Overview

Product video
Torq is the AI SOC platform that combines agentic insights and automation so that enterprises can triage, investigate, and respond to actual risks, faster. Torq streamlines every step from alert through resolution, expanding capacity and throughput. First, Torq ingests and normalizes telemetry from across your security stack, preparing the data for agentic reasoning at scale. Auto Triage filters out noise and prioritizes actual threats. Next, cases are automatically opened and assigned to highly specialized AI agents designed for investigation and response. Using tools and actions you specify, they gather evidence, assemble timelines, and transparently record decisions and authorized actions. Your team is in complete control. With Torq, your SOC delivers more results, more efficiently, from triage through remediation.
Highlights
- Eliminates alert fatigue - Torq's AI SOC platform integrates with AWS security tools to provide a unified view of security cases that prioritizes urgent threats to help decrease mean-time-to-response (MTTR).
- Ends tech sprawl - Torq's AI SOC platform addresses tech sprawl with integrations across the entire security stack. Now security teams can overcome the challenges posed by complex multi-cloud environments and evolving security threats.
- Addresses talent shortage- Torq's AI SOC platform capabilities enable security teams to achieve more with fewer resources, reducing the need for manual tasks. Pre-built integrations with AWS services automate complex processes, empowering less experienced analysts, and improving overall productivity.
Details
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Buyer guide

Financing for AWS Marketplace purchases
Pricing
Dimension | Description | Cost/12 months |
|---|---|---|
Torq Essential | Essential Plan | $450,000.00 |
Torq Enterprise | Enterprise Plan | $450,000.00 |
Torq Elite | Elite Plan | $450,000.00 |
Vendor refund policy
Please contact us at sales@torq.io
How can we make this page better?
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
https://support.torq.io support@torq.io . By purchasing, deploying, accessing, or using this product, you agree to comply with the AWS Marketplace Standard EULA, and the terms of applicable open source software licenses bundled with the product. In addition, if you elect to use any artificial intelligence (AI) features made available by Torq as part of the product, the Torq AI Terms shall govern your use thereof. Pursuant with the Data Processing Addendum, you authorize the engagement of the sub processors listed at: https://torq.io/legal/subprocessors/ , as may be updated by Torq from time to time.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

Standard contract
Customer reviews
Automation has transformed incident investigations and now simplifies alert triage and response
What is our primary use case?
My main use case for Torq is to automate security incidents. By using Socrates CI, I am able to automate the investigation steps with the runbook and integrate other devices to forward their logs, customizing recording coordinates and parsing with jq.
A recent scenario where I used Torq involved integrating Elasticsearch with Torq to forward the entire log from Elasticsearch to Torq, where I wrote a runbook for the investigation. For example, there is an RDP to the internet use case requiring ten to fifteen steps to investigate the incident. With Torq and Socrates, I automate everything to reach the final outcome.
I have used Torq to automate triage, investigations, and remediation actions across multiple attack surfaces. It performs better than other tools because of its extensive integration capabilities and customizable features, allowing me to tailor responses according to my needs.
I primarily utilize Torq for investigation and alert automation, and I do not have any other business relationships with the vendor.
What is most valuable?
I find Torq very helpful from an automation point of view, with customizable suite features that allow me to customize according to my needs. Initially, developing workflows was complex due to the numerous customization options available, but with Torq's support, I can successfully do that. I also utilize the available templates in Torq as a guideline for developing workflows based on these templates.
Torq offers features like the shocker rates, allowing me to give prompts to the procreate, which investigates each alert according to my defined handbook—a feature I really appreciate. Additionally, I can integrate any third-party tool to Torq using the webhook connector and Torq's default connectors, which is another excellent feature I appreciate.
The StockerX feature is a basic AI model that I develop according to my needs and offer some context in the StockerX tool. I write runbooks and provide prompts to automate the investigation steps using Socrates, which connects every tool and software to enrich the data I need. This feature significantly aids my daily activities, especially since it automates many tasks previously performed by manual analysts. Currently, I am using the WayBook connector and Torq's default connector to integrate third-party tools with Torq, along with various tools like Elasticsearch.
I appreciate Torq's GUI interface, which is easy for every analyst to understand. Additionally, the dashboard features enable monitoring spikes, device integrations, and device statuses according to my needs, allowing me to develop comprehensive visualizations for alerts. Recently introduced migration features in the GUI add value by showing connected tools to my endpoints and assisting my investigation processes, which I find beneficial.
What needs improvement?
To improve Torq, I suggest that known alerts and attacks in the market should lead to developed use cases and workflows. Implementing these would help map known traits automatically when integrating third-party tools and require minimal credential configurations. Having examples of steps to investigate specific alerts would assist in developing other cases effectively.
Torq provides comprehensive support, and I find their documentation useful for addressing challenges in my workflows. Walking through the documentation available on Torq's website gives me clarity on solving issues. If Torq could enhance its AI features, it would benefit customers significantly by making the platform even more user-friendly.
For how long have I used the solution?
I have been using Torq for the last one to two years.
What do I think about the stability of the solution?
Torq is stable and functions reliably within my operations.
What do I think about the scalability of the solution?
Torq's scalability is highly effective, allowing me to customize features according to my specific requirements.
How are customer service and support?
Torq provides comprehensive support, and I find their documentation useful for addressing challenges in my workflows. Walking through the documentation available on Torq's website gives me clarity on solving issues. If Torq could enhance its AI features, it would benefit customers significantly by making the platform even more user-friendly.
Customer support is very good, available twenty-four seven, offering quick resolutions through group chats or calls.
Which solution did I use previously and why did I switch?
My experience managing various point solutions was complicated compared to using Torq's unified platform approach for AI SOC automation and case management.
Before Torq, using separate security platforms posed challenges in enabling log forwarding and investigating alerts efficiently with manual documentation. With Torq, I automate actions while achieving SLA compliance and streamline alert investigation processes much better.
What was our ROI?
I started realizing value with Torq right away; the benefits became apparent immediately as I transitioned to automation.
I have seen a return on investment with Torq, as the automation reduces the number of employees needed and significantly saves both time and resources.
Which other solutions did I evaluate?
I did not evaluate other options before choosing Torq, as my focus remains on employing Torq as my solution.
What other advice do I have?
I would rate Torq a perfect ten on a scale of one to ten.
I chose ten because Torq meets all my expectations, providing support for any challenges I face during workflow, integration, and runbook development. They also have comprehensive documentation for knowledge sharing, along with Torq Academy, which offers multiple certifications to help users understand how Torq features work, especially the SOC analyst certification for beginners.
While comparing various AI outputs, I find that accuracy is not always one hundred percent, but it reaches about eighty percent with precise prompts. Accuracy depends significantly on the clarity of prompts given to Torq's AI, with good prompts yielding better responses.
The effect of using Torq's AgenTik AI on stress levels and focus is positive, as it automates procedures, allowing staff to follow predefined protocols without additional manual effort.
Metrics that matter most to my leadership team include investigating every alert and resolving issues as per defined parameters. Automation from Torq helps us show real SOC impact through efficient handling and timely responses.
Before using Torq, I relied on manual investigation steps detailed in my playbook for alerts. Now, with Torq, I automate procedures through a defined software model, allowing runbooks to handle alerts effectively. When an alert is triggered in Elasticsearch, it forwards to Torq, which follows the runbooks I have set up for each alert. If additional actions are required, it sends alerts and notifications, categorizing legitimate alerts and closing them automatically at both Torq and Elasticsearch levels.
I can monitor alert severity and manage how many alerts I have based on this metric, which is a positive impact since investigating alerts efficiently was challenging during manual processes. I can now see how many alerts are pending and their severity levels, contributing to meeting my SLA and TRA requirements.
Torq significantly changes day-to-day experiences for security analysts by automating alert handling and reducing overall workload, thus improving job satisfaction and operational efficiency.
Torq's AgenTik AI significantly increases the alert handling capacity for my SecOps staff, streamlining their responsibilities and ensuring they manage alerts effectively. I would rate this product ten out of ten.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
AI-driven automation has transformed incident response speed and boosted analyst confidence
What is our primary use case?
For Torq , first of all, it's a hyperautomation and AI assistant usage. Our EDR SentinelOne is integrated in Torq and besides the vendor itself having hyperautomation abilities, Torq helps me to analyze incidents and to respond to incidents more quickly and more efficiently.
Torq's AI SOC automation case management is much faster and more efficient compared to the manual tools I have used before. Torq is an ideal assistant for AI SOC in automation challenges.
Torq changed the day-to-day experience for my security analysts. They are more confident and can test more approaches in the security operation center every day as workflows and routine.
What is most valuable?
I rely on Torq's AI assistant in most of my incident response and in building right and less complex workflows for automation.
Torq helped me also in some infrastructure and ticketing challenges, for example, to organize the ticketing system in our company, but I am still in a process of learning about Torq and realizing different scenarios using Torq.
The most valuable feature of Torq is hyperautomation and AI assistant because the quality of speed and recommendation from the AI assistant is really high. Another outstanding feature is that you don't need to write code. There is a library of prepared scripts or JSON scripts which can be right and adapted. You can face quite complex challenges without a programming background and can successfully solve these issues and challenges.
Torq's no-code library helps me to be more efficient and respond to incidents more flexibly. The support of the AI assistant makes my actions more efficient and quicker.
What needs improvement?
The only thing is more out-of-the-box integrations. Torq already has a lot of supported integrations and adding new ones is not difficult, but for some customers, it's easier to have a plug and play interface to start onboarding.
We didn't evaluate other options because we tested Torq and we liked it.
At this stage, I have no additional suggestions. I will update my review several months later and maybe then I will have some suggestions to prove and to what in addition I would like to see in the solution.
I can't evaluate Torq's agentic AI, but I think in my next review, I can provide more information.
For how long have I used the solution?
I have been using Torq for the last six months.
What do I think about the stability of the solution?
I haven't experienced any downtime or technical issues while running the platform.
What do I think about the scalability of the solution?
Torq can handle growth and increase easily without any downtime or lack of service.
How are customer service and support?
Customer support is responsive and helpful, but most of my questions were more how-to questions.
Which solution did I use previously and why did I switch?
I used online SIEMs with integrated SOARs, not online but on-premises, and we switched because it was too slow and too inefficient to use.
How was the initial setup?
From my point of view, Torq has excellent documentation and a support portal. You can find literally everything on the support portal. There are visual manuals and quite simple instructions for onboarding and for every use case you can imagine in your infrastructure.
My advice would be to test Torq in your environment, ask as many questions as possible during POC and refer to documentation in cases you feel not confident about your new solution.
What about the implementation team?
At this stage, we are just customers of Torq.
What was our ROI?
Regarding Torq's pricing and license costs, as long as our existing team started to work more efficiently and quicker, I think we have quite a return of investment and we suppose to add more security management center tools. The return of investment is also the money we saved not adding another security tool. For me and for our security stack, it's about 30% return on investment.
What's my experience with pricing, setup cost, and licensing?
Torq is a standalone solution from Torq providers.
Which other solutions did I evaluate?
We didn't evaluate other options because we tested Torq and we liked it.
What other advice do I have?
I think I have told everything about Torq that I can share at this stage, but I am still in the process of learning the platform and I still think that there are many more features which can be adapted and can be used inside the company.
According to positive outcomes, Torq reduced manual work and made incident response more efficient. From Torq workflows, I learn much more about my company ecosystem. This also reflects on the defensive side of the company. I see the gaps that I had according to incidents and I can fix and address the gaps relying on knowledge I get from automation results.
I think the speed of work increased minimum by 50%, but I think with more automation and more optimization, we can make this result much better.
The easiness of integration, good quality of support and good quality of documentation make this product easy to work with. From what I see, the vendor itself is oriented on improvement, which means that they will not stop at the level they reached by now.
I am quite confident in Torq because I have checked, for example, compliance to ISO 27001 and this is the most relevant standard here in Georgia. I trust in Torq and I trust in the security compliance the platform provides.
Torq's AI recommendations are consistently helpful. There was no case when the system provided me with a false recommendation or inaccurate response.
Alert fatigue is something I would like Torq to help me address.
My overall rating for this review is 10.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Automation has streamlined incident handling and AI now summarizes and responds to threats
What is our primary use case?
What is most valuable?
In my opinion, the best features Torq offers are ease of navigation and good AI usage as Socrates. There are different stages of the incident when it comes into the queue, and we could easily navigate to the sections that we would want to update and work on. That is how it brings a lot of customization to the incidents navigation and all other stages of the incident. The good usage of AI is regarding Socrates, the AI that summarizes and can respond to the threats or the incidents on its own when it's assigned to the incident. Those are two of the strongest points of Torq.
Torq is good in the reporting structure and showing metrics to the leadership. I think Torq plays a good role in that sense.
What needs improvement?
Torq can probably use more ML and look at what can be closed and what cannot be closed in terms of data classification. In terms of auto closure of incidents, it can do better when it uses ML. I choose that number because it's a great SOAR tool. It's not one of those existing SOAR platforms or just a pure SOAR. It has good incident handling, good UI, and a good user-friendly environment, but it can also improve its automation workbooks, work plans, and usage of ML to better cater to the market or consumers.
For how long have I used the solution?
I have used Torq for five months.
What do I think about the stability of the solution?
I did not see it buffer, take a lot of time to load, or be unresponsive. I haven't seen those issues in Torq. I think that's a good experience.
What do I think about the scalability of the solution?
If scalability is rated out of ten, I would rate it seven out of ten.
Which solution did I use previously and why did I switch?
It was Demisto XSOAR, and we shifted because we needed a more user-friendly SOAR platform.
How was the initial setup?
I would just make sure to replace the old or the previous solution with Torq point by point. If that is good, I think everything else will be taken care of.
What about the implementation team?
We were just consumers.
What was our ROI?
I can share the time saved from my work alone and cannot disclose or specify any other employees. I saved nearly roughly about ten hours of my time while I was working in Torq because it's much better than the previous tool.
Which other solutions did I evaluate?
I have heard Hyper Automate is pretty user-friendly and has less coding compared to other leaders in the market or other players in the market. Its drag and drop tasks or work plan building is what I heard.
What other advice do I have?
We have seen fewer failures of automations from the time Torq came into the picture. We've had a more streamlined process of handling incidents, and at the same time, we've learned to embed the AI into our incident types, and that is how it has helped us in the automation. I think Torq can really integrate other tools within the case management platform, and it can make the work a little more efficient. I would rate this review eight out of ten.
Automation has transformed phishing response and routine workflows while AI now accelerates case handling
What is our primary use case?
My main use case for Torq is automation, specifically automating processes that the business considers redundant, mundane, and busy work items, along with other significant automation opportunities like phishing cases, typosquatting, leaked credentials, and double-checking, so there are numerous different use cases.
One specific example of an automation I have set up with Torq is phishing analysis. Torq workflow that handles phishing cases essentially closes out 60%, meaning only 40% of all phishing cases that come to our team need to be reviewed because the automation can close out the other 60%. If my team had to look at every single email, it would consume a lot of time, so it saves a lot of time.
What is most valuable?
Torq's best features include the AI components within the platform, specifically the ability to have an AI helping assistant while you are working in the platform itself, which is extremely convenient. You can ask it any type of question and it gives me an answer that I can work with or is the actual answer because it has Torq's back-end knowledge to answer Torq-specific questions. Another great feature is the Python script AI assistant, which has been really helpful because you can prompt it and it does it for you, as well as other micro-steps like Transform operators and the ability to run easy JQ commands to pull or separate specific data.
Torq's integrations are extremely easy, so any product you have in your tech stack is easily integratable; it takes a few steps, plug it in, and you are ready to go.
Torq has positively impacted our organization by saving a ton of time, especially on the GRC side of the business where we automate many emailing processes, such as sending out phishing tests to our employees. If they fail by clicking on the link, we notify all of them, so we have definitely seen a huge efficiency boost. We are targeting $600,000 saved this year in 2026, which is a substantial amount of money.
What needs improvement?
I wish Torq's AI assistant for building templated workflows from scratch worked better; when you start with a blank slate, asking AI to help you build or template the workflow out does not go well. Almost every single time I have tried to use it, I have had to delete it and start from scratch, so that would be the only piece of Torq I would mention. Additionally, I think it would be nice to have a direct connection between case management and automation instead of having to build out workflows to manage cases.
For how long have I used the solution?
I have been using Torq since we moved into production ready as of last November, so it has been about six or seven months.
How are customer service and support?
I have not run into any issues with customer support from Torq, which has been astronomically amazing. I have a great relationship with my CSM and my technical enablement engineer, so it has been really easy working in Torq and building, which is why it cannot be anything lower than that.
Which solution did I use previously and why did I switch?
We came from XSOAR, which I consider a very archaic platform, and Torq has exceeded expectations by delivering workflows in a timely and lower effort manner than XSOAR. XSOAR would have been a two; Torq is definitely a nine and a half, almost a ten. It meets all my needs, and I have not run into any issues.
Torq challenges we faced in our SOC that led to considering changes before implementing Torq were primarily due to the automation industry changing. Palo Alto's XSOAR simply did not meet our needs, and with our contract coming up, we performed an industry review and compared Torq with Tines and others. Ultimately, Torq proved to be superior with a much easier to interact with playbook builder compared to Tines , which felt complicated and convoluted.
We previously used Palo Alto XSOAR because it was slow, and our contract was up.
What was our ROI?
Torq calculation for the $600,000 in savings is very specific and based on the team's time. For example, we calculate that handling phishing cases takes about five minutes per case, but if Torq auto-closes it, we save more money because our analysts do not have to take time out of their day to review it. We do a per-minute price cost based on yearly salaries of whichever department we save time for, multiplying that by how long it would take to handle the specific use case, and then total it into an ROI table that we are holding in the workspace variables.
We have seen a return on investment, targeting a $600,000 ROI for the year. So far, from the start of our usage, we have saved around $200,000 to date. We aim not to eliminate jobs but to reduce mundane tasks through automation.
What's my experience with pricing, setup cost, and licensing?
My experience with Torq's pricing, setup cost, and licensing was good, but I did not deal with that too much; that was handled by my boss, and Torq's pricing came in very comparable to the other products we were looking at.
What other advice do I have?
I have not looked into Torq's AI capabilities regarding governance and security too much, so I do not have much to say on that.
Regarding Torq's AI capabilities, I trust more or less the accuracy and reliability of output. I have not done a whole lot with AI beyond using the AI chat agent and the AI script builders, but we are building out a HyperAgent for active threat hunting in our environment. This process involves pulling feeds using a Python script, which extracts artifacts from individual pages or feeds and injects them into the HyperAgent, allowing the HyperAgent to scan and identify if we are impacted by the feed, and then build a report or storyboard for us. I have not seen anything that indicates inaccuracy, so I trust the produced outputs so far.
Torq is deployed in our organization as a private cloud; we are not on-prem, and we utilize Torq's back-end or cloud instances.
Torq has changed the day-to-day experience for my security analysts, both in terms of workload and morale, by making the process easier.
Torq biggest feedback from my teammates is that going through each case is much easier because the case management layout in Torq is structured with a multi-pane window. You have all cases in the background, and when you pull up a case, it displays on the side for quick review and closure, so you are not opening up numerous tabs for each individual case. This makes life a lot easier, and my analysts really appreciate the UI aspects of Torq.
Torq value is realized instantaneously; the moment I started building and shipping out workflows from XSOAR, it became easier post go-live since I already knew how to build. Thus, the transition from XSOAR to Torq provided instant gratification.
We do not use Torq's Agentic AI at this moment in time.
There have not been any changes in the stress levels and focus of our SecOps staff due to using Torq's AI since our analysts engage the AI component of Torq very little. Torq's AI main usage is found on the back end by developers, including myself.
I would rate this review as a nine overall.
Automation platform has transformed user onboarding and manages daily workflows efficiently
What is our primary use case?
Initially, we were using Slack for small automations, such as creating pipelines or shutting down servers. For example, I could shut down one of our Angular services on one of our servers through a slash command in Slack. To automate this process, we migrated everything from Slack to Torq . Currently, we are in the migration phase, with most of it completed, though some portions are still pending.
We use Torq for identity management. For identity purposes, we create user accounts and have a workflow that creates a user account, adds that user into Slack, and grants Git access. This workflow handles user additions, deletions, and modifications related to identity, and it is working very well.
We are not using Torq extensively for security purposes, as we have limited use cases for security. However, we are using it for day-to-day activities and general automations, which are also working well.
What is most valuable?
Feature-wise, I appreciate the Torq UI because of its drag-and-drop functionality. Everything is drag-and-drop, and I can accomplish whatever I want to do directly without writing any code. In Slack, there are many things that require writing code and familiarity with automation tools, but Torq is no-code. This is very good compared to all other solutions I have seen.
The workload has been reduced quite a bit. Initially, onboarding a new user would take four or five hours for one person to create a user account everywhere, remember everything, and follow Confluence documentation. After implementing Torq, we only need to provide the name, user ID, and email, submit it, and then it creates everything. Almost four or five hours of work is now completed in four or five minutes. This represents a very good time saving.
What needs improvement?
I do not dislike anything about Torq because it has satisfied all of our use cases and requirements. We contacted support as well, and support is very good. I believe everything is good now. However, one thing I can mention is that if Torq provided more templates on the development side, that would be beneficial.
As of now, Torq satisfies our use cases. A template would be helpful for someone who does not know anything about Torq and is starting to use it for the first time. After conducting a POC on Torq, I can implement solutions without needing templates as much, but templates would serve as a reference for new users. For example, templates would show what is possible with Torq. We faced this issue when we were new to Torq. We were considering use cases but wondering whether they were possible with Torq. At that time, we asked support if it was possible, and they explained how to implement it. If there were default templates available, we could see the templates and understand what is possible and doable with Torq.
For how long have I used the solution?
I have used Torq for about one and a half year.
What do I think about the stability of the solution?
I have not faced any issues until now. Torq is working very well without any problems and no downtime. Whenever I access the Torq URL, it is working. This is very good.
There is no downtime at all. We have been using Torq for one and a half years, but we have experienced no downtime.
What do I think about the scalability of the solution?
Torq is very scalable. Whenever we require any new use cases, we simply need to create a new workflow. If we need to update something, we can update the workflow as well. Torq is fully scalable.
How are customer service and support?
The support team is very quick. Within 24 hours, they will send an email or come on a call if something is critical. Support is provided within 24 hours.
Which solution did I use previously and why did I switch?
We used Slack previously. I do not have experience with other tools. We used only Slack. However, Slack is used primarily for chatting and communication purposes in all organizations. While Slack is not similar to Torq, we were able to accomplish our automation through it somehow.
How was the initial setup?
The initial deployment was very easy. I did not face any issues. We purchased a SaaS product that is cloud-based, so there were no issues at all. The process was very straightforward with simple steps.
What about the implementation team?
At least one or two people are needed. One to two people are enough for this. It is a one-time setup where we create workflows based on our use cases. However, if we want to add more workflows, we need some support. For that purpose, one or two people who know Torq are more than enough.
What was our ROI?
After we created a workflow and tested it, we started using it, and the return was immediate. After creating the workflow, we were immediately getting results.
What's my experience with pricing, setup cost, and licensing?
The pricing is cheap. Although I did not purchase the product myself, my manager and others were discussing it. This is a very cheap product, and it is very helpful.
What other advice do I have?
I have been working for five years with experience in the IT field. Torq is very good. It manages everything. I would rate this product 10 out of 10.