Activity logs include information for the following activities: triggered workflows, single-step executions, and events that didn't trigger a workflow. They are searchable and filterable. You can access activity logs via the UI or the API.

An application programming interface is a way for two or more computer programs to communicate with each other. It is a type of software interface, offering a service to other pieces of software. In Torq, it's how we pass and send information to your third-party applications, among other things.

An API key is a unique token generated on a user level within a workspace. It's used to authorize Torq's API calls when making requests, retrieving data, or performing actions.

Audit logs record the occurrence of an event, the timestamp, the instigating user or service, and the impacted entity. Audit logs come from the workspace the calling API key originates from - not all organizational workspaces.

Break is an operator that can be used within a loop to stop and exit the loop.

The canvas (or designer) refers to the visual area where Torq users drag and arrange steps and build workflows.

Cases automate tracking, investigating, and managing security incidents by centralizing relevant data and facilitating the incident response process.

CIS (Center for Internet Security) AWS (Amazon Web Services) refers to a set of security guidelines and best practices for safely using Amazon's cloud computing services.

A claim mapping describes how the value of a specific user attribute in the IdP will be translated into a role in Torq when using single sign-on (SSO). For example, add a claim with the name groups that will assign each user in the IdP group engineers (claim value) the Contributor role in Torq.

Pertaining to Cases: the Closed status indicates that all actions related to the Case have been completed.

Context expressions are a way to reference parameters or output from within previous workflow steps.

The Contributor role can view, trigger, edit, and publish workflows and integration data.

The Creator role can view, trigger, create, and modify workflows and integrations.

Custom steps are user-made from HTTP mode, a cURL command, or nested workflows. They are workspace-specific unless imported.

The designer (or canvas) refers to the visual area where Torq users drag and arrange steps and build workflows.

Draft is a workflow mode wherein the workflow is being worked on. Draft modes are not operational (they will not run and effect changes) until published.

An event is a notification that responds to a specific action, allowing Torq to respond or trigger other actions accordingly.

An execution is an alternative word for a workflow or step run.

The Exit operator will end and exit the workflow.

Save a copy of a workflow, step, etc., locally, allowing you to import it into other workspaces.

Folders allow for workspace organization by sorting workflows into categories.

An HTTP request is a message sent to a server to retrieve information or submit data over the web using methods like GET (retrieve) or POST (submit).

The If operator checks if a given condition is true or false before performing a specific action.

IMAP (Internet Mail Access Protocol) is a protocol for retrieving email messages from a mail server. In Torq, the IMAP trigger is used to ingest emails as events from a configured IMAP server.

Bring a workflow or step from outside Torq (stored locally) into your workspace.

Insights is Torq's analytics dashboard, which contains information on time saved through Torq and workflow stats.

Integrations are connections to third-party services (see vendors). There are separate Trigger and Step integrations.

Interact (or Torq Interact) is a secure web page built using Torq. The Interact operator and trigger allow

A loop is a repetition of the same steps multiple times until a specific condition is met.

The workflow metadata is information about the current execution that's available in the context automatically, such as the workspace ID, workflow name, user email, etc.

Use mock outputs to execute steps without making the API requests they are based on and get a manually preconfigured response instead.

Nested workflows are a way to perform a common action or set of actions that you intend to reuse across workflows by placing one workflow within another workflow - the nested workflow will run when triggered by the parent workflow.

NIST, the National Institute of Standards and Technology, is a U.S. government agency responsible for developing and promoting measurement standards, guidelines, and best practices in various fields, including cybersecurity.

Pertinent to Cases: Observables are OCSF-compliant objects that represent the indicators related to each case, such as IP addresses, URLs, file hashes, resource UIDs, and more.

Operator may have two meanings: when referring to a role, the Operator role can view and trigger workflows. When referring to the Torq step, an Operator is a type of step that performs actions on data within the workflow (ex: If, Loop, Switch).

The Owner role can view, modify, trigger, publish, and delete workflows and integrations within a workspace and manage the users and SSO.

A parameter is a variable used in a step that allows you to input values or settings, influencing the step's behavior or output. Optional parameters can be found in each individual step under the Manage parameters icon.

Publish a workflow to switch it from draft mode into an operational workflow that will run when its trigger conditions are met.

Queuing a workflow involves placing tasks or requests in a line and ensuring they are processed sequentially or based on priority.

Pertains to Cases: Quick actions are shortcuts to run workflows that were suggested for a case.

Pertains to Cases: The workflow or user that created a case.

Pertaining to Cases: the Resolved status indicates that the issue has been addressed but may have some follow-up tasks remaining.

Users within Torq are assigned workspace-specific roles that designate which materials they can view, edit, & create.

A run refers to when a workflow or step performs its actions.

See Step Runner

Pertinent to Cases: A runbook is a documented set of procedures and instructions that provide predefined instructions to serve as a guiding framework for case investigations.

Schedule a workflow to run at a specific time by using a Scheduled Event trigger.

Related to Cases and reflects the level of urgency for a case. These correspond to the OCSF schema event severity identifier.

Service Level Agreement is the duration in which a case should be resolved.

SOC 2 (Service Organization Control 2) is an auditing standard that assesses the security, availability, processing integrity, confidentiality, and privacy of an organization's systems and processes.

Single Sign-On (SSO) is a security mechanism that allows users to log in to multiple applications or systems using a single set of credentials, simplifying access management and security.

About Cases: The case states correspond to the OCSF schema state identifier and are another word for Severity.

Step runners (sometimes shortened to runner) are the components responsible for scheduling a step's execution and retrieving the step's output by using an adapter (either Kubernetes or Docker). Step runners can be hosted by Torq or your organization.

Single-purpose, automated actions. There are built-in steps (which are customizable) or you can create your own from scratch.

A tag is a keyword or label assigned to workflows to aid in filtering and organization.

A template is a customizable workflow built by security experts that can serve as either a starting point for creating workflows with certain vendors or use cases or that can be quickly filled in and utilized as is.

The TimeBack benchmark is a way to monitor how much time each automated workflow saves you.

A trigger defines the conditions under which the workflow begins. When used as a verb, it means to start running the workflow.

Organization members utilizing

Utility steps assist with arrays, mathematics, debugging, functions, date & time, and more recurring tasks.

A variable is a named storage location containing data or information used in steps within the workflows.

Third-party services that can be securely connected and used within Torq through integrations.

The Version History is a record of previous published workflow versions.

The Viewer role can view workflows and integrations but not make changes.

Wait is a type of operator that temporarily pauses the execution of a workflow for a specified duration before proceeding to the next step.

Webhooks are listeners that wait to notify you about events and send forth data. Webhooks are created with a randomized URL and secured through obscurity.

Workflows are the logic you build for automating security tasks and processes. They consist of a trigger and a sequence of steps that implement an automation use case. Create workflows to automate tasks at scale, freeing security professionals for strategic activities.

A workspace is an account within an organization.

A workspace variable is saved information (number, JSON, string, or boolean) that can be accessed and used across multiple workflows within one workspace.

A YAML is a human-readable data serialization format for configuration files and data exchange between computer languages. Steps and workflows can be converted to YAML format.