Have found automation to save analyst time but miss more accurate data classification
What is our primary use case?
I used Torq for conducting one of the proof of evaluations for a vendor we are connected with. I am currently working with Omnisoc, which provides SOC services for twenty-three other higher education institutions in the US. As part of vendor evaluations, we used Torq to differentiate between the manual workflow we had and the security automation provided with the Torq AI automation capability.
We have used it to differentiate between our manual workflow and the capability it brought us in creating playbooks for many of the detections we have had. In that scenario, although we are an education organization which deals with education-related logs, we should not have much exposure to the data held at different members. From our research and testing with the tool, we realized there have to be modifications and changes to train the LLM on the back end. It was able to capture data but was unable to differentiate between the agent hostname we are using and the hostname that resides on the back end of the Internet. It was unable to do that sort of classification. We concluded this tool would be more suitable for initial ticket management rather than security automation.
With the use of AI prompts, we were able to start with preparation of the tool through the last chain of niche, which is the remediation part. With the help of prompts, we were able to perform everything present on instant response plan.
How has it helped my organization?
As an analyst, it has demonstrated potential to reduce workforce requirements and time needed for related activities. This has been a significant improvement we have observed from our research with the tool.
What is most valuable?
As someone currently working as an analyst, I can say it has the potential to save significant time and manpower. The amount of workforce needed to perform Taiwan-related activities can be reduced. These are the major improvements we have seen from the research we have conducted with the tool.
What needs improvement?
From our research and testing with the tool, we determined there need to be modifications and changes to train the LLM on the back end. It was able to capture data but was unable to differentiate between the agent hostname we are using and the hostname that resides on the back end of the Internet. It was unable to do that sort of classification. We concluded this tool would be more suitable for initial ticket management rather than security automation.
Regarding data handling, I would give preference to Torq. For case management, Cortex and its dashboards prove more useful. Cortex and Palo's solutions do not have as much capability as Torq provides with the same tools. However, Torq's dashboards could be improved, especially on the case management side.
For how long have I used the solution?
I have been using the solution for the past four months.
How was the initial setup?
The platform team from our company handled the setup. They managed everything from product testing to deploying it to members. As SOC analysts, we only managed what we could do with the data present.
What about the implementation team?
The implementation was handled by a team of three people.
Which other solutions did I evaluate?
Regarding tools, OpenSearch is something I have examined, which is similar to Elasticsearch but provided by AWS. We are also planning to look at Fellows exam because we are seeking a partner who could provide both hardware and software capabilities. We wanted a vendor who could provide an all-in-one solution.
Elasticsearch and Splunk are the tools I have used most extensively. While I do not have direct experience with Sentinel's query language, I believe it is similar to the SPL used in Splunk.
What other advice do I have?
One of our members uses AWS, and we receive their feed. This involves triaging AWS-related logs. While I do not have direct work experience with it, I am familiar with AWS-related services and data-related logs, especially with cloud red logs.
I have conducted this evaluation for four months. Beyond that, I have experience with SIEM and vulnerability management. I have worked on integrations between our case management system and the incident management system in ServiceNow, which we moved to Torq.
I found it particularly intuitive to use, as my previous experience with no-code tools helped me adjust to this software more quickly than my peers. The solution could improve its notification capabilities on the member side, particularly in notifying multiple people.
Since working with the demo version of the product, most scenarios and testing data provided the required use cases and results we were seeking with Torq.
I rate Torq an 8 out of 10.
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Great tool and amazing support
What do you like best about the product?
Its super easy to create a quick workflow to manage some business specific requirements. We've created workflows that run every minute with some intense processing and torq just handles everything perfectly.
The support from the company is also amazing
What do you dislike about the product?
Still needs to improve a bit the overall management. Workflow editor is great, but some other features outside of it may need some love as well. Sometimes its hard to find where custom steps are being used for example.
What problems is the product solving and how is that benefiting you?
Torq helps us automation a lot of our logic, including heavy operations we run every minute
Torq's Flexibility Streamlines Significant Time Savings in SOC
What do you like best about the product?
The amount of time that has been saved due to the flexibility in the automation workflows that can be created. The dashboard for presenting the current cases is intuitive and easy to navigate.
What do you dislike about the product?
As an end-user I do not have many valid dislikes with the platform. Sometimes the auto refresh for the dashboards does not complete and "ghost" cases can appear in the queue while they are being processed before they are auto resolved/closed. These are both small UI issues that overall do not significantly impact the usability.
What problems is the product solving and how is that benefiting you?
Torq has made a significant improvement in cutting down the repetitive tasks that used to plague a majority of our SOC shifts.
Overall extremely positive experience
What do you like best about the product?
It's easy to set up workflows, integrations, and manage everything. Customer support is very responsive and helpful and I'm always able to contact our dedicated team if anything is urgent and needs attention immediately.
What do you dislike about the product?
I would like a better way to group similar cases together rather than having to link them all together using link cases, as this is not transitive. If I link case A and case B then link case B and case C, case A and C are not associated directly. I would like to have a way of either creating an "incident" that contains multiple cases, or create a "web link" of sorts where anything within this web link is associated with everything else in the web.
What problems is the product solving and how is that benefiting you?
It allows us to aggregate all of our clients and all of their tools into a single pane of glass and run automations based on normalized data that we've configured from each tool.
Torq - the bleeding edge replacing your SOAR.
What do you like best about the product?
Willingness to help in the good times and the bad. If something isn't working, the team will find a way to acheive the desired outcome.
What do you dislike about the product?
Hiccups due to living on GCP, but those hiccups are now a thing of the past. All is well!!!
What problems is the product solving and how is that benefiting you?
Reducing manual efforts, tremedously helping with automation.
Our hyper automation journey
What do you like best about the product?
Torq streamlined and automated security workflow enhancing efficiency and reducing response times by eliminating manual tasks and intergrating seemlessly with existing systems.
What do you dislike about the product?
Torq hyper-automation cybersecurity tool designed to streamline security operatoins. A limitation is the potential complexity of setupand intergration in enviroments iwht highly customized legacy systems.
What problems is the product solving and how is that benefiting you?
Torq has automated response workflows, ensuring faster more accurate handling of threats. Automating repetivite tasks and freeing up resources for strategic activties. Automates access reviews, privilege assighments, and revocations. Strengthens compliance.
Torq has enabled us to provide more value while reducing metrics.
What do you like best about the product?
As a SOC analyst, Torq has been a game-changer for us. The AI Workflow Builder simplifies setting up workflows by describing what you want rather than starting with templates. Similarly with data transformation you are able to describe the output you want and you're provided with the equivalent JQ commands.
Overall, Torq's AI tools have made our work more efficient and let us focus on the important stuff.
What do you dislike about the product?
I can't say there is much I've found to dislike. The team is responsive and helpful and are constantly making improvements.
What problems is the product solving and how is that benefiting you?
Enrichment of alerts, automation of workflows, reducing budget and allowing analyts to focus on what matters.
Torq's
What do you like best about the product?
Torq's AI capabilities provide large time saving opportunities in development and when utilized in production. Recently their addition of the transform AI tool has been a huge help, so I no longer have to crawl the JQ documentation to deal with transforming JSON data. I can simply write a plain text prompt and have Torq figure out the rest. I also frequently utilize the AI prompter as a starting point for new workflows in torq. They allow you to prompt their generative AI with the basic outline of a workflow and for basic workflows it can complete it itself or more complex ones it can build the template for you.
In production I have seen their new Socrates AI analyst autonomously execute playbooks, write summaries, and escalate cases.
What do you dislike about the product?
My main pain point with torq has been the lack of a git-like version control system. Which can become problematic when publish sends workflows straight into production. The Torq team has helped us development a work around where workflows require approval to be published, but there is no easy way to follow any gitflow convention such as having feature branches and a main branch.
What problems is the product solving and how is that benefiting you?
Torq has helped us consolidate all of our security tools into one place and removed the amount of windows an analyst has to click through to work a singular alert.
AI-driven hyperautomation platform
What do you like best about the product?
Detailed documentation, user-friendly, Different workspaces.
What do you dislike about the product?
It could be beneficial to include additional integration steps, as i often find myself defining custom steps but it's not a big issue.
What problems is the product solving and how is that benefiting you?
I have automated redundant threat intelligence tasks with torq by designing workflows which gets triggered by our on-prem SIEM using step runner which is great as torq is SaaS based solution.
Super-Incredible, Robust, Futuristic And Advanced Automation Platform.
What do you like best about the product?
For the past 5 years i have been using Torq and to be sincere it has really been of great help. It impresses me with its great and exceptional performance, reliability and minimal bugs thus making it a standout tool for daily use.
It is the best and most secure platform to install for your organization's data security as it automates all the functionality of an organization security requirements. Additionally, Torq is cost friendly which makes it affordable.
What do you dislike about the product?
One of the challenges is that Torq has a steep learning curve so it can be a bit confusing for new beginners. In fact, it requires users to be well-trained on how to use it.
What problems is the product solving and how is that benefiting you?
I like how Torq responds quickly to any threat to ensure no damage occur on your data in case of a cyber attack. Also, it has the ability to connect with other third-party applications and stacks with much ease.
