Sign in
Sign in
or
Create a new account
Agent Mode
Categories
Your Saved List Become a Channel Partner Sell in AWS Marketplace Amazon Web Services Home Help

Torq HyperSOC™

Torq

Reviews from AWS customer

1 AWS reviews
  • 5 star
    0
  • 4 star
    1
  • 3 star
    0
  • 2 star
    0
  • 1 star
    0

External reviews

152 reviews
from and

External reviews are not included in the AWS star rating for the product.

4-star reviews ( Show all reviews )

    reviewer2767650

Have found automation to save analyst time but miss more accurate data classification

  • October 22, 2025
  • Review from a verified AWS customer

What is our primary use case?

I used Torq for conducting one of the proof of evaluations for a vendor we are connected with. I am currently working with Omnisoc, which provides SOC services for twenty-three other higher education institutions in the US. As part of vendor evaluations, we used Torq to differentiate between the manual workflow we had and the security automation provided with the Torq AI automation capability.

We have used it to differentiate between our manual workflow and the capability it brought us in creating playbooks for many of the detections we have had. In that scenario, although we are an education organization which deals with education-related logs, we should not have much exposure to the data held at different members. From our research and testing with the tool, we realized there have to be modifications and changes to train the LLM on the back end. It was able to capture data but was unable to differentiate between the agent hostname we are using and the hostname that resides on the back end of the Internet. It was unable to do that sort of classification. We concluded this tool would be more suitable for initial ticket management rather than security automation.

With the use of AI prompts, we were able to start with preparation of the tool through the last chain of niche, which is the remediation part. With the help of prompts, we were able to perform everything present on instant response plan.

How has it helped my organization?

As an analyst, it has demonstrated potential to reduce workforce requirements and time needed for related activities. This has been a significant improvement we have observed from our research with the tool.

What is most valuable?

As someone currently working as an analyst, I can say it has the potential to save significant time and manpower. The amount of workforce needed to perform Taiwan-related activities can be reduced. These are the major improvements we have seen from the research we have conducted with the tool.

What needs improvement?

From our research and testing with the tool, we determined there need to be modifications and changes to train the LLM on the back end. It was able to capture data but was unable to differentiate between the agent hostname we are using and the hostname that resides on the back end of the Internet. It was unable to do that sort of classification. We concluded this tool would be more suitable for initial ticket management rather than security automation.

Regarding data handling, I would give preference to Torq. For case management, Cortex and its dashboards prove more useful. Cortex and Palo's solutions do not have as much capability as Torq provides with the same tools. However, Torq's dashboards could be improved, especially on the case management side.

For how long have I used the solution?

I have been using the solution for the past four months.

How was the initial setup?

The platform team from our company handled the setup. They managed everything from product testing to deploying it to members. As SOC analysts, we only managed what we could do with the data present.

What about the implementation team?

The implementation was handled by a team of three people.

Which other solutions did I evaluate?

Regarding tools, OpenSearch is something I have examined, which is similar to Elasticsearch but provided by AWS. We are also planning to look at Fellows exam because we are seeking a partner who could provide both hardware and software capabilities. We wanted a vendor who could provide an all-in-one solution.

Elasticsearch and Splunk are the tools I have used most extensively. While I do not have direct experience with Sentinel's query language, I believe it is similar to the SPL used in Splunk.

What other advice do I have?

One of our members uses AWS, and we receive their feed. This involves triaging AWS-related logs. While I do not have direct work experience with it, I am familiar with AWS-related services and data-related logs, especially with cloud red logs.

I have conducted this evaluation for four months. Beyond that, I have experience with SIEM and vulnerability management. I have worked on integrations between our case management system and the incident management system in ServiceNow, which we moved to Torq.

I found it particularly intuitive to use, as my previous experience with no-code tools helped me adjust to this software more quickly than my peers. The solution could improve its notification capabilities on the member side, particularly in notifying multiple people.

Since working with the demo version of the product, most scenarios and testing data provided the required use cases and results we were seeking with Torq.

I rate Torq an 8 out of 10.

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)

showing 1 - 1