Comprehensive Monitoring and Intelligence Log Analysis for Quick Troubleshooting
What do you like best about the product?
Very reliable in log collecting from any IT device and can correlate events for easy investigation during a security event. It’s comprehensive monitoring covers everything from server and network monitoring to real user experience.
What do you dislike about the product?
Due to the rich set of capabilities regarding, searching, transforming and visualizing data it’s sometimes takes time to find all the necessary commands.
What problems is the product solving and how is that benefiting you?
Threat hunting can be done effectively with the help of Torq and also it is providing the powerful threat incident response.
Have found automation to save analyst time but miss more accurate data classification
What is our primary use case?
I used Torq for conducting one of the proof of evaluations for a vendor we are connected with. I am currently working with Omnisoc, which provides SOC services for twenty-three other higher education institutions in the US. As part of vendor evaluations, we used Torq to differentiate between the manual workflow we had and the security automation provided with the Torq AI automation capability.
We have used it to differentiate between our manual workflow and the capability it brought us in creating playbooks for many of the detections we have had. In that scenario, although we are an education organization which deals with education-related logs, we should not have much exposure to the data held at different members. From our research and testing with the tool, we realized there have to be modifications and changes to train the LLM on the back end. It was able to capture data but was unable to differentiate between the agent hostname we are using and the hostname that resides on the back end of the Internet. It was unable to do that sort of classification. We concluded this tool would be more suitable for initial ticket management rather than security automation.
With the use of AI prompts, we were able to start with preparation of the tool through the last chain of niche, which is the remediation part. With the help of prompts, we were able to perform everything present on instant response plan.
How has it helped my organization?
As an analyst, it has demonstrated potential to reduce workforce requirements and time needed for related activities. This has been a significant improvement we have observed from our research with the tool.
What is most valuable?
As someone currently working as an analyst, I can say it has the potential to save significant time and manpower. The amount of workforce needed to perform Taiwan-related activities can be reduced. These are the major improvements we have seen from the research we have conducted with the tool.
What needs improvement?
From our research and testing with the tool, we determined there need to be modifications and changes to train the LLM on the back end. It was able to capture data but was unable to differentiate between the agent hostname we are using and the hostname that resides on the back end of the Internet. It was unable to do that sort of classification. We concluded this tool would be more suitable for initial ticket management rather than security automation.
Regarding data handling, I would give preference to Torq. For case management, Cortex and its dashboards prove more useful. Cortex and Palo's solutions do not have as much capability as Torq provides with the same tools. However, Torq's dashboards could be improved, especially on the case management side.
For how long have I used the solution?
I have been using the solution for the past four months.
How was the initial setup?
The platform team from our company handled the setup. They managed everything from product testing to deploying it to members. As SOC analysts, we only managed what we could do with the data present.
What about the implementation team?
The implementation was handled by a team of three people.
Which other solutions did I evaluate?
Regarding tools, OpenSearch is something I have examined, which is similar to Elasticsearch but provided by AWS. We are also planning to look at Fellows exam because we are seeking a partner who could provide both hardware and software capabilities. We wanted a vendor who could provide an all-in-one solution.
Elasticsearch and Splunk are the tools I have used most extensively. While I do not have direct experience with Sentinel's query language, I believe it is similar to the SPL used in Splunk.
What other advice do I have?
One of our members uses AWS, and we receive their feed. This involves triaging AWS-related logs. While I do not have direct work experience with it, I am familiar with AWS-related services and data-related logs, especially with cloud red logs.
I have conducted this evaluation for four months. Beyond that, I have experience with SIEM and vulnerability management. I have worked on integrations between our case management system and the incident management system in ServiceNow, which we moved to Torq.
I found it particularly intuitive to use, as my previous experience with no-code tools helped me adjust to this software more quickly than my peers. The solution could improve its notification capabilities on the member side, particularly in notifying multiple people.
Since working with the demo version of the product, most scenarios and testing data provided the required use cases and results we were seeking with Torq.
I rate Torq an 8 out of 10.
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Torq is a top automation platform for Security and IT teams
What do you like best about the product?
I like that it abstracts away a lot of the complicated parts of automation and makes it easy to quickly put together ideas and even formal automations.
What do you dislike about the product?
There are automation steps in the product that could be labelled or organized better.
What problems is the product solving and how is that benefiting you?
Torq is lowering the barrier to entry for our team to automate. Torq is great for experienced coders as well as entry level people that haven't learned how to code yet. Torq is a great way to get exposure to the programming mindset and paradigms.
Limitless Simplicity
What do you like best about the product?
In a world where the universe of cybersecurity tools never stops growing, Torq offers relief amidst so much new material to internalize. Easy to implement, easy to use, with an incredible team behind it to support you with whatever you need, Torq has become our favorite tool and the first one we think of when we need to develop custom integrations.
What do you dislike about the product?
We have encountered errors that are often resolved by updating the steps according to the new information available in the tools, which sometimes have presented this kind of problem. Other than that, my experience has been impeccable, because as I mentioned, the fantastic team behind the tool makes encountering these types of 'problems' become just a simple anecdote
What problems is the product solving and how is that benefiting you?
- Alert analysis
- Indicator analysis
- Automated blocking based on findings
Great tool for automation and reduce SOC burnouts!
What do you like best about the product?
Easy to setup automation workflows, lots of build-ins integration and the ability to custom add in house applications and APIs
One of the best customer support in the industry, fast and professional!
What do you dislike about the product?
Can take a while to learn how to use all the build-in tools and build a workflow fit for your needs.
But once you learn, it's a powerful tool to have!
What problems is the product solving and how is that benefiting you?
Automation enrichments and extra checks for every security event in the case management system,
Contacts users for extra information base of the events, send emails or activates API in SecOps systems.
Great tool and amazing support
What do you like best about the product?
Its super easy to create a quick workflow to manage some business specific requirements. We've created workflows that run every minute with some intense processing and torq just handles everything perfectly.
The support from the company is also amazing
What do you dislike about the product?
Still needs to improve a bit the overall management. Workflow editor is great, but some other features outside of it may need some love as well. Sometimes its hard to find where custom steps are being used for example.
What problems is the product solving and how is that benefiting you?
Torq helps us automation a lot of our logic, including heavy operations we run every minute
Hyperautomation is no exaggeration
What do you like best about the product?
We have received consistent, excellent support from Torq at every stage. Even now that we're fully set up, we have a dedicated team that I know we can rely on anytime that we're running into bumps in the road. Workflows execute without issue, quickly, and the platform is super intuitive
What do you dislike about the product?
My ONLY piece of critical feedback revolves around the integrated AI agent. It does a decent job at reccomending workflows, but the steps seem to run into issues when actually executing
What problems is the product solving and how is that benefiting you?
Torq helps solve for repetitive workloads in our day to day, we get time back by being able to spend an hour once to automate a task instead of spending an hour per day handling it
Torq is a game changer!
What do you like best about the product?
Torq has been a game changer in our team! We have automated so many of our workflows. It brings peace of mind knowing we have mechanisms in place that keep our organization secure because Torq is on top of everything. It's easy to use, and implement in our everyday work. Customer support has also been incredible, and Alberto has always been there with his incredible experience to guide us when we find problems that seem impossible to solve. Even though I'm a security engineer I come from a very different background (visual arts), and I never had a lot of experience with programming, but Torq is helping me learn the programming logic necessary to solve problems, and has changed how I think about many things. I've been using it more and more frequently lately because as I'm gaining experience I'm also pushing the boundaries of my knowledge and doing new things every week. Now I want to automate everything! It not only has made us more productive, it has also changed my mindset, and I'll bring that with me everywhere I go :)
What do you dislike about the product?
I know some senior colleagues have found bugs but honestly I haven't found any yet because I'm not as experienced using the tool yet.
What problems is the product solving and how is that benefiting you?
Automating the boring/dull tasks, improving our cloud security posture, doing the brunt work of incident response and allowing us to manage incidents not only from a distance but also, largely, from our phones when we're out and about.
Torq's Flexibility Streamlines Significant Time Savings in SOC
What do you like best about the product?
The amount of time that has been saved due to the flexibility in the automation workflows that can be created. The dashboard for presenting the current cases is intuitive and easy to navigate.
What do you dislike about the product?
As an end-user I do not have many valid dislikes with the platform. Sometimes the auto refresh for the dashboards does not complete and "ghost" cases can appear in the queue while they are being processed before they are auto resolved/closed. These are both small UI issues that overall do not significantly impact the usability.
What problems is the product solving and how is that benefiting you?
Torq has made a significant improvement in cutting down the repetitive tasks that used to plague a majority of our SOC shifts.
Torq: how enchancing security operations with seamless automation
What do you like best about the product?
What I like best about Torq is its no-code automation capabilities, which allow us to streamline not only security workflows in our SOC but also any process that requires automation. It’s incredibly easy to integrate with various tools, and we can create workflows in minutes. The intuitive interface, combined with its flexibility and scalability, makes it a valuable asset for any organization looking to optimize its operations and reduce manual effort.
What do you dislike about the product?
There isn’t anything I particularly dislike about Torq. It has been a reliable and efficient automation platform for our needs. If anything, I would love to see even more integrations and advanced customization options to further enhance workflow automation.
What problems is the product solving and how is that benefiting you?
Torq is helping us automate complex workflows, reducing manual effort and response times in our SOC and other operational processes. By seamlessly integrating with our security tools, it enhances incident response efficiency and ensures faster threat mitigation. Additionally, its no-code approach allows us to create and deploy automation in minutes, improving overall productivity and allowing our team to focus on higher-value tasks.
