Torq
What is Torq?
Torq is a security operations platform for SOC teams that ingests telemetry, correlates and deduplicates alerts, and turns them into prioritized cases and response actions. It combines Triage, Investigate, Respond, Case Management, Hyperautomation, Threat Hunt, and AI Agents with HyperAgents™. Torq integrates with Microsoft Sentinel, Splunk, ServiceNow, PagerDuty, Microsoft Teams, Wiz, Okta, AWS, Microsoft Defender, and Google Cloud, and is used by Carvana, Blackstone, Chipotle, and Hard Rock.
Last verifiedHow we evaluate
At a glance
- Torq is best for security operations teams that need to cut alert noise and automate incident response across the full threat lifecycle.
What does Torq do?
Torq ingests security telemetry, correlates and deduplicates events, and uses AI Agents plus Hyperautomation to turn noisy alerts into prioritized cases and response actions. Its workflow spans triage, investigation, and remediation: it filters false positives, assembles evidence and timelines, and then triggers coordinated actions so teams can move from analysis to containment without stitching together point solutions. At scale, Torq says it supports 300+ security tools and runs 100 Million daily security automations on the platform. It also cites 200+ Torqers worldwide and 300% YoY growth, alongside customer outcomes like 100% of Carvana's Tier-1 security alerts being handled and 41 different runbooks automated within one month. The product shows transparent, auditable AI output and continuous feedback loops so teams can keep control while automation expands capacity.
Why use Torq?
- Torq closes the loop from triage to remediation, so teams can automate the full threat lifecycle instead of stopping at analysis.
- Its AI Agents are transparent and auditable, which helps security teams keep human-on-the-loop control over automated decisions.
- The platform is built to expand SOC capacity by offloading repetitive work and coordinating specialized agents across cases.
- Native case management keeps evidence, timelines, and next steps in one place, reducing the need to juggle multiple point solutions.
- Torq's integration breadth lets teams connect a large security stack without rebuilding workflows around each tool.
Who is Torq for?
- SOC analysts who need to triage alerts faster and focus on the highest-risk cases.
- Security operations managers who want more throughput without adding manual handoffs.
- Incident response teams that need automated investigation and remediation steps.
- MSSP teams that must handle large case volumes with consistent workflows.
- Security leaders who want transparent AI assistance with human oversight.
What are Torq's key features?
Triage
Filters and de-duplicates alerts, then correlates events and creates cases so analysts can focus on the biggest risks instead of noise.
Investigate
Supports case investigation and review with complete case context, helping teams move faster across tools like Microsoft Sentinel and Splunk.
Respond
Triggers automated actions and autonomous remediation across integrations such as ServiceNow, PagerDuty, and Microsoft Teams to cut response time.
Threat Hunt
Runs proactive threat hunting with AI agents and multi-agent coordination, using sources like CrowdStrike, Recorded Future, and VirusTotal.
Case Management
Manages case creation, access, investigation, and review in one workflow, giving SOC teams a single place to track incidents.
Hyperautomation
Builds and deploys security automations in minutes, with event ingestion, data transformation, and workflow execution across 300+ security tools.
AI Agents
Uses HyperAgents™ and native MCP support to orchestrate AI output visibility and feedback loops, so teams can inspect and refine agent actions.
Integrate Your Stack
Connects to a broad security stack, including Wiz, Okta, AWS, Microsoft Defender, and Google Cloud, to centralize automation across systems.
What does Torq integrate with?
- Wiz
- Blackstone
- Carvana
- Chipotle
- Hard Rock
- Gartner Peer Insights
- PeerSpot
- CrowdStrike
- Abnormal Security
- Cyera
- Island
- Google Cloud
- Okta
- Zscaler
- Sweet
- Adaptive Shield
- AlientVault OTX
- Anomali ThreatStream
- Anthropic Claude
- Anvilogic
- ANY.RUN
- Apiiro
- Aqua
- Armis
- Asana
- Atlassian Jira
- Atlassian
- Atmosec
- AWS
- AWS Security Lake
What are Torq's use cases?
SOC analysts triage faster
SOC analysts use Torq to sort noisy queues and focus on the highest-risk alerts, using Triage and Filter Out the Noise to separate routine events from cases that need attention. They then use Case Management to keep context attached as they move from alert to action.
Managers scale throughput
Security operations managers use Torq to increase case throughput without adding manual handoffs, using Hyperautomation and Workload at a Glance to balance assignments and spot bottlenecks. With Manage and Reporting on SOC Metrics, they can keep teams moving and measure where time is being lost.
IR teams automate response
Incident response teams use Torq to investigate and contain incidents with fewer swivel-chair steps, using Investigate and Respond to move from alert to remediation quickly. AI Agents and Autonomous Remediation help them execute repeatable actions while keeping human oversight on edge cases.
MSSPs standardize case handling
MSSP teams use Torq to handle large case volumes with consistent workflows across customers, using Agentic Case Management and Customizable Templates to keep every runbook aligned. Integrate Your Stack connects their existing security tools so each case follows the same process from intake to closure.
How does Torq work?
- Connect your first security tools with Integrate Your Stack, then bring alerts and events into Torq. Use Event Ingestion and De-Duplication/Correlation to normalize noisy inputs before they reach analysts.
- Set up Triage to route low-value alerts away from urgent cases. Tune Automation Triage and Case Creation so the right incidents open with the right context and priority.
- Build investigation paths with Investigate and Case Investigation, adding Data Transformation where enrichment is needed. Use AI Agents and AI Output Visibility to speed analysis while keeping every recommendation reviewable.
- Launch response playbooks in Respond and Autonomous Remediation to trigger approved actions across your stack. Use Flexible Workflows and Trigger Automated Actions to handle containment, notifications, and follow-up steps.
- Track outcomes in Case Management and Reporting on SOC Metrics, then refine automations with Feedback Loop. Expand coverage over time with Hyperautomation as teams add more use cases and integrations.
Frequently asked questions
What is Torq?
Torq is a security operations platform for SOC teams that ingests telemetry, correlates and deduplicates alerts, and turns them into prioritized cases and response actions. It combines Triage, Investigate, Respond, Case Management, and Hyperautomation with AI Agents and HyperAgents™. Torq integrates with Microsoft Sentinel, Splunk, ServiceNow, PagerDuty, and Microsoft Teams, and is used by Carvana and Blackstone.
What is Torq used for? Who is it for?
Torq is used for Triage, Investigate, and Respond. It's built for SOC analysts, Security operations managers, and Incident response teams that need automated investigation and remediation steps.
Does Torq have an API and what does it integrate with?
Torq doesn't publish a public API.
Explore other Security AI Agents
