Activity logs include information for the following activities: triggered Workflows, single-Step executions, and events that didn't trigger a Workflow. They are searchable and filterable. You can access activity logs via the UI or the API.

An Operator that incorporates the power and capabilities of large language models (LLMs) at any Workflow stage.

A way for two or more computer programs to communicate with each other. It is a type of software interface, offering a service to other pieces of software. In Torq, it's how information is passed and sent to third-party applications.

A unique token generated on a user level within a workspace. It's used to authorize Torq's API calls when making requests, retrieving data, or performing actions.

Audit logs record the occurrence of an event, the timestamp, the instigating user or service, and the impacted entity. Audit logs come from the workspace the calling API key originates from—not all organizational workspaces.

An Operator that can be used within a loop to stop and exit the loop.

The Canvas (or Designer) refers to the visual area where Torq users drag and arrange Steps and build Workflows.

Cases automate tracking, investigating, and managing security incidents by centralizing relevant data and facilitating the incident response process.

CIS (Center for Internet Security) AWS (Amazon Web Services) refers to a set of security guidelines and best practices for safely using Amazon's cloud computing services.

A claim mapping describes how the value of a specific user attribute in the IdP will be translated into a role in Torq when using single sign-on (SSO). For example, add a claim with the name groups that will assign each user in the IdP group engineers (claim value) the Contributor role in Torq.

(Cases) A status that indicates that all actions related to the Case have been completed.

Context expressions are a way to reference parameters or output from within previous Workflow Steps.

The Contributor role can view, trigger, edit, and publish Workflows and integration data.

The Creator role can view, trigger, create, and modify Workflows and integrations.

A role tailored to your organization’s unique needs. Custom roles can be created within your Workspace using the custom roles API or available Steps.

Custom steps are user-made from HTTP mode, a cURL command, or nested Workflows. They are workspace-specific unless imported.

(Cases) Visual interfaces used to monitor SOC operations, track security metrics, and gain insight into alerts, threats, and automation performance.

Reformatting and enriching raw data for cross-tool compatibility and use in Workflows and alerts.

The Designer (or Canvas) refers to the visual area where Torq users drag and arrange Steps and build Workflows.

Disabling an Operator keeps it in the Designer but excludes it from Workflow executions.

Draft is a Workflow mode wherein the Workflow is being worked on. Draft modes are not operational (they will not run and effect changes) until published.

An Operator that determines whether an expression's value is unique within a specified time window across executions of the same Workflow.

An event is a notification that responds to a specific action, allowing Torq to respond or trigger other actions accordingly.

An execution is an alternative word for a Workflow or Step run.

An Operator that ends and exits the Workflow.

Save a copy of a Workflow, Step, etc., locally, allowing you to import it into other workspaces.

Folders allow for workspace organization by sorting Workflows into categories.

An open-source framework that enables high-performance communication between services.

An HTTP request is a message sent to a server to retrieve information or submit data over the web using methods like GET (retrieve) or POST (submit).

The combination of advanced automation, AI, and orchestration that replaces manual SOC processes at scale.

Torq’s AI-driven, fully autonomous Security Operations Center platform powered by agentic AI and Hyperautomation.

An Operator that checks if a given condition is true or false before performing a specific action.

A protocol for retrieving email messages from a mail server. In Torq, the IMAP trigger is used to ingest emails as events from a configured IMAP server.

To bring a Workflow or Step from outside Torq (stored locally) into your workspace.

Digital traces left behind by attackers, like malicious IPs, domain names, file hashes, or registry changes that signal your environment may have been breached.

Insights is Torq's analytics dashboard, which contains information on time saved through Torq and Workflow stats.

Integrations are connections to third-party services (see vendors). There are separate Trigger and Step integrations.

Interact (or Torq Interact) is a secure web page built using Torq. The Interact Operator and Trigger allow you to send and create secure and interactive web pages and web forms.

Providing temporary access privileges only when needed, then revoking them automatically to reduce risk.

An Operator that repeats the same Steps multiple times until a specific condition is met.

The workflow metadata is information about the current execution that's available in the context automatically, such as the workspace ID, Workflow name, user email, etc.

Use mock outputs to execute Steps without making the API requests they are based on and get a manually preconfigured response instead.

A way to perform a common action or set of actions that you intend to reuse across Workflows by placing one Workflow within another Workflow—the nested Workflow will run when triggered by the parent Workflow.

A U.S. government agency responsible for developing and promoting measurement standards, guidelines, and best practices in various fields, including cybersecurity.

(Cases) OCSF-compliant objects that represent the indicators related to each Case, such as IP addresses, URLs, file hashes, and resource UIDs.

Operator may have two meanings: when referring to a role, the Operator role can view and trigger Workflows. When referring to a Step, an Operator is a type of Step that performs actions on data within the Workflow (e.g. If, Loop, Switch).

A role that can view, modify, trigger, publish, and delete Workflows and integrations within a workspace and manage the users and SSO.

A variable used in a Step that allows you to input values or settings, influencing the Step's behavior or output. Optional parameters can be found in each individual Step under the Manage parameters icon.

Publish a Workflow to switch it from draft mode into an operational Workflow that will run when its Trigger conditions are met.

Queuing a Workflow involves placing tasks or requests in a line and ensuring they are processed sequentially or based on priority.

(Cases) Quick actions are shortcuts to run Workflows that were suggested for a Case.

(Cases) The Workflow or user that created a Case.

(Cases) A status that indicates that the issue has been addressed but may have some follow-up tasks remaining.

Users within Torq are assigned workspace-specific roles that designate which materials they can view, edit, and create.

A run refers to when a Workflow or Step performs its actions.

See Step Runner.

(Cases) A documented set of predefined procedures and instructions that serve as a guiding framework for Case investigations.

Schedule a Workflow to run at a specific time by using a Scheduled Event Trigger.

(Cases) Reflects the level of urgency for a Case. These correspond to the OCSF schema event severity identifier.

The duration in which a Case should be resolved.

An auditing standard that assesses the security, availability, processing integrity, confidentiality, and privacy of an organization's systems and processes.

Torq's autonomous AI SOC analyst designed to transform your Case investigations.

A security mechanism that allows users to log in to multiple applications or systems using a single set of credentials, simplifying access management and security.

(Cases) States correspond to the OCSF schema state identifier and are another word for Severity.

Step Runners (a.k.a Runners) are the components responsible for scheduling a Step's execution and retrieving the Step's output by using an adapter (either Kubernetes or Docker). Step Runners can be hosted by Torq or your organization.

Single-purpose, automated actions. There are built-in Steps (which are customizable) or you can create your own from scratch.

A tag is a keyword or label assigned to Workflows to aid in filtering and organization.

A template is a customizable Workflow built by security experts that can serve as either a starting point for creating Workflows with certain vendors or use cases or that can be quickly filled in and utilized as is.

The TimeBack benchmark is a way to monitor how much time each automated Workflow saves you.

Tqfiles are non-shareable file links with the format tqfile://steps/XXXXXXXXX. These links are used to reference files within Torq Workflows, often for handling large outputs or binary content. They are typically generated when a Step is configured to return the output as a file.

A Trigger defines the conditions under which the Workflow begins. When used as a verb, it means to start running the Workflow.

Organization members utilizing Torq.

Utility Steps assist with arrays, mathematics, debugging, functions, date and time, and more recurring tasks.

A variable is a named storage location containing data or information used in Steps within the Workflows.

Third-party services that can be securely connected and used within Torq through integrations.

The Version History is a record of previous published Workflow versions.

The Viewer role can view Workflows and integrations but not make changes.

An Operator that temporarily pauses the execution of a Workflow for a specified duration before proceeding to the next Step.

Webhooks are listeners that wait to notify you about events and send forth data. Webhooks are created with a randomized URL and secured through obscurity.

Workflows are the logic you build for automating security tasks and processes. They consist of a Trigger and a sequence of Steps that implement an automation use case. Create Workflows to automate tasks at scale, freeing security professionals for strategic activities.

A workspace is an account within an organization.

A workspace variable is saved information (number, JSON, string, or Boolean) that can be accessed and used across multiple Workflows within one workspace.

A human-readable data serialization format for configuration files and data exchange between computer languages. Steps and Workflows can be converted to YAML format.