As MSSPs, we serve our customers using Torq, and I work as a consultant in an MSSP that uses Torq as our main SOAR platform for our SOC.

Our usual use cases for Torq involve a variable amount of scenarios. We use it for fast automation building, as the automation building capability in Torq is low-code and quick with less scripting involved. This enables faster Tier 1 SOC automation, so all Level 1 analyst work is eliminated with Torq.

Our other use case centers on its cloud-native architecture. Torq makes use of API-first integrations and event-driven workflows with AI-assisted triage and response capabilities. It can be integrated with different multi-cloud vendors as well as other SaaS stacks, other MDR, and MSSP operations. Integration with cloud technologies is very straightforward.

Regarding Torq's automation of triage, investigation, and remediation actions across multiple attack surfaces, the data ingestion pipeline and workflow are excellent. Torq ingests alerts from a SIEM, EDR, CSPM, IAM, email, ASM, and other sources. It then performs normalization and enrichment. The third phase involves correlation across services, correlating data between different platforms when alerts arrive from endpoints, identity, cloud, network, or other sources. After correlation, the AI rule-based triage determines whether an alert is a false positive, a real attack, or its priority level. This is managed by the AI Agentic software within Torq. The automated response playbook then comes into play for remediation. If a playbook has been configured, it may disable a user, isolate a host, revoke a token, or patch a cloud issue based on what the AI detected. The final stage involves ticketing and validation. Torq audits everything, generates a ticket regarding whether the task has been completed, and includes a validation point that ensures all completed work has been confirmed or validated for completeness.

The valuable and important aspects I find about Torq include how it was deployed in our environment and integrated with every other technology within our SOC, which was a straightforward task with minimal hassle. The documentation from Torq was thorough, and we were able to integrate other technologies well.

Torq's UI interface is easy to understand and digest. It is visually appealing and information flows consistently, making it easy to grasp whether you are looking at it for the first time or have been working on it for a month or two. The interface is logical in terms of page navigation and how settings are organized by category, all sensibly categorized.

In terms of how Torq has changed the day-to-day experience for my security analysts regarding their workload and job satisfaction, the analysts feel more confident. They believe Torq has all the elements that increase their confidence in how technology should look and integrate with every other piece of technology within our SOC. Under one SOC tool in Torq, analysts get to know everything within the context of an alert or incident they are working on. Torq also provides analysts with a comprehensive viewpoint where they can see all alerts coming from various software, technologies, and alerting systems for a certain customer. This ability to view the whole picture within Torq is one of the major breakthroughs and best offerings of Torq.

Torq does extensive marketing saying that SOAR is dead and markets itself as an all-in-one solution, but this is not actually true. Torq is a SOAR platform. Branding that suggests SOAR is dead might not be the best approach. Similarly, marketing Torq as an AI SOC replacing SOAR is part of the overall branding strategy, but Torq should position itself as a SOAR platform because that is what it is. If Torq brands itself as an AI SOC or something else, there might be different outcomes in the long run.

The AI value depends on maturity. Real value depends heavily on telemetry, integration depth, and workflow design, all of which rely on how mature customers are in their SOC department. There is a dependency in this relationship. Enterprise complexity still exists as well. Although Torq is easier than older SOAR tools, large deployments can still become operationally complex, integration-heavy, and governance-sensitive. Many organizations apply extensive governance for security, and Torq does not always comply with all the policies that certain enterprises require.

I have been working with Torq for almost four months.

Torq is quite stable and reliable with consistent performance. I have not encountered any bugs or errors.

Torq is quite scalable and can scale to accommodate whatever amount of customers you onboard or whatever volume of incidents or alerts are generated daily.

We do not often communicate with Torq's technical support. We had to contact them during initial installation, but we have not needed to since. My impression of their technical support during the initial setup was that they were helpful, responded within a reasonable timeframe, and provided exactly what we needed.

Before using Torq, we were using Google Simplify, a SOAR platform by Google, which we used for about four or five years. Before that, we were not using any SOAR solution.

I participated in the initial setup of Torq, which was not complex. Everything was straightforward with minimal hassle. All customization had to be done through APIs, which is always the best approach. There were not many issues during the initial deployment.

We are still in the process of realizing value with Torq. Since we transitioned from another SOAR just a few months ago, we have not conducted any system review or performance review. After a six-month or twelve-month period, we will likely conduct a performance review. For now, we are still assessing how much efficiency improvement we have achieved with Torq enablement. Generally speaking, the analysts are very pleased with it, and the integration of how Torq connects is working well.

Before choosing Torq, we evaluated other vendors including Tines, Splunk SOAR, Microsoft Sentinel Automation, and Palo Alto Cortex XSOAR. We ultimately decided on Torq.

We dismissed other options in favor of Torq for a variety of reasons. Our solution architect team conducted extensive analysis to determine which platform would move forward, alongside company negotiations and the support we were receiving from Torq. The decision was not based on just one or two factors, but rather on an in-depth analysis.

Comparing Torq's unified platform approach to AI SOC automation and case management with my experience managing multiple point solutions across my security stack, I find that Torq is modern because many other platforms lack this quality. When I say modern, I mean it encompasses everything—the UI interface, integrations, the ability to use AI, and the ability to navigate through cases. Other platforms that are not as modern lack in one or two departments. With Torq, case handling and how a case moves from instantiation through analyst work to resolution or closure—all these stages are managed in a way that is somewhat similar to how other platforms handle them, but it is more modern and represents how technology should look in 2026. The UI interface is quite good, which makes a significant difference in how you view the technology. While it is not a very big leap in terms of case handling compared to other platforms, it still represents an improvement when compared with other multi-integration or multi-connecting platforms.

Regarding the pricing and licensing of Torq, I cannot comment extensively because pricing has been controlled by our product manager. The relativeness between what pricing we received from the previous SOAR and our current Torq pricing is something that should be asked from a product manager, as we as architects and engineers do not handle the sales aspect of the technology. The pricing appears to be user-based rather than database-based, meaning it is based on the number of analysts working on the platform, whether that is fifty, twenty, or thirty, which represents good value.

I would rate this review eight out of ten.

Torq is primarily used for security operations, mainly for the SOC team. I develop use cases based on requirements from what the SOC team does in everyday operations. Based on those requirements, I implement security use cases and automations.

For example, when a new user is created, there is a simple workflow where you provide a username, start the workflow, and it completes execution, creating the user everywhere without issues. We have a lot of use cases implemented and are actively using them.

Torq automates triage, investigation, and remediation actions across multiple attack surfaces. Currently, we are using it for SOC operations only, but it satisfies everything we need.

Torq has helped a lot regarding SOC analyst efficiency. We previously had a team of thirty people working in shifts, but now we have reduced the team by half to fifteen members, which allows the remaining members to focus on other areas. Our team is able to handle all activities because everything was previously manual.

Now they just need to get a URL from Torq, hit that URL, and the workflow runs and does the job. Previously, they spent hours on single tasks, but now they can complete them in five minutes, two minutes, or ten minutes, which is very time-saving.

Torq is an excellent product. There are no significant drawbacks. However, sometimes we need to write custom scripting. Personally, I love to write scripts, but this is a problem for people who do not know scripting or do not prefer scripting.

Additionally, the documentation for Torq is not very clear. Most of the information is presented in videos, which are not ideal for reading; there are mostly paragraphs and other text-based content.

Torq demonstrates very good scalability. We can create any number of use cases and alerts. There are also default ready-to-use playbooks available that we can use. It is a scalable product.

To improve alert handling capability, there are ready-to-use playbooks available, but there are very few. Torq should add more playbooks. For example, everyone needs user creation and deletion, and all companies use firewall data. Torq should offer default templates that can directly scan firewall data and automate actions.

Additionally, the logging and debugging visibility for what Torq does in the backend is not very visible, so this aspect could be improved.

I have been using Torq for the last one and a half years. We recently purchased this new product in our environment.

Torq is good from a stability perspective. I have never faced any downtime or issues.

We have contacted technical support many times. When we purchased the product, we often called the pre-sales person to discuss use cases. We asked if we could build certain use cases and if not, what the alternatives were. This support was very helpful and is a good aspect of Torq. The support team is always available. I would give them a nine out of ten for support.

Previously, we were using Splunk SOAR, and we switched to Torq because Splunk SOAR requires a lot of technical knowledge. In Torq, we found it very easy with its graphical GUI. There is no code required; you just drag and drop everything and do simple configurations on the right-hand side tab panel, and that is all. Workflows are implemented easily, which is excellent.

The initial deployment is easy because we purchased only the cloud version. I do not know if it is also possible on a hybrid model, but we purchased the cloud version. It requires very minimal effort to deploy all workflows easily.

We did not see the benefits of Torq immediately. After four or five months, we started to see the benefits because it was in the beginning stage, and no one was familiar with it. Initially, we learned and investigated the product and conducted many POCs. It took about five to six months because I did not find much proper documentation. I did some courses, including a pre-sales course and an admin course, which were good, but it took six months to see the benefits.

I do not have much knowledge about the pricing. Initially, I heard that we are using the cloud version, which is considered cheap compared to Splunk and others.

Torq is very comparable to other tools. I know some products in the market, including Tines, Palo Alto XSOAR, and Splunk SOAR. Compared to these three, I find Torq valuable because other products do not do all the things.

However, one disadvantage of Torq is that it works only for security and security-related operations. It will not do any other automation, like alerting through email or getting data from Splunk to alert somewhere in ServiceNow; that is not possible.

The maintenance side is very good because we are using the product to reduce activities. For instance, sometimes there is an alert or phishing email, and we want to address it immediately. For that purpose, Torq is very helpful and is doing its job greatly. There is no maintenance required on our end. I would rate this product at nine out of ten.

My use case for Torq encompasses all aspects of security automation. I utilize it for running automation for the security department, not all departments in my organization, but mainly for the security department.

I use it for operations automation, where I automate some of the operations processes. I also use it for a SOC platform, as I get all of my security incidents into Torq and prioritize and escalate to the relevant person to review and take response actions automatically.

reduced MTTD MTTR MTTE

The best features in Torq make it feel versatile and comprehensive. I can do everything with Torq. If something is not possible through out-of-the-box integration between two vendors, I can put Torq in the middle of the process and Torq will help me connect systems together, automate the entire process, and automate data flows, prioritization, and data manipulation.

Any request that comes in, regardless of how complex it is, I can accomplish it with Torq. If there are no direct integrations between two systems, Torq can always come in between them and automate the integration.

It has so many capabilities that I can connect everything by using APIs or HTTP requests or running scripts to automate the connection between systems. Regardless of how complex the things I would like to do with Torq are, I will always be able to do that. There is no such thing as not being able to do something with Torq; I will find a way to do that.

Agentic AI helps with alert handling by simplifying the process of parsing different data where data sources can change the schema of the data. It is really simple for me to do that with Torq and the Agentic AI; I do not need to keep track of everything and manage that manually in the automation, as the Agentic AI can do that for me.

Also, for the enrichment part, the Agentic AI can enrich all of my data straightforwardly with the right guardrails in place.

Regarding Torq's unified platform approach to AI SOC automation, I understand it is not a global feature yet, but they are working on one of the most critical features called Auto Triage. This feature would dramatically change the way AI SOC is provided to customers.

The AI can investigate cases or security incidents, and through their AI agents or engines, they can determine whether a case is a true positive benign, true positive malicious, or false positive. Based on this categorization, I can really reduce the amount of work that escalates for a human being to review and take action upon.

The areas that have room for improvement in Torq include the way cases or data can be presented and data manipulation in automation.

My experience using Torq is about a year and a half, or even more than that, maybe two years.

I would rate Torq's product stability at eight, acknowledging that there are bugs, glitches, and downtimes.

From a scalability perspective, I would rate Torq as a ten for my 30 people working globally.

I would rate the vendor's technical support as an eight.

When I decided to go with Torq, I did a POC with three other major players in the SOAR world. What I appreciated most about Torq is the simplicity to connect systems or to do things that are not available outside of the box.

If Torq does not provide a step or an action out of the box to do with a third-party system, I can simply and straightforwardly plug it into Torq by reviewing the third-party system documentation and do it on my own without a lot of complexity. It is easy and impressive.

Torq is very easy to maintain.

Regarding how often maintenance is required, I would say that the maintenance involves automation, not the platform itself. It is maintaining the things that I have built, so I would say maintenance occurs on a weekly basis.

In terms of return on investment, I think I have saved about one hundred fifty percent in time, resources, and money.

Regarding the pricing of Torq, I would say it is expensive. All cyber solutions are expensive. When they bring more and more value into the platform, it makes more sense to pay that price, but still, it is expensive.

The other vendors I looked at include Demisto Palo Alto and Tines, as well as Simplify, which is Google's Chronicle automation SOAR platform.

I realized the value of Torq even within days. It was much easier and much simpler. Even on the demo call, I asked very specific questions because I knew the gaps that I had in other platforms.

In the demo call, I saw that they had solutions to all of my pain points, so I knew from the beginning that it was going to be a match. I do recommend this product.

My advice to others looking into implementing it would be to utilize their AI agents to help build things they do not know how to do. Their AI assistants and AI agents helped me accomplish many complex tasks with minimal effort. I would rate this product a nine overall.

I use Torq as my case management and alert system. Working as a SOC analyst, the first thing I do every morning is get into Torq, review all the open cases and incidents, understand their severity, investigate them, and close them if they are legitimate. I also investigate whether there is anything malicious. I use Torq daily.

We build workflows inside Torq—automations that can automate every action that we do manually. For example, we send Slack messages to users who we think shared corporate data, or investigate specific machines where we suspect there is some sort of SQL injection. We can automate every type of security-related incident through the workflows in Torq.

All the workflows are something really particular. From what I have seen in the past, I have never seen this maturity of automated processes, and the whole idea of drag and drop automation is really simple. This is something I have never seen before. Even with our previous vendor, we did not have this type of maturity. We needed to manually create our own tasks, and it took much longer than what we are doing with Torq.

AI is helping us summarize security alerts. The first thing I do in the morning is get into cases and review all the open cases and incidents. The first thing I see is the AI summary, and it is already telling me all the details that I need to know. Of course, we configured it so that all the relevant details appear in the AI summary, but I almost never need to check the actual details in the logs of the case because I have this summary. On the workflow aspect, I have created multiple tasks that work with AI. For example, I summarize some sort of log and extract only the relevant data from it. I created an agent that can automate processes and make manual API calls to review and collect data that I need for some specific alerts. Recently, they upgraded the Hyperagents and added many automated processes that I am looking forward to using. For example, they created a prompt that can help analyze JSON, which is really good for me because I needed to use it and looked for something like this. They have an option to output from an LLM as JSON, which also really helped me. I am using it on a daily basis.

In the previous system, we were not happy with it. We saw that there were many processes we needed to do manually, while there are options around the market that can help us do those processes automatically. For example, for collecting data, we needed to create the HTTP request ourselves, while in Torq, there are already multiple custom-made tasks that collect the API data themselves, and we do not need to build the whole HTTP request. We looked for a way to save time and automate processes, and Torq really answered those questions.

This is exactly what we discussed two days ago with the Torq team. We told them where we want to see improvements. For example, we have MCP that we are working with our cloud security platform, and we wanted to connect this MCP to the case management. When I go inside a case, I want to have a search bar where I can search details about my cloud and everything in my cloud, details about the specific vendors of the alert, not only the alert itself. Currently, we have a search bar for the alert itself, but we do not have a search bar for the connectors. This is one place for improvement.

We already talked about some filtering that they can add. They have a dashboard case dashboard, which is a separate page from the cases itself. We thought about adding a specific widget to the cases page so that we can see statistics inside the cases page. However, there were a few things before that we wanted them to work on, and they have already solved them. For example, we wanted to implement Torq to have access only within our VPN, and as far as I know, they worked on it. A month ago, it succeeded, and we are currently only connecting inside of the VPN.

I have been using Torq for the past four to five months.

As far as I know for now, I have never seen any message from them that there is maintenance and we need to wait or something like that.

I would rate scalability about nine.

I would rate customer service nine.

Our previous solution was Cortex. When we reviewed multiple SOAR solutions, we saw that all the new SOAR companies are doing basically the same thing. We then looked for the specific company that could help us automate and create automated processes with the most mature solution. Torq really answered those questions and really helped us with it. When we started the process and began working with Torq and seeing all the system, we saw that it became really easy to create a workflow. I do not need to think too much. I know I have many drag and drop tasks that can automate a process, which I could have done manually for months.

The setup was easy. All of our security operations team got into Torq and started working on workflows in parallel, which made the entire onboarding process really easier. Something that should have taken half a year took two to three months, and then we finished everything and migrated everything.

Only our teams implemented Torq.

The main thing that I got when we started working with Torq is time. I used to have much more time to review alerts, and most of the alerts were manually closed rather than automatically closed. I had most of my day investigating alerts and solving them. A huge part of them are false positives and things that are legitimate and just need a quick check or sending a message.

Since we started working with Torq, I am handling much fewer alerts. It is becoming really easy for me to handle an alert. I have all the information that I need. I do not need to connect to different vendors to receive this information. The main thing I got from Torq is time, and this free time helps me to build another automated system, learn, and there is no need to explain what time is and how important it is.

I used to spend something like three to four hours each day working on cases. Now when we are working in Torq, in the first hour and a half to two hours, I am solving all the cases and the open cases, and I am free to do whatever I need.

Unfortunately, I am not aware of the pricing itself. This is something that my manager would be able to answer, but I am not aware of the price.

I would definitely recommend Torq. I have no doubt, really. When we looked for another vendor, Torq really answered all our questions. It really helps us to receive the best solution for our SOAR.

We already connected Torq with our EDR, SIM logs, and DLP systems. When we connected it, the whole idea of Torq was collecting all the data to a specific place. We created alerts in the SIM and then automatically sent them to Torq. We do not handle the alerts in the SIM, only on Torq. When we collected the data from all the vendors, it is really easy when everything is in one place. We have everything in Torq, and then we do not need to connect to each system to review all the data.

I believe we looked for a maturity that they did not have at first, but right now I can see and tell that they have this maturity, and we are going to use the Agentic AI. It used to be like a six, and right now it seems like an eight, maybe nine even when we review it. I would rate this review an eight overall.

Torq markets itself as a security tool, and we do use them for security, but not in the traditional sense they market. Our security implementation uses them for internal tools that require multi-step processes of approvals, and it's easier to execute via workflow. Our biggest use case for Torq is onboarding and offboarding, which previously involved a very convoluted internal process. We made it automatic and secure by transforming these multi-step internal processes into rigid workflows, which provided security benefits.

Torq provided an excellent introduction to no-code automation for me personally. Before signing with them, we evaluated Torq and other similar companies. Torq gave us the best of both worlds where it's easy to get into, but it also provides enough options. Some applications offer way more flexibility, while others are easier to use, but Torq struck a good balance for us with its visual branching tree workflow of no-code automation. This was a great way for me to enter the field, and even now, after building very long workflows, it remains easy to jump back into and understand what's happening, and I can edit it on the fly.

Other than using API keys in workflows that sometimes need to be rotated, I cannot identify any needed updates. If you use an API key, it might expire, and then you need to enter the workflow or access the secrets in Torq to add a new one.

For any team, whether security or IT, looking to automate and wanting to do it fairly easily without using scripts or hosting something, no-code automation in general is something I would advise. Torq would obviously be my first recommendation because I personally use them. If I am already speaking with somebody who implemented it, I would probably help them build it in a smarter way than we did because even in no-code automation, you can build things that eventually need to be refactored and rebuilt in a better way, which is harder to do than leaving them as is. I would probably help a different customer of Torq who is just starting out by giving them best practices, such as splitting up your workflows, using nested workflows, and trying to immediately incorporate AI. If you build a rigid workflow and then add AI, you will not be satisfied with the result. These are best practices for the application that I would mostly give.

Our entire team personally works with Torq, which is four people. Our surrounding teams currently do not use Torq, but approximately six months ago, we created another workspace that we wanted to incorporate our development team into because we see the value in giving developers the option to build their own workflows for simple tasks. I started trying to help some of them adopt it and guide them through how to use Torq. For something as small as a developer who wants to get a daily alert about their tickets with a couple of parameters, it is just easier to do it via Torq than doing it via Jira.

If I review about 100 vendors that I might work with, Torq is definitely in the top five that gave me personally investment back, just because every bit of effort I put into Torq eventually became a workflow that gave it back to me. There are not a lot of applications that do that generally for IT departments that do work for you. IT usually does not have their own internal tools. When I compare it to something like a ticketing system, it gives me more value than a ticketing system because it actually does work for me. That is how I see Torq.

I will specifically talk about the security team and the CISO. One of the biggest things we strive for internally when it comes to security, at least something front-facing, is on-demand permissions and ensuring that nobody has something that they do not need at the current moment. We also like going through multi-step approvals when it comes to security for any sensitive internal tool. For both of these options, we implemented them in Torq pretty much from the beginning. Eventually, we did pivot when it came to on-demand permissions, but that is because it is one of those things you can achieve via Torq even if they do not market themselves as that. We saw an impact pretty much immediately on all the manual work we had to do when it came to approvals and access to applications. We basically put everything in Torq, it took a while to build, and it gave us immediate impact on the time spent and gave the CISO immediate impact on users having only what they need whenever they need it when it comes to application access.

We do not utilize the AI features that much. When it comes to general AI features of Torq, we are just slowly starting to implement them because I feel that not just Torq, but most companies are just starting to figure out how best they can utilize it. It is not something we have found a lot of value in yet. Personally, I have not utilized it enough. It is a two-way road where I did not see enough value in it and I did not give it enough attention yet.

It is not personally the tool we go to for that purpose. It is not something I think we adopted for that purpose. I am not saying it is a pivot of theirs, but because it is something that we have not given enough attention yet, we rely on other tools in our stack to be that center point. We have not used something previously, and Torq has been one of the tools in our growing stack. It is something that is always available as other tools, but we have not picked it internally as our AI SOC tool.

Because we have not seen enough value, I cannot give you a lot of information about that. In general, in the niche that Torq is in the market, I think the biggest comparison they get is with N8N. Whenever I see a demo of them or look at a video or documentation, I always say that I would rather pick Torq over it. I feel that it is not just because I am used to it at this point; it was the best way to get into this kind of niche in the market. N8N is not hard and is also easy to get into, but for our use case, Torq, even when we started and it had fewer features than it has now and fewer steps that we can do in the workflow, filled our gap very quickly. It was immediately usable for our use case.

That is the strong point. We always strive for more features. I find myself sitting sometimes in front of a workflow wondering why it works this way because it feels like a convoluted way of doing this step. However, it is still something I can do. It is a good point and a bad point about Torq. I do not remember the last time I sat in front of trying to build something in Torq and said to myself that this is impossible and the platform does not allow it. There is always a way to do it. It might just not be the smartest way to do it. When I compare it to a lot of other applications we work with, most of the time, you just cannot do it and it becomes a feature request. Usually, nine out of ten times, if I have a problem with Torq, it is just that I do not the way I need to do something more so than that I just cannot do it.

Their AI is an area for improvement. When I heard about them implementing these features and going to agentic approaches, and when they showed us the AI features about a year ago, I became very harsh on AI features in general in the market because every company introduced them without a lot of value in it. Torq has a very difficult game to play where AI steps, on one hand, ruin the point of their workflows, and on the other hand, if implemented well, can be utilized amazingly. When you build a workflow in Torq for at least our use case, you want some sort of rigidity. I want to know that I will always get the same result that I want. The second you put in any AI step, you cannot guarantee that result. If you ask ChatGPT the same question ten times, you might get ten different answers. Torq has a very hard problem of how to implement AI as a model that you use in a step but still get ninety-nine out of one hundred times the result you want, which is usually good enough. Even today, and especially at first, I was not happy with a lot of AI features because I do not see a lot of value in them. Even now, we have workflows that are in production that use AI steps and I get different results, making it unusable to some degree. I try to implement AI steps, give it a couple of runs, and I see that it has about an eighty percent success rate of what I want. I need to go back to rigid steps. It is a good and bad point where I appreciate that they pivot into it, but I do not think it is at a good place right now, at least for our use case, because it negates the point of rigid workflows.

There are a lot of small things about Torq where quality of life changes are needed, but that comes with no-code automation in general. Eventually, you build a huge branching tree of steps and it might be hard to navigate and might lag a little because it is huge. It is a very nice UI, but when you build enormous workflows as we do for our use case, it gets hard to navigate sometimes. It is not unusable and easy to jump back into, just hard to maintain. That is the price you pay with no-code automation in general.

The more workflows you have paid for, and as far as I know, you pay for a block of workflows, the sky is the limit. The only problem is that if you build one massive workflow and you do not want to rely on nested workflows, it might get a bit laggy. Scalability I would rate as an eight, maybe a nine. The world is your oyster, but no-code automation in itself has its own limits in a web UI.

The support is good. I would rate their support as an eight. I get answers fairly quickly and I do not remember the last time I talked to somebody who was not knowledgeable. They always know pretty well how to support whatever I ask. It goes to the point where if I need help in actually building something, nine out of ten times, they give me a solution even if it is not the solution I wanted, and I still can get to the result. One out of ten times, they straight up do not have it and it becomes a feature request, but they always know. I get support fairly quickly.

We have not used something previously. Torq has been one of the tools in our growing stack. It is something that is always available as other tools, but we have not picked it internally as our AI SOC tool.

If we are talking about cloud or local, there was no challenge. You get the tenant, get your website, and start working on it.

If we are talking about just getting into the platform and start working, it is immediate. It is basically a SaaS subscription. But as we talked earlier, if it is actually building, then yes, it took a while to understand, but I think that is a different question.

I did not lead the project in adopting it, but I had to be one of the people who set it up in our team. It took a bit longer to adapt than we initially thought, but it was always something we knew we needed. That is why we looked for something like that in the market. As a department fully, we wanted to pivot into internal automation. I would say it took us longer than we thought, and we were trying to figure out with Torq. We were sitting with them twice a week building out things. Seventy percent of that was us getting used to the platform and thirty percent of that was us giving some feedback or feature requests, a lot of feature requests. Torq grew with our needs a lot, but they were immediately usable at the start. The place we are at today with Torq, we are very satisfied with, but it took us like a year to start being somewhat content with the place we were, and then we were trying to make it better.

I am less aware of the pricing in terms of the negotiations itself. I do know how much it costs. I think it is at least compared to other solutions I heard in the market fairly priced. It just depends if they are using different modules as different pricing, especially now because a lot of companies are introducing AI, and that is where the price might get more iffy. I am not sure of that. But just for who Torq is in their niche, as far as I know, they are fairly priced.

To get it to a place that we are happy with, we are constantly working on it. When we adopted it and we started working on it, it pretty much took a year. It pretty much took until we got to our first renewal where we said that this is the value we see, this is the things we want more, but that is the first place where we said we are happy enough that we want to renew.

We buy direct from Torq.

Before we signed with them, we looked at Torq and other similar companies. Torq gave us the best of both worlds where it is easy to get into, but it also gives us enough options because some applications give you way more flexibility, while others are easier to use. Torq struck a good balance for us with its visual branching tree workflow of no-code automation.

I would rate Torq an eight overall. I feel that Torq is as good as the effort you put into it. The limitations are very small compared to other vendors I work with. The only thing that would change that score at this point is if they get set back by AI or not. If they put a lot of effort into AI and we personally do not see the value, then the score goes down to a seven because we eventually run out of things to automate. I can sit and work on a workflow for two hours and get two minutes of ROI on it. I can build everything, and it is just eventually I am wasting time. If they add more AI features and focus on it that we have use for, then I can go back and build better workflows, get more impact on the time I put into it, and then it stays an eight. If not, it might go down a little over time.

As the IT Director, the main usage that we have is mostly IT related. We use it as a weekly tool for us, and it is one of the most important tools that we have. This is how we automate most of what we do in IT.

Our onboarding and offboarding processes are automated through Torq. Over time, we built a large and complex automation tree with many branches, and today most of the employee lifecycle actions are handled via Torq.

In addition, we use Torq for bots and just-in-time (JIT) access in several scenarios. One aspect is access to systems and credentials, and another is network-level access. From a network perspective, we integrated Torq with Zscaler’s Zero Trust solution, which allows us to fully control network access using automations and a request portal.

We use Torq together with Apono for permission requests. When a developer needs access, they request it through Apono, and Torq orchestrates everything behind the scenes. Torq dynamically opens access to the specific requested resource via Zscaler. Even if a user is entitled to a resource, they only receive actual access once it is explicitly requested and approved, and the access is granted automatically and temporarily.

This helped us get to a much more secure state and use just-in-time access very easily. We are very happy with this architecture.

It is hard to point to a single best feature because we have been using Torq for a long time and are very familiar with the platform. There was a learning curve at the beginning, and Torq was a bit different back then, but once we got used to it, it became very natural to work with.

What I appreciate the most is the flexibility. There are essentially endless possibilities with Torq, and you can do almost anything with it. The main limitation is not the platform itself, but the vision. If you do not have a clear idea of what you want to build, it can be hard to execute. However, if you know what you want to do, in most cases you can implement it with Torq. This is one of the things I value the most about the product.

Over the years, Torq significantly improved the user experience. The UI became much more comfortable to work with, and they added more triggers and forms that make building workflows easier. They also introduced the AI agent, which we use mainly to aggregate notifications, although it can be used for many other scenarios. In general, the platform offers a wide range of integrations, which makes it very convenient to use.

We work with them quite often, so we have a direct line regarding areas in Torq that have room for improvement. If we have a feature request, we can request it. I do not have anything in mind at the moment.

We were a design partner for a short while, so we feel that they listen and that users of the system have an impact on the way the system is designed for the better.

They have a new community, which is something that I personally suggested years ago. There are many people like me in different places and they might have already built the workflow that I need. Having the option to share workflows or to jump on a thread and say I have this need, did anyone ever build a workflow for it, is amazing. Someone would jump in and say yes, sure, here, take this workflow. I think this is an amazing thing and I really hope that the community will come alive because I think this is really powerful. This is something that I already suggested and it did happen eventually, and I am quite happy with it.

I do not have any specific feature in mind that I have a need for at the moment.

I have been using Torq for the third or fourth year.

We never had any issue with the system regarding stability. I would give it a definite 10.

In terms of scalability and the ability to grow within our environment, the answer is definitely yes. Torq scales very well and fits our business requirements, with plenty of room to grow.

I would rate its scalability a 10 out of 10, mainly because I honestly do not know what the upper limit is, and I am confident that we are not anywhere close to it. For our specific use cases, I highly doubt that we would ever reach any scalability limits.

We have not used them too much officially as support because we had a good relationship with Torq. We got a lot of help, especially at the start a few years back. We do not use support too much, but when we used support, it was good. I would say 10.

Before Torq, we used a limited amount of automation with other tools. These were mostly more consumer-grade solutions and were used on a relatively small scale. For example, we used tools like Zapier and Make to handle simple workflows, such as collecting information from a Google Form and pushing it into a Google Sheet.

Those tools worked fine for basic use cases, but we never took them much further than that. Once we started using Torq, we felt much more confident in the platform’s capabilities, especially from a security perspective. Torq made a much stronger impression on us and allowed us to unlock value much faster than with the tools we were using before.

I never tried to replicate what we did with Torq with Zapier. To be honest, even if I were to migrate tomorrow to Zapier, I am not sure that we can replicate what we are doing with Torq. There are other tools that we can probably do that, like N8N, for example, which I think is quite similar on the UI side of it. I do not know on the backend side of it, but i'm sure there are some tools that we have not explored that might be similar.

The ones that we used before, I do not think that we could have unlocked the same value.

There were no challenges regarding the deployment itself and it was easy.

The question here was how many users are using Torq in the organization

Initially, there were four users consisting of me and my IT team. We were the primary users and used Torq across the organization, supporting many departments through IT-owned automations.

IT team was the only group working directly with Torq, and we used it as a centralized automation platform for every use case we had that we were able to automate. More recently, around mid-2025, we started seeing increased interest in automation across the organization. This was partly driven by broader exposure to tools like n8n, which made more people curious about building automations themselves. As a result, we began running demonstrations for different departments and gradually adding more users to Torq so they could experiment with the platform. The goal is to enable teams to automate their own or their department-specific tasks without always going through IT.

At this point, we have approximately 20 users actively set up in Torq

Regarding pricing, it is a hard question.

Initially when we started with Torq, I was not the one who purchased it. Ever since then, we already unlocked value within Torq, and it has room in the budget, so we renew it every year. We renew it because we want to continue building on the work we have put into it and we are very happy with it.

I do not know because we have not checked different solutions at the moment. I cannot tell you if they are expensive or not. Are they more expensive than Zapier? Yes, but I do not think it is the same category.

Overall, I would rate Torq a 10.

When it comes to Torq’s approach to AI and SOC automation compared to other solutions in our security stack, it is hard for me to give a very strong opinion. Like most companies today, Torq is evolving its AI capabilities, and AI is being added across many areas. From what I can see, they are generally on par with other solutions at this stage.

It is worth noting that we mainly use Torq for its automation capabilities and workflow builder. We do not use their case management functionality. We do use some of their AI-related features, such as the AI agent. I am also aware of other AI components like Socrates for case management, but that is not something we currently use. Overall, AI in this space is still evolving everywhere, and it is difficult to clearly differentiate vendors at this point.

From a practical perspective, the safest and most valuable use of AI for us today is around information handling, aggregation, summarization, and notifications. These are areas where AI can reliably save time. There is still no way to guarantee fully consistent or deterministic outcomes from AI, so we are very cautious about where we use it. For example, I would never use AI in a critical workflow like offboarding a user, because I cannot fully guarantee the results. That applies to any AI model, not just Torq’s.

Where AI has been a real game-changer for us is in simplifying workflows. In the past, sending a Slack message based on multiple data points required many steps to collect, process, and format the information. With the Torq AI agent, we can sometimes replace five or ten steps with a single AI step that aggregates the data and acts on it. This has significantly reduced complexity and saved a lot of time.

From a security perspective, I found Torq is especially useful for large-scale manual remediation (Instead of writing and running scripts). For example, during a security incident where we needed to rotate keys or change settings at scale, such as in GitHub, Torq allowed us to do this efficiently through automation. This is not fully automatic remediation, but rather manual remediation executed at scale using automation. For fully automatic remediation, we rely more on specialized security tools but they are limited each one to it's own specialized field.

In terms of time to value, it took me some time to fully appreciate Torq. I was not the one who initially brought it into the organization; my manager did. At first, I was somewhat resistant, without a strong reason. There was also a learning curve, although Torq helped mitigate it. Once I started using the system seriously and understood its potential, it completely changed how we operate in IT.

Today, the entire IT team uses Torq. We may not use it daily, but on a weekly basis we are constantly looking for new things to automate. Torq is used even in production and is deeply integrated into how the IT department works. When we evaluate new tools or solutions, we always think about how Torq can be used to automate processes around them if native automation is missing.

Even though IT may not be Torq’s primary target audience, it has become a core platform for us. It significantly increased our capabilities and responsiveness, and it is something I believe should be a staple in IT departments. We are extremely happy with the system, which is why I give Torq an overall rating of 10.

We utilize Torq as our central hyperautomation hub to bridge the gap between detection and remediation. Our primary use case involves ingesting alerts from our SIEM and Cloud Detection & Response (CDR) tools via webhooks. Once an alert is received, Torq triggers automated end-user interviews using HyperAgents to validate the activity. If confirmed, the system automatically generates Jira tickets for tracking. Beyond basic alerting, we use Torq to correlate high-fidelity threat intelligence from CrowdStrike and AWS GuardDuty, and to automate critical IT workflows such as user deprovisioning and group management.

We have used Torq to automate triage, investigation, and remediation actions across multiple attack surfaces including endpoint security, identity, and cloud. The initial deployment of Torq was straightforward.

Torq's Agentic AI has increased alert handling capability and capacity for our SecOps staff. Torq's unified platform approach to AI, SOAR, automation, and case management is superior compared to my experience managing multiple point solutions. Torq has changed the day-to-day experience for our security team.

There are areas where Torq could improve, and the solution does have some downsides that could be addressed.

I have been using Torq for approximately three years.

Torq has maintained good stability. I have not experienced lagging, crashing, or downtime with the solution.

Torq's support team is responsive with a speed rating of seven out of ten. The quality of their answers is satisfactory.

I have used alternatives to Torq.

I would rate my overall experience with Torq as a eight out of ten.

My role is Cyber Security Engineer, and we use Torq for our case management platform, automating some of our phishing workflows to automate the containment of account takeover users, which are probably our biggest use cases.

I have used Torq to automate triage, investigation, and remediation across multiple attack surfaces, including endpoint, identity, cloud, IT, and others.

In terms of increasing alert handling capability for our SecOps staff, Torq's Agentic AI is really strong in analysis, and recently, we started using what's called the AI Step, having really great success. Using that one piece of AI, we auto-closed 511 cases in quarter four alone.

Torq has changed the day-to-day experience for my security analysts by enhancing their workload management and how they feel about their job, as they can now operate cases more quickly and have a nicer centralized location for information that previously required manual work.

Torq's unified platform approach to AI SOC automation and case management has significantly benefited us by integrating the case management platform with the automation, which saves time compared to managing multiple point solutions across our security stack.

Regarding the downsides of Torq, one issue is that as a SaaS product, I sometimes encounter transparency issues about what is going on behind the scenes, necessitating contact with Torq support to get logs in certain situations. From an engineering perspective, I think more error messages and error handling information for our engineering team would be very helpful.

I have been using Torq for approximately a year and a half.

Regarding stability, I have noticed some lagging, crashing, and downtime, which is one of my largest gripes. There are occasional odd issues, but they are generally not long-standing problems, just a little annoying.

Scalability of Torq is great; our case management is super scalable, and workflows are very easy to keep designing more of.

I have contacted Torq's technical support.

The speed and quality of their answers have been pretty good, as I usually get a response within 24 hours, and they follow up well. One specific instance was when an SSO token expired and I was unable to log into the platform, where I submitted an emergency ticket and received a very quick response, resolving the issue within a couple of hours.

I have used an alternative similar to Torq, which was Palo Alto XSOAR.

The initial deployment of Torq was pretty easy from my perspective. Torq provided a sales engineer who helped build things and ensured I understood the platform completely.

It took about three or four months of sales calls, testing, building, and then we officially deployed Torq just about a year ago after completing the purchase.

From the engineering side, the deployment can work with just one person, although managing everything else related to case management gets more complicated. Still, it is manageable with one person.

I saw the benefits of Torq pretty immediately. I worked with their sales engineers before we purchased the platform to build proof of concepts, so by the time we officially bought Torq, we already had two workflows that were very helpful to us.

Before deciding to implement Torq, I considered that compared to our old case management platform, Torq was a much better price and had a lot better value for what you get out of the platform, which was a key consideration for the company. I think it is a more modern case management system compared to our old platform, making it a nice modernization upgrade, especially since we barely had an automation platform before this.

Comparing them, the biggest difference that comes to mind is the significant cost difference, as Palo Alto charges a huge amount for their products. The experience of designing workflows in XSOAR versus Torq feels almost exactly the same with a drag-and-drop feature, but with Torq, it integrates intentionally with the case management platform without extra charges.

In comparison to other solutions I have used, for how new the company Torq is, it is pretty well set up. The user experience, such as the design of the workflow building, is very similar to a previous automation tool I used, which made it easy for me to start building immediately because it has an intuitive, modern workflow building user interface.

Torq's maintenance requirements depend on how you define maintenance. While Torq handles the platform's overall reliability, I have to perform maintenance on the workflows I build when bugs arise.

I have no partnerships, but once, they sent me a really cool hoodie.

I would rate this review a nine out of ten overall.