Overview

Product video
Torq is the AI SOC platform that combines agentic insights and automation so that enterprises can triage, investigate, and respond to actual risks, faster. Torq streamlines every step from alert through resolution, expanding capacity and throughput. First, Torq ingests and normalizes telemetry from across your security stack, preparing the data for agentic reasoning at scale. Auto Triage filters out noise and prioritizes actual threats. Next, cases are automatically opened and assigned to highly specialized AI agents designed for investigation and response. Using tools and actions you specify, they gather evidence, assemble timelines, and transparently record decisions and authorized actions. Your team is in complete control. With Torq, your SOC delivers more results, more efficiently, from triage through remediation.
Highlights
- Eliminates alert fatigue - Torq's AI SOC platform integrates with AWS security tools to provide a unified view of security cases that prioritizes urgent threats to help decrease mean-time-to-response (MTTR).
- Ends tech sprawl - Torq's AI SOC platform addresses tech sprawl with integrations across the entire security stack. Now security teams can overcome the challenges posed by complex multi-cloud environments and evolving security threats.
- Addresses talent shortage- Torq's AI SOC platform capabilities enable security teams to achieve more with fewer resources, reducing the need for manual tasks. Pre-built integrations with AWS services automate complex processes, empowering less experienced analysts, and improving overall productivity.
Details
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Buyer guide

Financing for AWS Marketplace purchases
Pricing
Dimension | Description | Cost/12 months |
|---|---|---|
Torq Essential | Essential Plan | $450,000.00 |
Torq Enterprise | Enterprise Plan | $450,000.00 |
Torq Elite | Elite Plan | $450,000.00 |
Vendor refund policy
Please contact us at sales@torq.io
How can we make this page better?
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
https://support.torq.io support@torq.io . By purchasing, deploying, accessing, or using this product, you agree to comply with the AWS Marketplace Standard EULA, and the terms of applicable open source software licenses bundled with the product. In addition, if you elect to use any artificial intelligence (AI) features made available by Torq as part of the product, the Torq AI Terms shall govern your use thereof. Pursuant with the Data Processing Addendum, you authorize the engagement of the sub processors listed at: https://torq.io/legal/subprocessors/ , as may be updated by Torq from time to time.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

Standard contract
Customer reviews
AI-driven automation has transformed incident response speed and boosted analyst confidence
What is our primary use case?
For Torq , first of all, it's a hyperautomation and AI assistant usage. Our EDR SentinelOne is integrated in Torq and besides the vendor itself having hyperautomation abilities, Torq helps me to analyze incidents and to respond to incidents more quickly and more efficiently.
Torq's AI SOC automation case management is much faster and more efficient compared to the manual tools I have used before. Torq is an ideal assistant for AI SOC in automation challenges.
Torq changed the day-to-day experience for my security analysts. They are more confident and can test more approaches in the security operation center every day as workflows and routine.
What is most valuable?
I rely on Torq's AI assistant in most of my incident response and in building right and less complex workflows for automation.
Torq helped me also in some infrastructure and ticketing challenges, for example, to organize the ticketing system in our company, but I am still in a process of learning about Torq and realizing different scenarios using Torq.
The most valuable feature of Torq is hyperautomation and AI assistant because the quality of speed and recommendation from the AI assistant is really high. Another outstanding feature is that you don't need to write code. There is a library of prepared scripts or JSON scripts which can be right and adapted. You can face quite complex challenges without a programming background and can successfully solve these issues and challenges.
Torq's no-code library helps me to be more efficient and respond to incidents more flexibly. The support of the AI assistant makes my actions more efficient and quicker.
What needs improvement?
The only thing is more out-of-the-box integrations. Torq already has a lot of supported integrations and adding new ones is not difficult, but for some customers, it's easier to have a plug and play interface to start onboarding.
We didn't evaluate other options because we tested Torq and we liked it.
At this stage, I have no additional suggestions. I will update my review several months later and maybe then I will have some suggestions to prove and to what in addition I would like to see in the solution.
I can't evaluate Torq's agentic AI, but I think in my next review, I can provide more information.
For how long have I used the solution?
I have been using Torq for the last six months.
What do I think about the stability of the solution?
I haven't experienced any downtime or technical issues while running the platform.
What do I think about the scalability of the solution?
Torq can handle growth and increase easily without any downtime or lack of service.
How are customer service and support?
Customer support is responsive and helpful, but most of my questions were more how-to questions.
Which solution did I use previously and why did I switch?
I used online SIEMs with integrated SOARs, not online but on-premises, and we switched because it was too slow and too inefficient to use.
How was the initial setup?
From my point of view, Torq has excellent documentation and a support portal. You can find literally everything on the support portal. There are visual manuals and quite simple instructions for onboarding and for every use case you can imagine in your infrastructure.
My advice would be to test Torq in your environment, ask as many questions as possible during POC and refer to documentation in cases you feel not confident about your new solution.
What about the implementation team?
At this stage, we are just customers of Torq.
What was our ROI?
Regarding Torq's pricing and license costs, as long as our existing team started to work more efficiently and quicker, I think we have quite a return of investment and we suppose to add more security management center tools. The return of investment is also the money we saved not adding another security tool. For me and for our security stack, it's about 30% return on investment.
What's my experience with pricing, setup cost, and licensing?
Torq is a standalone solution from Torq providers.
Which other solutions did I evaluate?
We didn't evaluate other options because we tested Torq and we liked it.
What other advice do I have?
I think I have told everything about Torq that I can share at this stage, but I am still in the process of learning the platform and I still think that there are many more features which can be adapted and can be used inside the company.
According to positive outcomes, Torq reduced manual work and made incident response more efficient. From Torq workflows, I learn much more about my company ecosystem. This also reflects on the defensive side of the company. I see the gaps that I had according to incidents and I can fix and address the gaps relying on knowledge I get from automation results.
I think the speed of work increased minimum by 50%, but I think with more automation and more optimization, we can make this result much better.
The easiness of integration, good quality of support and good quality of documentation make this product easy to work with. From what I see, the vendor itself is oriented on improvement, which means that they will not stop at the level they reached by now.
I am quite confident in Torq because I have checked, for example, compliance to ISO 27001 and this is the most relevant standard here in Georgia. I trust in Torq and I trust in the security compliance the platform provides.
Torq's AI recommendations are consistently helpful. There was no case when the system provided me with a false recommendation or inaccurate response.
Alert fatigue is something I would like Torq to help me address.
My overall rating for this review is 10.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Automation has streamlined incident handling and AI now summarizes and responds to threats
What is our primary use case?
What is most valuable?
In my opinion, the best features Torq offers are ease of navigation and good AI usage as Socrates. There are different stages of the incident when it comes into the queue, and we could easily navigate to the sections that we would want to update and work on. That is how it brings a lot of customization to the incidents navigation and all other stages of the incident. The good usage of AI is regarding Socrates, the AI that summarizes and can respond to the threats or the incidents on its own when it's assigned to the incident. Those are two of the strongest points of Torq.
Torq is good in the reporting structure and showing metrics to the leadership. I think Torq plays a good role in that sense.
What needs improvement?
Torq can probably use more ML and look at what can be closed and what cannot be closed in terms of data classification. In terms of auto closure of incidents, it can do better when it uses ML. I choose that number because it's a great SOAR tool. It's not one of those existing SOAR platforms or just a pure SOAR. It has good incident handling, good UI, and a good user-friendly environment, but it can also improve its automation workbooks, work plans, and usage of ML to better cater to the market or consumers.
For how long have I used the solution?
I have used Torq for five months.
What do I think about the stability of the solution?
I did not see it buffer, take a lot of time to load, or be unresponsive. I haven't seen those issues in Torq. I think that's a good experience.
What do I think about the scalability of the solution?
If scalability is rated out of ten, I would rate it seven out of ten.
Which solution did I use previously and why did I switch?
It was Demisto XSOAR, and we shifted because we needed a more user-friendly SOAR platform.
How was the initial setup?
I would just make sure to replace the old or the previous solution with Torq point by point. If that is good, I think everything else will be taken care of.
What about the implementation team?
We were just consumers.
What was our ROI?
I can share the time saved from my work alone and cannot disclose or specify any other employees. I saved nearly roughly about ten hours of my time while I was working in Torq because it's much better than the previous tool.
Which other solutions did I evaluate?
I have heard Hyper Automate is pretty user-friendly and has less coding compared to other leaders in the market or other players in the market. Its drag and drop tasks or work plan building is what I heard.
What other advice do I have?
We have seen fewer failures of automations from the time Torq came into the picture. We've had a more streamlined process of handling incidents, and at the same time, we've learned to embed the AI into our incident types, and that is how it has helped us in the automation. I think Torq can really integrate other tools within the case management platform, and it can make the work a little more efficient. I would rate this review eight out of ten.
Automation has transformed phishing response and routine workflows while AI now accelerates case handling
What is our primary use case?
My main use case for Torq is automation, specifically automating processes that the business considers redundant, mundane, and busy work items, along with other significant automation opportunities like phishing cases, typosquatting, leaked credentials, and double-checking, so there are numerous different use cases.
One specific example of an automation I have set up with Torq is phishing analysis. Torq workflow that handles phishing cases essentially closes out 60%, meaning only 40% of all phishing cases that come to our team need to be reviewed because the automation can close out the other 60%. If my team had to look at every single email, it would consume a lot of time, so it saves a lot of time.
What is most valuable?
Torq's best features include the AI components within the platform, specifically the ability to have an AI helping assistant while you are working in the platform itself, which is extremely convenient. You can ask it any type of question and it gives me an answer that I can work with or is the actual answer because it has Torq's back-end knowledge to answer Torq-specific questions. Another great feature is the Python script AI assistant, which has been really helpful because you can prompt it and it does it for you, as well as other micro-steps like Transform operators and the ability to run easy JQ commands to pull or separate specific data.
Torq's integrations are extremely easy, so any product you have in your tech stack is easily integratable; it takes a few steps, plug it in, and you are ready to go.
Torq has positively impacted our organization by saving a ton of time, especially on the GRC side of the business where we automate many emailing processes, such as sending out phishing tests to our employees. If they fail by clicking on the link, we notify all of them, so we have definitely seen a huge efficiency boost. We are targeting $600,000 saved this year in 2026, which is a substantial amount of money.
What needs improvement?
I wish Torq's AI assistant for building templated workflows from scratch worked better; when you start with a blank slate, asking AI to help you build or template the workflow out does not go well. Almost every single time I have tried to use it, I have had to delete it and start from scratch, so that would be the only piece of Torq I would mention. Additionally, I think it would be nice to have a direct connection between case management and automation instead of having to build out workflows to manage cases.
For how long have I used the solution?
I have been using Torq since we moved into production ready as of last November, so it has been about six or seven months.
How are customer service and support?
I have not run into any issues with customer support from Torq, which has been astronomically amazing. I have a great relationship with my CSM and my technical enablement engineer, so it has been really easy working in Torq and building, which is why it cannot be anything lower than that.
Which solution did I use previously and why did I switch?
We came from XSOAR, which I consider a very archaic platform, and Torq has exceeded expectations by delivering workflows in a timely and lower effort manner than XSOAR. XSOAR would have been a two; Torq is definitely a nine and a half, almost a ten. It meets all my needs, and I have not run into any issues.
Torq challenges we faced in our SOC that led to considering changes before implementing Torq were primarily due to the automation industry changing. Palo Alto's XSOAR simply did not meet our needs, and with our contract coming up, we performed an industry review and compared Torq with Tines and others. Ultimately, Torq proved to be superior with a much easier to interact with playbook builder compared to Tines , which felt complicated and convoluted.
We previously used Palo Alto XSOAR because it was slow, and our contract was up.
What was our ROI?
Torq calculation for the $600,000 in savings is very specific and based on the team's time. For example, we calculate that handling phishing cases takes about five minutes per case, but if Torq auto-closes it, we save more money because our analysts do not have to take time out of their day to review it. We do a per-minute price cost based on yearly salaries of whichever department we save time for, multiplying that by how long it would take to handle the specific use case, and then total it into an ROI table that we are holding in the workspace variables.
We have seen a return on investment, targeting a $600,000 ROI for the year. So far, from the start of our usage, we have saved around $200,000 to date. We aim not to eliminate jobs but to reduce mundane tasks through automation.
What's my experience with pricing, setup cost, and licensing?
My experience with Torq's pricing, setup cost, and licensing was good, but I did not deal with that too much; that was handled by my boss, and Torq's pricing came in very comparable to the other products we were looking at.
What other advice do I have?
I have not looked into Torq's AI capabilities regarding governance and security too much, so I do not have much to say on that.
Regarding Torq's AI capabilities, I trust more or less the accuracy and reliability of output. I have not done a whole lot with AI beyond using the AI chat agent and the AI script builders, but we are building out a HyperAgent for active threat hunting in our environment. This process involves pulling feeds using a Python script, which extracts artifacts from individual pages or feeds and injects them into the HyperAgent, allowing the HyperAgent to scan and identify if we are impacted by the feed, and then build a report or storyboard for us. I have not seen anything that indicates inaccuracy, so I trust the produced outputs so far.
Torq is deployed in our organization as a private cloud; we are not on-prem, and we utilize Torq's back-end or cloud instances.
Torq has changed the day-to-day experience for my security analysts, both in terms of workload and morale, by making the process easier.
Torq biggest feedback from my teammates is that going through each case is much easier because the case management layout in Torq is structured with a multi-pane window. You have all cases in the background, and when you pull up a case, it displays on the side for quick review and closure, so you are not opening up numerous tabs for each individual case. This makes life a lot easier, and my analysts really appreciate the UI aspects of Torq.
Torq value is realized instantaneously; the moment I started building and shipping out workflows from XSOAR, it became easier post go-live since I already knew how to build. Thus, the transition from XSOAR to Torq provided instant gratification.
We do not use Torq's Agentic AI at this moment in time.
There have not been any changes in the stress levels and focus of our SecOps staff due to using Torq's AI since our analysts engage the AI component of Torq very little. Torq's AI main usage is found on the back end by developers, including myself.
I would rate this review as a nine overall.
Automation platform has transformed user onboarding and manages daily workflows efficiently
What is our primary use case?
Initially, we were using Slack for small automations, such as creating pipelines or shutting down servers. For example, I could shut down one of our Angular services on one of our servers through a slash command in Slack. To automate this process, we migrated everything from Slack to Torq . Currently, we are in the migration phase, with most of it completed, though some portions are still pending.
We use Torq for identity management. For identity purposes, we create user accounts and have a workflow that creates a user account, adds that user into Slack, and grants Git access. This workflow handles user additions, deletions, and modifications related to identity, and it is working very well.
We are not using Torq extensively for security purposes, as we have limited use cases for security. However, we are using it for day-to-day activities and general automations, which are also working well.
What is most valuable?
Feature-wise, I appreciate the Torq UI because of its drag-and-drop functionality. Everything is drag-and-drop, and I can accomplish whatever I want to do directly without writing any code. In Slack, there are many things that require writing code and familiarity with automation tools, but Torq is no-code. This is very good compared to all other solutions I have seen.
The workload has been reduced quite a bit. Initially, onboarding a new user would take four or five hours for one person to create a user account everywhere, remember everything, and follow Confluence documentation. After implementing Torq, we only need to provide the name, user ID, and email, submit it, and then it creates everything. Almost four or five hours of work is now completed in four or five minutes. This represents a very good time saving.
What needs improvement?
I do not dislike anything about Torq because it has satisfied all of our use cases and requirements. We contacted support as well, and support is very good. I believe everything is good now. However, one thing I can mention is that if Torq provided more templates on the development side, that would be beneficial.
As of now, Torq satisfies our use cases. A template would be helpful for someone who does not know anything about Torq and is starting to use it for the first time. After conducting a POC on Torq, I can implement solutions without needing templates as much, but templates would serve as a reference for new users. For example, templates would show what is possible with Torq. We faced this issue when we were new to Torq. We were considering use cases but wondering whether they were possible with Torq. At that time, we asked support if it was possible, and they explained how to implement it. If there were default templates available, we could see the templates and understand what is possible and doable with Torq.
For how long have I used the solution?
I have used Torq for about one and a half year.
What do I think about the stability of the solution?
I have not faced any issues until now. Torq is working very well without any problems and no downtime. Whenever I access the Torq URL, it is working. This is very good.
There is no downtime at all. We have been using Torq for one and a half years, but we have experienced no downtime.
What do I think about the scalability of the solution?
Torq is very scalable. Whenever we require any new use cases, we simply need to create a new workflow. If we need to update something, we can update the workflow as well. Torq is fully scalable.
How are customer service and support?
The support team is very quick. Within 24 hours, they will send an email or come on a call if something is critical. Support is provided within 24 hours.
Which solution did I use previously and why did I switch?
We used Slack previously. I do not have experience with other tools. We used only Slack. However, Slack is used primarily for chatting and communication purposes in all organizations. While Slack is not similar to Torq, we were able to accomplish our automation through it somehow.
How was the initial setup?
The initial deployment was very easy. I did not face any issues. We purchased a SaaS product that is cloud-based, so there were no issues at all. The process was very straightforward with simple steps.
What about the implementation team?
At least one or two people are needed. One to two people are enough for this. It is a one-time setup where we create workflows based on our use cases. However, if we want to add more workflows, we need some support. For that purpose, one or two people who know Torq are more than enough.
What was our ROI?
After we created a workflow and tested it, we started using it, and the return was immediate. After creating the workflow, we were immediately getting results.
What's my experience with pricing, setup cost, and licensing?
The pricing is cheap. Although I did not purchase the product myself, my manager and others were discussing it. This is a very cheap product, and it is very helpful.
What other advice do I have?
I have been working for five years with experience in the IT field. Torq is very good. It manages everything. I would rate this product 10 out of 10.
Modern automation has transformed alert triage and now unifies incident handling for analysts
What is our primary use case?
As MSSPs, we serve our customers using Torq , and I work as a consultant in an MSSP that uses Torq as our main SOAR platform for our SOC.
Our usual use cases for Torq involve a variable amount of scenarios. We use it for fast automation building, as the automation building capability in Torq is low-code and quick with less scripting involved. This enables faster Tier 1 SOC automation, so all Level 1 analyst work is eliminated with Torq.
Our other use case centers on its cloud-native architecture. Torq makes use of API-first integrations and event-driven workflows with AI-assisted triage and response capabilities. It can be integrated with different multi-cloud vendors as well as other SaaS stacks, other MDR, and MSSP operations. Integration with cloud technologies is very straightforward.
Regarding Torq's automation of triage, investigation, and remediation actions across multiple attack surfaces, the data ingestion pipeline and workflow are excellent. Torq ingests alerts from a SIEM , EDR, CSPM, IAM , email, ASM, and other sources. It then performs normalization and enrichment. The third phase involves correlation across services, correlating data between different platforms when alerts arrive from endpoints, identity, cloud, network, or other sources. After correlation, the AI rule-based triage determines whether an alert is a false positive, a real attack, or its priority level. This is managed by the AI Agentic software within Torq. The automated response playbook then comes into play for remediation. If a playbook has been configured, it may disable a user, isolate a host, revoke a token, or patch a cloud issue based on what the AI detected. The final stage involves ticketing and validation. Torq audits everything, generates a ticket regarding whether the task has been completed, and includes a validation point that ensures all completed work has been confirmed or validated for completeness.
What is most valuable?
The valuable and important aspects I find about Torq include how it was deployed in our environment and integrated with every other technology within our SOC, which was a straightforward task with minimal hassle. The documentation from Torq was thorough, and we were able to integrate other technologies well.
Torq's UI interface is easy to understand and digest. It is visually appealing and information flows consistently, making it easy to grasp whether you are looking at it for the first time or have been working on it for a month or two. The interface is logical in terms of page navigation and how settings are organized by category, all sensibly categorized.
In terms of how Torq has changed the day-to-day experience for my security analysts regarding their workload and job satisfaction, the analysts feel more confident. They believe Torq has all the elements that increase their confidence in how technology should look and integrate with every other piece of technology within our SOC. Under one SOC tool in Torq, analysts get to know everything within the context of an alert or incident they are working on. Torq also provides analysts with a comprehensive viewpoint where they can see all alerts coming from various software, technologies, and alerting systems for a certain customer. This ability to view the whole picture within Torq is one of the major breakthroughs and best offerings of Torq.
What needs improvement?
Torq does extensive marketing saying that SOAR is dead and markets itself as an all-in-one solution, but this is not actually true. Torq is a SOAR platform. Branding that suggests SOAR is dead might not be the best approach. Similarly, marketing Torq as an AI SOC replacing SOAR is part of the overall branding strategy, but Torq should position itself as a SOAR platform because that is what it is. If Torq brands itself as an AI SOC or something else, there might be different outcomes in the long run.
The AI value depends on maturity. Real value depends heavily on telemetry, integration depth, and workflow design, all of which rely on how mature customers are in their SOC department. There is a dependency in this relationship. Enterprise complexity still exists as well. Although Torq is easier than older SOAR tools, large deployments can still become operationally complex, integration-heavy, and governance-sensitive. Many organizations apply extensive governance for security, and Torq does not always comply with all the policies that certain enterprises require.
For how long have I used the solution?
I have been working with Torq for almost four months.
What do I think about the stability of the solution?
Torq is quite stable and reliable with consistent performance. I have not encountered any bugs or errors.
What do I think about the scalability of the solution?
Torq is quite scalable and can scale to accommodate whatever amount of customers you onboard or whatever volume of incidents or alerts are generated daily.
How are customer service and support?
We do not often communicate with Torq's technical support. We had to contact them during initial installation, but we have not needed to since. My impression of their technical support during the initial setup was that they were helpful, responded within a reasonable timeframe, and provided exactly what we needed.
Which solution did I use previously and why did I switch?
Before using Torq, we were using Google Simplify, a SOAR platform by Google, which we used for about four or five years. Before that, we were not using any SOAR solution.
How was the initial setup?
I participated in the initial setup of Torq, which was not complex. Everything was straightforward with minimal hassle. All customization had to be done through APIs, which is always the best approach. There were not many issues during the initial deployment.
What was our ROI?
We are still in the process of realizing value with Torq. Since we transitioned from another SOAR just a few months ago, we have not conducted any system review or performance review. After a six-month or twelve-month period, we will likely conduct a performance review. For now, we are still assessing how much efficiency improvement we have achieved with Torq enablement. Generally speaking, the analysts are very pleased with it, and the integration of how Torq connects is working well.
Which other solutions did I evaluate?
Before choosing Torq, we evaluated other vendors including Tines , Splunk SOAR , Microsoft Sentinel Automation, and Palo Alto Cortex XSOAR . We ultimately decided on Torq.
We dismissed other options in favor of Torq for a variety of reasons. Our solution architect team conducted extensive analysis to determine which platform would move forward, alongside company negotiations and the support we were receiving from Torq. The decision was not based on just one or two factors, but rather on an in-depth analysis.
What other advice do I have?
Comparing Torq's unified platform approach to AI SOC automation and case management with my experience managing multiple point solutions across my security stack, I find that Torq is modern because many other platforms lack this quality. When I say modern, I mean it encompasses everything—the UI interface, integrations, the ability to use AI, and the ability to navigate through cases. Other platforms that are not as modern lack in one or two departments. With Torq, case handling and how a case moves from instantiation through analyst work to resolution or closure—all these stages are managed in a way that is somewhat similar to how other platforms handle them, but it is more modern and represents how technology should look in 2026. The UI interface is quite good, which makes a significant difference in how you view the technology. While it is not a very big leap in terms of case handling compared to other platforms, it still represents an improvement when compared with other multi-integration or multi-connecting platforms.
Regarding the pricing and licensing of Torq, I cannot comment extensively because pricing has been controlled by our product manager. The relativeness between what pricing we received from the previous SOAR and our current Torq pricing is something that should be asked from a product manager, as we as architects and engineers do not handle the sales aspect of the technology. The pricing appears to be user-based rather than database-based, meaning it is based on the number of analysts working on the platform, whether that is fifty, twenty, or thirty, which represents good value.
I would rate this review eight out of ten.