS AWS

CIS (Center for Internet Security) AWS (Amazon Web Services) refers to a set of security guidelines and best practices for safely using Amazon's cloud computing services.

Claims Mapping

A claim mapping describes how the value of a specific user attribute in the IdP will be translated into a role in Torq when using single sign-on (SSO). For example, add a claim with the name groups that will assign each user in the IdP group engineers (claim value) the Contributor role in Torq.

Closed

(Cases) A status that indicates that all actions related to the Case have been completed.

Context Expressions

Context expressions are a way to reference parameters or output from within previous Workflow Steps.

Contributor

The Contributor role can view, trigger, edit, and publish Workflows and integration data.

Creator

The Creator role can view, trigger, create, and modify Workflows and integrations.

Custom Role

A role tailored to your organization’s unique needs. Custom roles can be created within your Workspace using the custom roles API or available Steps.

Custom Step

Custom steps are user-made from HTTP mode, a cURL command, or nested Workflows. They are workspace-specific unless imported.


D

Dashboards

(Cases) Visual interfaces used to monitor SOC operations, track security metrics, and gain insight into alerts, threats, and automation performance.

Data Transformation

Reformatting and enriching raw data for cross-tool compatibility and use in Workflows and alerts.

Designer

The Designer (or Canvas) refers to the visual area where Torq users drag and arrange Steps and build Workflows.

Disable

Disabling an Operator keeps it in the Designer but excludes it from Workflow executions.

Draft

Draft is a Workflow mode wherein the Workflow is being worked on. Draft modes are not operational (they will not run and effect changes) until published.

Deduplicate

An Operator that determines whether an expression's value is unique within a specified time window across executions of the same Workflow.


E

Enable

Event

An event is a notification that responds to a specific action, allowing Torq to respond or trigger other actions accordingly.

Execute/Execution

An execution is an alternative word for a Workflow or Step run.

Exit

An Operator that ends and exits the Workflow.

Export

Save a copy of a Workflow, Step, etc., locally, allowing you to import it into other workspaces.


F

Folder

Folders allow for workspace organization by sorting Workflows into categories.


G

gRPC

An open-source framework that enables high-performance communication between services.


H

HTTP Request

An HTTP request is a message sent to a server to retrieve information or submit data over the web using methods like GET (retrieve) or POST (submit).

Hyperautomation

The combination of advanced automation, AI, and orchestration that replaces manual SOC processes at scale.

HyperSOC

Torq’s AI-driven, fully autonomous Security Operations Center platform powered by agentic AI and Hyperautomation.


I

If

An Operator that checks if a given condition is true or false before performing a specific action.

Internet Mail Access Protocol (IMAP)

A protocol for retrieving email messages from a mail server. In Torq, the IMAP trigger is used to ingest emails as events from a configured IMAP server.

Import

To bring a Workflow or Step from outside Torq (stored locally) into your workspace.

Indicator of Compromise (IOC)

Digital traces left behind by attackers, like malicious IPs, domain names, file hashes, or registry changes that signal your environment may have been breached.

Insights

Insights is Torq's analytics dashboard, which contains information on time saved through Torq and Workflow stats.

Integration

Integrations are connections to third-party services (see vendors). There are separate Trigger and Step integrations.

Interact/Interaction

Interact (or Torq Interact) is a secure web page built using Torq. The Interact Operator and Trigger allow you to send and create secure and interactive web pages and web forms.


J

Just-In-Time (JIT) Access

Providing temporary access privileges only when needed, then revoking them automatically to reduce risk.


L

Loop

An Operator that repeats the same Steps multiple times until a specific condition is met.


M

Metadata

The workflow metadata is information about the current execution that's available in the context automatically, such as the workspace ID, Workflow name, user email, etc.

Mock Output

Use mock outputs to execute Steps without making the API requests they are based on and get a manually preconfigured response instead.


N

Nested Workflow

A way to perform a common action or set of actions that you intend to reuse across Workflows by placing one Workflow within another Workflow—the nested Workflow will run when triggered by the parent Workflow.

National Institute of Standards and Technology (NIST)

A U.S. government agency responsible for developing and promoting measurement standards, guidelines, and best practices in various fields, including cybersecurity.


O

Observable

(Cases) OCSF-compliant objects that represent the indicators related to each Case, such as IP addresses, URLs, file hashes, and resource UIDs.

Operator

Operator may have two meanings: when referring to a role, the Operator role can view and trigger Workflows. When referring to a Step, an Operator is a type of Step that performs actions on data within the Workflow (e.g. If, Loop, Switch).

Owner

A role that can view, modify, trigger, publish, and delete Workflows and integrations within a workspace and manage the users and SSO.


P

Parameter

A variable used in a Step that allows you to input values or settings, influencing the Step's behavior or output. Optional parameters can be found in each individual Step under the Manage parameters icon.

Publish/Published

Publish a Workflow to switch it from draft mode into an operational Workflow that will run when its Trigger conditions are met.


Q

Queue

Queuing a Workflow involves placing tasks or requests in a line and ensuring they are processed sequentially or based on priority.

Quick Actions

(Cases) Quick actions are shortcuts to run Workflows that were suggested for a Case.


R

Reporter

(Cases) The Workflow or user that created a Case.

Resolved

(Cases) A status that indicates that the issue has been addressed but may have some follow-up tasks remaining.

Role

Users within Torq are assigned workspace-specific roles that designate which materials they can view, edit, and create.

Run

A run refers to when a Workflow or Step performs its actions.

Runner

Runbook

(Cases) A documented set of predefined procedures and instructions that serve as a guiding framework for Case investigations.


S

Schedule

Schedule a Workflow to run at a specific time by using a Scheduled Event Trigger.

Severity

(Cases) Reflects the level of urgency for a Case. These correspond to the OCSF schema event severity identifier.

Service Level Agreement (SLA)

The duration in which a Case should be resolved.

Service Organization Control 2 (SOC 2)

An auditing standard that assesses the security, availability, processing integrity, confidentiality, and privacy of an organization's systems and processes.

Socrates

Torq's autonomous AI SOC analyst designed to transform your Case investigations.

Single Sign-On (SSO)

A security mechanism that allows users to log in to multiple applications or systems using a single set of credentials, simplifying access management and security.

State

(Cases) States correspond to the OCSF schema state identifier and are another word for Severity.

Step Runner

Step Runners (a.k.a Runners) are the components responsible for scheduling a Step's execution and retrieving the Step's output by using an adapter (either Kubernetes or Docker). Step Runners can be hosted by Torq or your organization.

Steps

Single-purpose, automated actions. There are built-in Steps (which are customizable) or you can create your own from scratch.


T

Tag

A tag is a keyword or label assigned to Workflows to aid in filtering and organization.

Template

A template is a customizable Workflow built by security experts that can serve as either a starting point for creating Workflows with certain vendors or use cases or that can be quickly filled in and utilized as is.

Timeback Benchmark

The TimeBack benchmark is a way to monitor how much time each automated Workflow saves you.

tqfile

Tqfiles are non-shareable file links with the format tqfile://steps/XXXXXXXXX. These links are used to reference files within Torq Workflows, often for handling large outputs or binary content. They are typically generated when a Step is configured to return the output as a file.

Trigger

A Trigger defines the conditions under which the Workflow begins. When used as a verb, it means to start running the Workflow.


U

User

Organization members utilizing Torq.

Utilities

Utility Steps assist with arrays, mathematics, debugging, functions, date and time, and more recurring tasks.


V

Variable

A variable is a named storage location containing data or information used in Steps within the Workflows.

Vendor

Third-party services that can be securely connected and used within Torq through integrations.

Version History

The Version History is a record of previous published Workflow versions.

Viewer

The Viewer role can view Workflows and integrations but not make changes.


W

Wait

An Operator that temporarily pauses the execution of a Workflow for a specified duration before proceeding to the next Step.

Webhook

Webhooks are listeners that wait to notify you about events and send forth data. Webhooks are created with a randomized URL and secured through obscurity.

Workflow

Workflows are the logic you build for automating security tasks and processes. They consist of a Trigger and a sequence of Steps that implement an automation use case. Create Workflows to automate tasks at scale, freeing security professionals for strategic activities.

Workspace

A workspace is an account within an organization.

Workspace Variable

A workspace variable is saved information (number, JSON, string, or Boolean) that can be accessed and used across multiple Workflows within one workspace.


Y

YAML

A human-readable data serialization format for configuration files and data exchange between computer languages. Steps and Workflows can be converted to YAML format.


Did this answer your question?