Torq AI SOC Platform logo

    Torq AI SOC Platform

    Sold by
    Torq is the AI SOC platform that combines agentic insights and automation so that enterprises can triage, investigate, and respond to actual risks, faster. Torq streamlines every step from alert through resolution. The platform analyzes your risk context to identify your biggest threats. Working alongside your SecOps staff, the Torq platform integrates with your security stack to facilitate containment and remediation workflows.

    Ratings and reviews

    4.8
    164 ratings
    3 star
    2 star
    1 star
    90%
    10%
    0%
    0%
    0%
    3 AWS reviews
    |
    161 external reviews
    External reviews are from G2  and PeerSpot .

    Filters

    Review type

    AWS Marketplace reviews
    External reviews
    Reviews (164)
    Maiko Svanidze

    AI-driven automation has transformed incident response speed and boosted analyst confidence

    Reviewed on Jun 30, 2026
    Review from a verified AWS customer

    What is our primary use case?

    For Torq, first of all, it's a hyperautomation and AI assistant usage. Our EDR SentinelOne is integrated in Torq and besides the vendor itself having hyperautomation abilities, Torq helps me to analyze incidents and to respond to incidents more quickly and more efficiently.

    Torq's AI SOC automation case management is much faster and more efficient compared to the manual tools I have used before. Torq is an ideal assistant for AI SOC in automation challenges.

    Torq changed the day-to-day experience for my security analysts. They are more confident and can test more approaches in the security operation center every day as workflows and routine.

    What is most valuable?

    I rely on Torq's AI assistant in most of my incident response and in building right and less complex workflows for automation.

    Torq helped me also in some infrastructure and ticketing challenges, for example, to organize the ticketing system in our company, but I am still in a process of learning about Torq and realizing different scenarios using Torq.

    The most valuable feature of Torq is hyperautomation and AI assistant because the quality of speed and recommendation from the AI assistant is really high. Another outstanding feature is that you don't need to write code. There is a library of prepared scripts or JSON scripts which can be right and adapted. You can face quite complex challenges without a programming background and can successfully solve these issues and challenges.

    Torq's no-code library helps me to be more efficient and respond to incidents more flexibly. The support of the AI assistant makes my actions more efficient and quicker.

    What needs improvement?

    The only thing is more out-of-the-box integrations. Torq already has a lot of supported integrations and adding new ones is not difficult, but for some customers, it's easier to have a plug and play interface to start onboarding.

    We didn't evaluate other options because we tested Torq and we liked it.

    At this stage, I have no additional suggestions. I will update my review several months later and maybe then I will have some suggestions to prove and to what in addition I would like to see in the solution.

    I can't evaluate Torq's agentic AI, but I think in my next review, I can provide more information.

    For how long have I used the solution?

    I have been using Torq for the last six months.

    What do I think about the stability of the solution?

    I haven't experienced any downtime or technical issues while running the platform.

    What do I think about the scalability of the solution?

    Torq can handle growth and increase easily without any downtime or lack of service.

    How are customer service and support?

    Customer support is responsive and helpful, but most of my questions were more how-to questions.

    Which solution did I use previously and why did I switch?

    I used online SIEMs with integrated SOARs, not online but on-premises, and we switched because it was too slow and too inefficient to use.

    How was the initial setup?

    From my point of view, Torq has excellent documentation and a support portal. You can find literally everything on the support portal. There are visual manuals and quite simple instructions for onboarding and for every use case you can imagine in your infrastructure.

    My advice would be to test Torq in your environment, ask as many questions as possible during POC and refer to documentation in cases you feel not confident about your new solution.

    What about the implementation team?

    At this stage, we are just customers of Torq.

    What was our ROI?

    Regarding Torq's pricing and license costs, as long as our existing team started to work more efficiently and quicker, I think we have quite a return of investment and we suppose to add more security management center tools. The return of investment is also the money we saved not adding another security tool. For me and for our security stack, it's about 30% return on investment.

    What's my experience with pricing, setup cost, and licensing?

    Torq is a standalone solution from Torq providers.

    Which other solutions did I evaluate?

    We didn't evaluate other options because we tested Torq and we liked it.

    What other advice do I have?

    I think I have told everything about Torq that I can share at this stage, but I am still in the process of learning the platform and I still think that there are many more features which can be adapted and can be used inside the company.

    According to positive outcomes, Torq reduced manual work and made incident response more efficient. From Torq workflows, I learn much more about my company ecosystem. This also reflects on the defensive side of the company. I see the gaps that I had according to incidents and I can fix and address the gaps relying on knowledge I get from automation results.

    I think the speed of work increased minimum by 50%, but I think with more automation and more optimization, we can make this result much better.

    The easiness of integration, good quality of support and good quality of documentation make this product easy to work with. From what I see, the vendor itself is oriented on improvement, which means that they will not stop at the level they reached by now.

    I am quite confident in Torq because I have checked, for example, compliance to ISO 27001 and this is the most relevant standard here in Georgia. I trust in Torq and I trust in the security compliance the platform provides.

    Torq's AI recommendations are consistently helpful. There was no case when the system provided me with a false recommendation or inaccurate response.

    Alert fatigue is something I would like Torq to help me address.

    My overall rating for this review is 10.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    reviewer2866401

    Automation has streamlined incident handling and AI now summarizes and responds to threats

    Reviewed on Jun 30, 2026
    Review provided by PeerSpot

    What is our primary use case?

    My main use case for Torq is to handle the correct cases using it as a SOAR platform. We have created a work plan and we've used Torq as a SOAR platform to handle the incidents from start to closure.

    What is most valuable?

    In my opinion, the best features Torq offers are ease of navigation and good AI usage as Socrates. There are different stages of the incident when it comes into the queue, and we could easily navigate to the sections that we would want to update and work on. That is how it brings a lot of customization to the incidents navigation and all other stages of the incident. The good usage of AI is regarding Socrates, the AI that summarizes and can respond to the threats or the incidents on its own when it's assigned to the incident. Those are two of the strongest points of Torq.

    Torq is good in the reporting structure and showing metrics to the leadership. I think Torq plays a good role in that sense.

    What needs improvement?

    Torq can probably use more ML and look at what can be closed and what cannot be closed in terms of data classification. In terms of auto closure of incidents, it can do better when it uses ML. I choose that number because it's a great SOAR tool. It's not one of those existing SOAR platforms or just a pure SOAR. It has good incident handling, good UI, and a good user-friendly environment, but it can also improve its automation workbooks, work plans, and usage of ML to better cater to the market or consumers.

    For how long have I used the solution?

    I have used Torq for five months.

    What do I think about the stability of the solution?

    I did not see it buffer, take a lot of time to load, or be unresponsive. I haven't seen those issues in Torq. I think that's a good experience.

    What do I think about the scalability of the solution?

    If scalability is rated out of ten, I would rate it seven out of ten.

    Which solution did I use previously and why did I switch?

    It was Demisto XSOAR, and we shifted because we needed a more user-friendly SOAR platform.

    How was the initial setup?

    I would just make sure to replace the old or the previous solution with Torq point by point. If that is good, I think everything else will be taken care of.

    What about the implementation team?

    We were just consumers.

    What was our ROI?

    I can share the time saved from my work alone and cannot disclose or specify any other employees. I saved nearly roughly about ten hours of my time while I was working in Torq because it's much better than the previous tool.

    Which other solutions did I evaluate?

    I have heard Hyper Automate is pretty user-friendly and has less coding compared to other leaders in the market or other players in the market. Its drag and drop tasks or work plan building is what I heard.

    What other advice do I have?

    We have seen fewer failures of automations from the time Torq came into the picture. We've had a more streamlined process of handling incidents, and at the same time, we've learned to embed the AI into our incident types, and that is how it has helped us in the automation. I think Torq can really integrate other tools within the case management platform, and it can make the work a little more efficient. I would rate this review eight out of ten.

    reviewer2846346

    Automation has transformed phishing response and routine workflows while AI now accelerates case handling

    Reviewed on May 26, 2026
    Review provided by PeerSpot

    What is our primary use case?

    My main use case for Torq is automation, specifically automating processes that the business considers redundant, mundane, and busy work items, along with other significant automation opportunities like phishing cases, typosquatting, leaked credentials, and double-checking, so there are numerous different use cases.

    One specific example of an automation I have set up with Torq is phishing analysis. Torq workflow that handles phishing cases essentially closes out 60%, meaning only 40% of all phishing cases that come to our team need to be reviewed because the automation can close out the other 60%. If my team had to look at every single email, it would consume a lot of time, so it saves a lot of time.

    What is most valuable?

    Torq's best features include the AI components within the platform, specifically the ability to have an AI helping assistant while you are working in the platform itself, which is extremely convenient. You can ask it any type of question and it gives me an answer that I can work with or is the actual answer because it has Torq's back-end knowledge to answer Torq-specific questions. Another great feature is the Python script AI assistant, which has been really helpful because you can prompt it and it does it for you, as well as other micro-steps like Transform operators and the ability to run easy JQ commands to pull or separate specific data.

    Torq's integrations are extremely easy, so any product you have in your tech stack is easily integratable; it takes a few steps, plug it in, and you are ready to go.

    Torq has positively impacted our organization by saving a ton of time, especially on the GRC side of the business where we automate many emailing processes, such as sending out phishing tests to our employees. If they fail by clicking on the link, we notify all of them, so we have definitely seen a huge efficiency boost. We are targeting $600,000 saved this year in 2026, which is a substantial amount of money.

    What needs improvement?

    I wish Torq's AI assistant for building templated workflows from scratch worked better; when you start with a blank slate, asking AI to help you build or template the workflow out does not go well. Almost every single time I have tried to use it, I have had to delete it and start from scratch, so that would be the only piece of Torq I would mention. Additionally, I think it would be nice to have a direct connection between case management and automation instead of having to build out workflows to manage cases.

    For how long have I used the solution?

    I have been using Torq since we moved into production ready as of last November, so it has been about six or seven months.

    How are customer service and support?

    I have not run into any issues with customer support from Torq, which has been astronomically amazing. I have a great relationship with my CSM and my technical enablement engineer, so it has been really easy working in Torq and building, which is why it cannot be anything lower than that.

    Which solution did I use previously and why did I switch?

    We came from XSOAR, which I consider a very archaic platform, and Torq has exceeded expectations by delivering workflows in a timely and lower effort manner than XSOAR. XSOAR would have been a two; Torq is definitely a nine and a half, almost a ten. It meets all my needs, and I have not run into any issues.

    Torq challenges we faced in our SOC that led to considering changes before implementing Torq were primarily due to the automation industry changing. Palo Alto's XSOAR simply did not meet our needs, and with our contract coming up, we performed an industry review and compared Torq with Tines and others. Ultimately, Torq proved to be superior with a much easier to interact with playbook builder compared to Tines, which felt complicated and convoluted.

    We previously used Palo Alto XSOAR because it was slow, and our contract was up.

    What was our ROI?

    Torq calculation for the $600,000 in savings is very specific and based on the team's time. For example, we calculate that handling phishing cases takes about five minutes per case, but if Torq auto-closes it, we save more money because our analysts do not have to take time out of their day to review it. We do a per-minute price cost based on yearly salaries of whichever department we save time for, multiplying that by how long it would take to handle the specific use case, and then total it into an ROI table that we are holding in the workspace variables.

    We have seen a return on investment, targeting a $600,000 ROI for the year. So far, from the start of our usage, we have saved around $200,000 to date. We aim not to eliminate jobs but to reduce mundane tasks through automation.

    What's my experience with pricing, setup cost, and licensing?

    My experience with Torq's pricing, setup cost, and licensing was good, but I did not deal with that too much; that was handled by my boss, and Torq's pricing came in very comparable to the other products we were looking at.

    What other advice do I have?

    I have not looked into Torq's AI capabilities regarding governance and security too much, so I do not have much to say on that.

    Regarding Torq's AI capabilities, I trust more or less the accuracy and reliability of output. I have not done a whole lot with AI beyond using the AI chat agent and the AI script builders, but we are building out a HyperAgent for active threat hunting in our environment. This process involves pulling feeds using a Python script, which extracts artifacts from individual pages or feeds and injects them into the HyperAgent, allowing the HyperAgent to scan and identify if we are impacted by the feed, and then build a report or storyboard for us. I have not seen anything that indicates inaccuracy, so I trust the produced outputs so far.

    Torq is deployed in our organization as a private cloud; we are not on-prem, and we utilize Torq's back-end or cloud instances.

    Torq has changed the day-to-day experience for my security analysts, both in terms of workload and morale, by making the process easier.

    Torq biggest feedback from my teammates is that going through each case is much easier because the case management layout in Torq is structured with a multi-pane window. You have all cases in the background, and when you pull up a case, it displays on the side for quick review and closure, so you are not opening up numerous tabs for each individual case. This makes life a lot easier, and my analysts really appreciate the UI aspects of Torq.

    Torq value is realized instantaneously; the moment I started building and shipping out workflows from XSOAR, it became easier post go-live since I already knew how to build. Thus, the transition from XSOAR to Torq provided instant gratification.

    We do not use Torq's Agentic AI at this moment in time.

    There have not been any changes in the stress levels and focus of our SecOps staff due to using Torq's AI since our analysts engage the AI component of Torq very little. Torq's AI main usage is found on the back end by developers, including myself.

    I would rate this review as a nine overall.

    Hiten Nandasana

    Automation platform has transformed user onboarding and manages daily workflows efficiently

    Reviewed on May 18, 2026
    Review provided by PeerSpot

    What is our primary use case?

    Initially, we were using Slack for small automations, such as creating pipelines or shutting down servers. For example, I could shut down one of our Angular services on one of our servers through a slash command in Slack. To automate this process, we migrated everything from Slack to Torq. Currently, we are in the migration phase, with most of it completed, though some portions are still pending.

    We use Torq for identity management. For identity purposes, we create user accounts and have a workflow that creates a user account, adds that user into Slack, and grants Git access. This workflow handles user additions, deletions, and modifications related to identity, and it is working very well.

    We are not using Torq extensively for security purposes, as we have limited use cases for security. However, we are using it for day-to-day activities and general automations, which are also working well.

    What is most valuable?

    Feature-wise, I appreciate the Torq UI because of its drag-and-drop functionality. Everything is drag-and-drop, and I can accomplish whatever I want to do directly without writing any code. In Slack, there are many things that require writing code and familiarity with automation tools, but Torq is no-code. This is very good compared to all other solutions I have seen.

    The workload has been reduced quite a bit. Initially, onboarding a new user would take four or five hours for one person to create a user account everywhere, remember everything, and follow Confluence documentation. After implementing Torq, we only need to provide the name, user ID, and email, submit it, and then it creates everything. Almost four or five hours of work is now completed in four or five minutes. This represents a very good time saving.

    What needs improvement?

    I do not dislike anything about Torq because it has satisfied all of our use cases and requirements. We contacted support as well, and support is very good. I believe everything is good now. However, one thing I can mention is that if Torq provided more templates on the development side, that would be beneficial.

    As of now, Torq satisfies our use cases. A template would be helpful for someone who does not know anything about Torq and is starting to use it for the first time. After conducting a POC on Torq, I can implement solutions without needing templates as much, but templates would serve as a reference for new users. For example, templates would show what is possible with Torq. We faced this issue when we were new to Torq. We were considering use cases but wondering whether they were possible with Torq. At that time, we asked support if it was possible, and they explained how to implement it. If there were default templates available, we could see the templates and understand what is possible and doable with Torq.

    For how long have I used the solution?

    I have used Torq for about one and a half year.

    What do I think about the stability of the solution?

    I have not faced any issues until now. Torq is working very well without any problems and no downtime. Whenever I access the Torq URL, it is working. This is very good.

    There is no downtime at all. We have been using Torq for one and a half years, but we have experienced no downtime.

    What do I think about the scalability of the solution?

    Torq is very scalable. Whenever we require any new use cases, we simply need to create a new workflow. If we need to update something, we can update the workflow as well. Torq is fully scalable.

    How are customer service and support?

    The support team is very quick. Within 24 hours, they will send an email or come on a call if something is critical. Support is provided within 24 hours.

    Which solution did I use previously and why did I switch?

    We used Slack previously. I do not have experience with other tools. We used only Slack. However, Slack is used primarily for chatting and communication purposes in all organizations. While Slack is not similar to Torq, we were able to accomplish our automation through it somehow.

    How was the initial setup?

    The initial deployment was very easy. I did not face any issues. We purchased a SaaS product that is cloud-based, so there were no issues at all. The process was very straightforward with simple steps.

    What about the implementation team?

    At least one or two people are needed. One to two people are enough for this. It is a one-time setup where we create workflows based on our use cases. However, if we want to add more workflows, we need some support. For that purpose, one or two people who know Torq are more than enough.

    What was our ROI?

    After we created a workflow and tested it, we started using it, and the return was immediate. After creating the workflow, we were immediately getting results.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is cheap. Although I did not purchase the product myself, my manager and others were discussing it. This is a very cheap product, and it is very helpful.

    What other advice do I have?

    I have been working for five years with experience in the IT field. Torq is very good. It manages everything. I would rate this product 10 out of 10.

    Abdullah Zubair

    Modern automation has transformed alert triage and now unifies incident handling for analysts

    Reviewed on May 18, 2026
    Review provided by PeerSpot

    What is our primary use case?

    As MSSPs, we serve our customers using Torq, and I work as a consultant in an MSSP that uses Torq as our main SOAR platform for our SOC.

    Our usual use cases for Torq involve a variable amount of scenarios. We use it for fast automation building, as the automation building capability in Torq is low-code and quick with less scripting involved. This enables faster Tier 1 SOC automation, so all Level 1 analyst work is eliminated with Torq.

    Our other use case centers on its cloud-native architecture. Torq makes use of API-first integrations and event-driven workflows with AI-assisted triage and response capabilities. It can be integrated with different multi-cloud vendors as well as other SaaS stacks, other MDR, and MSSP operations. Integration with cloud technologies is very straightforward.

    Regarding Torq's automation of triage, investigation, and remediation actions across multiple attack surfaces, the data ingestion pipeline and workflow are excellent. Torq ingests alerts from a SIEM, EDR, CSPM, IAM, email, ASM, and other sources. It then performs normalization and enrichment. The third phase involves correlation across services, correlating data between different platforms when alerts arrive from endpoints, identity, cloud, network, or other sources. After correlation, the AI rule-based triage determines whether an alert is a false positive, a real attack, or its priority level. This is managed by the AI Agentic software within Torq. The automated response playbook then comes into play for remediation. If a playbook has been configured, it may disable a user, isolate a host, revoke a token, or patch a cloud issue based on what the AI detected. The final stage involves ticketing and validation. Torq audits everything, generates a ticket regarding whether the task has been completed, and includes a validation point that ensures all completed work has been confirmed or validated for completeness.

    What is most valuable?

    The valuable and important aspects I find about Torq include how it was deployed in our environment and integrated with every other technology within our SOC, which was a straightforward task with minimal hassle. The documentation from Torq was thorough, and we were able to integrate other technologies well.

    Torq's UI interface is easy to understand and digest. It is visually appealing and information flows consistently, making it easy to grasp whether you are looking at it for the first time or have been working on it for a month or two. The interface is logical in terms of page navigation and how settings are organized by category, all sensibly categorized.

    In terms of how Torq has changed the day-to-day experience for my security analysts regarding their workload and job satisfaction, the analysts feel more confident. They believe Torq has all the elements that increase their confidence in how technology should look and integrate with every other piece of technology within our SOC. Under one SOC tool in Torq, analysts get to know everything within the context of an alert or incident they are working on. Torq also provides analysts with a comprehensive viewpoint where they can see all alerts coming from various software, technologies, and alerting systems for a certain customer. This ability to view the whole picture within Torq is one of the major breakthroughs and best offerings of Torq.

    What needs improvement?

    Torq does extensive marketing saying that SOAR is dead and markets itself as an all-in-one solution, but this is not actually true. Torq is a SOAR platform. Branding that suggests SOAR is dead might not be the best approach. Similarly, marketing Torq as an AI SOC replacing SOAR is part of the overall branding strategy, but Torq should position itself as a SOAR platform because that is what it is. If Torq brands itself as an AI SOC or something else, there might be different outcomes in the long run.

    The AI value depends on maturity. Real value depends heavily on telemetry, integration depth, and workflow design, all of which rely on how mature customers are in their SOC department. There is a dependency in this relationship. Enterprise complexity still exists as well. Although Torq is easier than older SOAR tools, large deployments can still become operationally complex, integration-heavy, and governance-sensitive. Many organizations apply extensive governance for security, and Torq does not always comply with all the policies that certain enterprises require.

    For how long have I used the solution?

    I have been working with Torq for almost four months.

    What do I think about the stability of the solution?

    Torq is quite stable and reliable with consistent performance. I have not encountered any bugs or errors.

    What do I think about the scalability of the solution?

    Torq is quite scalable and can scale to accommodate whatever amount of customers you onboard or whatever volume of incidents or alerts are generated daily.

    How are customer service and support?

    We do not often communicate with Torq's technical support. We had to contact them during initial installation, but we have not needed to since. My impression of their technical support during the initial setup was that they were helpful, responded within a reasonable timeframe, and provided exactly what we needed.

    Which solution did I use previously and why did I switch?

    Before using Torq, we were using Google Simplify, a SOAR platform by Google, which we used for about four or five years. Before that, we were not using any SOAR solution.

    How was the initial setup?

    I participated in the initial setup of Torq, which was not complex. Everything was straightforward with minimal hassle. All customization had to be done through APIs, which is always the best approach. There were not many issues during the initial deployment.

    What was our ROI?

    We are still in the process of realizing value with Torq. Since we transitioned from another SOAR just a few months ago, we have not conducted any system review or performance review. After a six-month or twelve-month period, we will likely conduct a performance review. For now, we are still assessing how much efficiency improvement we have achieved with Torq enablement. Generally speaking, the analysts are very pleased with it, and the integration of how Torq connects is working well.

    Which other solutions did I evaluate?

    Before choosing Torq, we evaluated other vendors including Tines, Splunk SOAR, Microsoft Sentinel Automation, and Palo Alto Cortex XSOAR. We ultimately decided on Torq.

    We dismissed other options in favor of Torq for a variety of reasons. Our solution architect team conducted extensive analysis to determine which platform would move forward, alongside company negotiations and the support we were receiving from Torq. The decision was not based on just one or two factors, but rather on an in-depth analysis.

    What other advice do I have?

    Comparing Torq's unified platform approach to AI SOC automation and case management with my experience managing multiple point solutions across my security stack, I find that Torq is modern because many other platforms lack this quality. When I say modern, I mean it encompasses everything—the UI interface, integrations, the ability to use AI, and the ability to navigate through cases. Other platforms that are not as modern lack in one or two departments. With Torq, case handling and how a case moves from instantiation through analyst work to resolution or closure—all these stages are managed in a way that is somewhat similar to how other platforms handle them, but it is more modern and represents how technology should look in 2026. The UI interface is quite good, which makes a significant difference in how you view the technology. While it is not a very big leap in terms of case handling compared to other platforms, it still represents an improvement when compared with other multi-integration or multi-connecting platforms.

    Regarding the pricing and licensing of Torq, I cannot comment extensively because pricing has been controlled by our product manager. The relativeness between what pricing we received from the previous SOAR and our current Torq pricing is something that should be asked from a product manager, as we as architects and engineers do not handle the sales aspect of the technology. The pricing appears to be user-based rather than database-based, meaning it is based on the number of analysts working on the platform, whether that is fifty, twenty, or thirty, which represents good value.

    I would rate this review eight out of ten.

    AdityaDesai

    Automation has streamlined multi-tenant SOC workflows and improves alert handling efficiency

    Reviewed on May 15, 2026
    Review provided by PeerSpot

    What is our primary use case?

    My usual use cases for Torq involved more than 70 customers. We were an MSSP back then, and there were all sizes of customers with different industry verticals. Since our company was a Microsoft shop, we had a lot of Microsoft solutions integrating with Torq. We had an in-house Security Operations Center that worked 24/7. Torq was utilized in an MSSP model wherein we had different client workspaces, a pro-arc, and a parent workspace. From alert ingestion, incident investigation, triage investigation, to response, we were using Torq. We also built a lot of workflows within Torq that handled malware analysis, email phishing analysis, and identity access management analysis, such as alerts from identity and access management. Additionally, we developed a vulnerability prioritization solution for our clients, which went to market, and many clients appreciated this solution as it provided significant insights into vulnerabilities relevant for them, driven by threat intelligence.

    My experience with Torq's Identiq AI regarding increasing alert handling capacity for our SecOps staff involves using Socrates, the AI orchestrator in Torq. Unfortunately, when I was working with Torq, I did not get hands-on experience with their Identiq AI capabilities because it was not available at that time. However, I utilized Socrates orchestrators within the platform that did help reduce some of the workload for our SOC analysts, but it was very premature back then. They later introduced a lot of features after we started implementing, which really helped. It is effective in handling alerts as long as you provide summarized data; otherwise, it could blow out of context and hallucinate.

    When I used Torq, it was indeed in the early stages of AI capabilities. Only a few customers were allowed to use it, and we were among them. It functioned well as long as we summarized the data properly. If you input garbage, you would get garbage out. Thus, we had to do significant fine-tuning regarding what data context we provided to the AI orchestrator to get meaningful results from a case or alert. There are features allowing us to dump plain JSON logs into case management, but that would not help much because the data context would be too large. They also have a certain token size limit, meaning we would only get meaningful results if we stayed within that limit. Hence, context is crucial, and they can improve on developing tools to enrich case data, providing meaningful context to the AI orchestrator.

    In terms of Torq's unified platform approach to AI SOC automation and case management compared to managing multiple point solutions across my security stack, I find it case-centric. They have many triggers that execute workflows based on specific changes in the cases. Each time there is a change an analyst makes in case management, it triggers a workflow. It is a case-centric platform, and when discussing a unified view, it is essentially about integrating various security solutions using API and some authentication, bringing in the data and allowing the workflows to do the work. Now, every time we need to use Torq, whether for reporting or workflow execution, we have to go through a case; otherwise, it is more isolated, requiring some interactive tasks to manage the inputs and execute the workflow.

    I have used Torq to automate triage, investigation, and remediation actions across multiple attack surfaces, including endpoint, identity, cloud, and IT. They provide good connector actions for various remediations like isolating or quarantining devices or blocking IPs. As long as the third-party API supports those actions, Torq can effectively deliver these connector actions. In cases where Torq lacks connector actions, there are HTTP steps and actions we can configure to hit the API endpoint and perform response actions.

    Torq is deployed only in the cloud in our organization, whereas Swimlane offers flexibility for customers to choose between on-premises or cloud deployments. We are using Azure as our specific cloud platform.

    What is most valuable?

    What I liked the most about Torq is the actual workflow builder. It is really great because they offer a lot of features and convenience features that are useful for any automation engineer. We can drag and drop and copy-paste. It does not provide much flexibility compared to Swimlane, but it does offer a very convenient user interface that can speed up the workflow building process.

    In terms of Torq's unified platform approach to AI SOC automation and case management compared to managing multiple point solutions across my security stack, I find it case-centric. They have many triggers that execute workflows based on specific changes in the cases. Each time there is a change an analyst makes in case management, it triggers a workflow. It is a case-centric platform, and when discussing a unified view, it is essentially about integrating various security solutions using API and some authentication, bringing in the data and allowing the workflows to do the work.

    I have used Torq to automate triage, investigation, and remediation actions across multiple attack surfaces, including endpoint, identity, cloud, and IT. They provide good connector actions for various remediations like isolating or quarantining devices or blocking IPs. As long as the third-party API supports those actions, Torq can effectively deliver these connector actions. In cases where Torq lacks connector actions, there are HTTP steps and actions we can configure to hit the API endpoint and perform response actions.

    What needs improvement?

    Although the reporting within Torq is not that great, we did ask for many features regarding reporting in Torq, but due to some platform constraints, they could not make the whole dataset available for us to be used in reporting. Except for that, we used some basic reporting.

    When I used Torq, it was indeed in the early stages of AI capabilities. Only a few customers were allowed to use it, and we were among them. It functioned well as long as we summarized the data properly. If you input garbage, you would get garbage out. Thus, we had to do significant fine-tuning regarding what data context we provided to the AI orchestrator to get meaningful results.

    In terms of Torq's unified platform approach to AI SOC automation and case management compared to managing multiple point solutions across my security stack, I find it case-centric. The unified view in case management is good since it provides clarity, although there are limitations regarding how many items in case management can be modified at once. Bulk operations are very limited, potentially due to their back-end database or data retrieval processes that can be improved.

    Regarding improvements for Torq, when we were onboarded, there were aspects we were uncertain about, such as the number of cases that could be generated, what data we could bring in, how many clients we could onboard, and similar concerns. Initially, we also lacked clarity about the number of playbooks or workflows we could build. Different triggers like system triggers, case-based triggers, and others can be employed without restrictions, but when it comes to on-demand and scheduled jobs, there is a limitation based on the subscription and pricing tier that notably caps the number of workflows we can create. No bulk editing across cases was one issue, along with limited filtering related to single grouping constraints. Additionally, the out-of-the-box case templates provided require substantial modifications before they become usable. There is also a feature in the cases for notes that cannot be searched. They are only visible through the UI, which is another area for improvement.

    The workflow and execution-based charges seem misleading as this was not discussed initially. I am not sure if new customers are made aware of this. It seems that workflows revolving around cases hinder functionality outside of case management, as we have many use cases needing on-demand triggers and schedules for functions like reporting or polling devices. Creating additional workflows to achieve basic functionalities raises costs significantly, which disadvantages customers. While they facilitate optimization and scaling, the support received tends to be very basic. Improvements can be made in that area as well.

    For how long have I used the solution?

    I have used Torq for over a year.

    What do I think about the stability of the solution?

    Torq is generally really stable and reliable, maintaining an uptime of almost 99.9%. This is a significant improvement compared to D3 Security, which we used previously. There were minor intermittent issues we faced where the platform was not reachable, and certain UI features became unresponsive, but these problems were resolved fairly quickly, within about 10 to 15 minutes. Such downtime did not greatly impact operations because the back-end workflows were functioning correctly, allowing ingestion and API actions to remain unaffected.

    What do I think about the scalability of the solution?

    Regarding the scalability of Torq, it is good. It is not very poor, but conditions apply. If a very large workflow processes excessive data, the browser can sometimes crash.

    We did address this issue with the Torq team when they suggested modularizing our workflows to handle this better. They recommended breaking down larger workflows into smaller components. However, their support or advice was not available when we were architecting the entire solution for our security operations center. Despite numerous review meetings, the guidance was absent at that time, and only after we started encountering slowness and crashes did they suggest the modularization approach. We made significant efforts to modularize as best as we could, but even so, some slowness persisted. If the workflow handles less data and remains small, it operates well. However, with a lot of incoming data managed within a single workflow, it can crash and become slow.

    How are customer service and support?

    I would rate their technical support and customer service as an eight, perhaps seven or eight.

    Their response time is quite quick. Any tickets raised in the portal receive prompt follow-up. However, they often request access to the platform to perform necessary actions, and I typically grant this access by default. Having worked with them for over a year, I am well-acquainted with their procedures, yet there are instances where they ask again for access, which can delay resolution. When it comes to requests for new features, they often place our needs on a pipeline to evaluate demand across customers. Although I understand their development procedures, I believe if a feature is deemed critical by a customer, they should establish a timeline for potential delivery rather than simply putting it on a list without a timeline.

    Which solution did I use previously and why did I switch?

    Before Torq, specific challenges in my SOC involved using another platform called D3 Security, which claimed to be a cloud-based solution, but it was essentially running on a VM in the cloud. Every time they performed an update, push, or maintenance, the system would be down for hours or a certain time period. We saw downtimes up to an hour with that platform previously. Although the situation may be different now, what I experienced in 2022 and 2023 made it clear that scheduled maintenance, updates, and upgrades required downtime, which was not seamless. We had a high-performance security operations center working 24/7, so we needed a platform that would provide better uptime, not behave like a legacy solution. Torq addressed this. Updates were seamless, and while there were issues and downtimes, they were not as severe as with the previous solution due to Torq's different architecture and update handling. The serverless nature of Torq provided options for updating actions or steps in workflows on the screen, allowing us to decide whether to upgrade to the newest version or stick with the current one, empowering us with flexibility and decision-making freedom to test before upgrading, which was not the case with D3 Security.

    How was the initial setup?

    The initial setup of Torq is pretty straightforward. It is not complex, and I find it relatively easy, although a learning curve exists, which is not too challenging.

    What was our ROI?

    I think it takes around three months to realize value with Torq. Implementation alone takes about one month. They have an excellent support and customer success team that assists significantly during this time. It took roughly one month to complete the end-to-end implementation, and to stabilize everything, we faced a lot of errors since we configured most of it, which required about two months for stabilization. Overall, I believe you need around four to five months to see a return on investment.

    Which other solutions did I evaluate?

    Before Torq, I was using D3 Security, which had a legacy architecture with standalone servers in the cloud. This setup truly hindered our ability to work seamlessly within our security operations center, where we needed nearly 24/7 uptime. Although they promised a certain SLA, they did not meet our expectations, leading us to seek a more modernized solution like Torq, Tines, or Swimlane.

    We did evaluate other options, conducting proof of concepts with Torq, Tines, and Swimlane, but we ultimately proceeded with Torq.

    What other advice do I have?

    These abilities compare to other tools I looked at as being quite standard. It is not something exceptional, as I mentioned. The overall performance depends significantly on how one builds the workflow since it is a SOAR platform. The customer bears the majority of the workload in developing workflows and playbooks to customize according to their needs. In a typical SOC scenario, we would want confirmation that an alert is a definite true positive before taking specific actions based on approvals. Torq provides end-to-end features allowing us to determine if it is a true positive. Additionally, there are communication connectors to notify our clients, "Hey, this looks fishy. We want to block this user." We can send a link within that communication, and once they click, we receive a response back confirming it is approved. There is also an escalation procedure built within the platform to assign cases to different tier analysts, and based on that, they can take response actions. Overall, I believe it is a convenient setup, yet ultimately, it is up to the customers to build it as they see fit. I would rate Torq overall at around an eight, based on all aspects I have worked with.

    R Nandasana

    Automation has transformed security operations and now reduces manual soc effort significantly

    Reviewed on May 06, 2026
    Review provided by PeerSpot

    What is our primary use case?

    Torq is primarily used for security operations, mainly for the SOC team. I develop use cases based on requirements from what the SOC team does in everyday operations. Based on those requirements, I implement security use cases and automations.

    For example, when a new user is created, there is a simple workflow where you provide a username, start the workflow, and it completes execution, creating the user everywhere without issues. We have a lot of use cases implemented and are actively using them.

    Torq automates triage, investigation, and remediation actions across multiple attack surfaces. Currently, we are using it for SOC operations only, but it satisfies everything we need.

    How has it helped my organization?

    Torq has helped a lot regarding SOC analyst efficiency. We previously had a team of thirty people working in shifts, but now we have reduced the team by half to fifteen members, which allows the remaining members to focus on other areas. Our team is able to handle all activities because everything was previously manual.

    Now they just need to get a URL from Torq, hit that URL, and the workflow runs and does the job. Previously, they spent hours on single tasks, but now they can complete them in five minutes, two minutes, or ten minutes, which is very time-saving.

    What is most valuable?

    Torq is an excellent product. There are no significant drawbacks. However, sometimes we need to write custom scripting. Personally, I love to write scripts, but this is a problem for people who do not know scripting or do not prefer scripting.

    Additionally, the documentation for Torq is not very clear. Most of the information is presented in videos, which are not ideal for reading; there are mostly paragraphs and other text-based content.

    Torq demonstrates very good scalability. We can create any number of use cases and alerts. There are also default ready-to-use playbooks available that we can use. It is a scalable product.

    What needs improvement?

    To improve alert handling capability, there are ready-to-use playbooks available, but there are very few. Torq should add more playbooks. For example, everyone needs user creation and deletion, and all companies use firewall data. Torq should offer default templates that can directly scan firewall data and automate actions.

    Additionally, the logging and debugging visibility for what Torq does in the backend is not very visible, so this aspect could be improved.

    For how long have I used the solution?

    I have been using Torq for the last one and a half years. We recently purchased this new product in our environment.

    What do I think about the stability of the solution?

    Torq is good from a stability perspective. I have never faced any downtime or issues.

    How are customer service and support?

    We have contacted technical support many times. When we purchased the product, we often called the pre-sales person to discuss use cases. We asked if we could build certain use cases and if not, what the alternatives were. This support was very helpful and is a good aspect of Torq. The support team is always available. I would give them a nine out of ten for support.

    Which solution did I use previously and why did I switch?

    Previously, we were using Splunk SOAR, and we switched to Torq because Splunk SOAR requires a lot of technical knowledge. In Torq, we found it very easy with its graphical GUI. There is no code required; you just drag and drop everything and do simple configurations on the right-hand side tab panel, and that is all. Workflows are implemented easily, which is excellent.

    How was the initial setup?

    The initial deployment is easy because we purchased only the cloud version. I do not know if it is also possible on a hybrid model, but we purchased the cloud version. It requires very minimal effort to deploy all workflows easily.

    What was our ROI?

    We did not see the benefits of Torq immediately. After four or five months, we started to see the benefits because it was in the beginning stage, and no one was familiar with it. Initially, we learned and investigated the product and conducted many POCs. It took about five to six months because I did not find much proper documentation. I did some courses, including a pre-sales course and an admin course, which were good, but it took six months to see the benefits.

    What's my experience with pricing, setup cost, and licensing?

    I do not have much knowledge about the pricing. Initially, I heard that we are using the cloud version, which is considered cheap compared to Splunk and others.

    Which other solutions did I evaluate?

    Torq is very comparable to other tools. I know some products in the market, including Tines, Palo Alto XSOAR, and Splunk SOAR. Compared to these three, I find Torq valuable because other products do not do all the things.

    However, one disadvantage of Torq is that it works only for security and security-related operations. It will not do any other automation, like alerting through email or getting data from Splunk to alert somewhere in ServiceNow; that is not possible.

    What other advice do I have?

    The maintenance side is very good because we are using the product to reduce activities. For instance, sometimes there is an alert or phishing email, and we want to address it immediately. For that purpose, Torq is very helpful and is doing its job greatly. There is no maintenance required on our end. I would rate this product at nine out of ten.

    reviewer2802333

    Automation has transformed security operations and streamlines complex incident triage

    Reviewed on Feb 11, 2026
    Review from a verified AWS customer

    What is our primary use case?

    My use case for Torq encompasses all aspects of security automation. I utilize it for running automation for the security department, not all departments in my organization, but mainly for the security department.

    I use it for operations automation, where I automate some of the operations processes. I also use it for a SOC platform, as I get all of my security incidents into Torq and prioritize and escalate to the relevant person to review and take response actions automatically.

    How has it helped my organization?

    reduced MTTD MTTR MTTE

    What is most valuable?

    The best features in Torq make it feel versatile and comprehensive. I can do everything with Torq. If something is not possible through out-of-the-box integration between two vendors, I can put Torq in the middle of the process and Torq will help me connect systems together, automate the entire process, and automate data flows, prioritization, and data manipulation.

    Any request that comes in, regardless of how complex it is, I can accomplish it with Torq. If there are no direct integrations between two systems, Torq can always come in between them and automate the integration.

    It has so many capabilities that I can connect everything by using APIs or HTTP requests or running scripts to automate the connection between systems. Regardless of how complex the things I would like to do with Torq are, I will always be able to do that. There is no such thing as not being able to do something with Torq; I will find a way to do that.

    Agentic AI helps with alert handling by simplifying the process of parsing different data where data sources can change the schema of the data. It is really simple for me to do that with Torq and the Agentic AI; I do not need to keep track of everything and manage that manually in the automation, as the Agentic AI can do that for me.

    Also, for the enrichment part, the Agentic AI can enrich all of my data straightforwardly with the right guardrails in place.

    Regarding Torq's unified platform approach to AI SOC automation, I understand it is not a global feature yet, but they are working on one of the most critical features called Auto Triage. This feature would dramatically change the way AI SOC is provided to customers.

    The AI can investigate cases or security incidents, and through their AI agents or engines, they can determine whether a case is a true positive benign, true positive malicious, or false positive. Based on this categorization, I can really reduce the amount of work that escalates for a human being to review and take action upon.

    What needs improvement?

    The areas that have room for improvement in Torq include the way cases or data can be presented and data manipulation in automation.

    For how long have I used the solution?

    My experience using Torq is about a year and a half, or even more than that, maybe two years.

    What do I think about the stability of the solution?

    I would rate Torq's product stability at eight, acknowledging that there are bugs, glitches, and downtimes.

    What do I think about the scalability of the solution?

    From a scalability perspective, I would rate Torq as a ten for my 30 people working globally.

    How are customer service and support?

    I would rate the vendor's technical support as an eight.

    Which solution did I use previously and why did I switch?

    When I decided to go with Torq, I did a POC with three other major players in the SOAR world. What I appreciated most about Torq is the simplicity to connect systems or to do things that are not available outside of the box.

    If Torq does not provide a step or an action out of the box to do with a third-party system, I can simply and straightforwardly plug it into Torq by reviewing the third-party system documentation and do it on my own without a lot of complexity. It is easy and impressive.

    How was the initial setup?

    Torq is very easy to maintain.

    What about the implementation team?

    Regarding how often maintenance is required, I would say that the maintenance involves automation, not the platform itself. It is maintaining the things that I have built, so I would say maintenance occurs on a weekly basis.

    What was our ROI?

    In terms of return on investment, I think I have saved about one hundred fifty percent in time, resources, and money.

    What's my experience with pricing, setup cost, and licensing?

    Regarding the pricing of Torq, I would say it is expensive. All cyber solutions are expensive. When they bring more and more value into the platform, it makes more sense to pay that price, but still, it is expensive.

    Which other solutions did I evaluate?

    The other vendors I looked at include Demisto Palo Alto and Tines, as well as Simplify, which is Google's Chronicle automation SOAR platform.

    What other advice do I have?

    I realized the value of Torq even within days. It was much easier and much simpler. Even on the demo call, I asked very specific questions because I knew the gaps that I had in other platforms.

    In the demo call, I saw that they had solutions to all of my pain points, so I knew from the beginning that it was going to be a match. I do recommend this product.

    My advice to others looking into implementing it would be to utilize their AI agents to help build things they do not know how to do. Their AI assistants and AI agents helped me accomplish many complex tasks with minimal effort. I would rate this product a nine overall.

    Alon Barazani

    Automation has transformed daily alert handling and now frees hours for deeper security work

    Reviewed on Feb 05, 2026
    Review provided by PeerSpot

    What is our primary use case?

    I use Torq as my case management and alert system. Working as a SOC analyst, the first thing I do every morning is get into Torq, review all the open cases and incidents, understand their severity, investigate them, and close them if they are legitimate. I also investigate whether there is anything malicious. I use Torq daily.

    We build workflows inside Torq—automations that can automate every action that we do manually. For example, we send Slack messages to users who we think shared corporate data, or investigate specific machines where we suspect there is some sort of SQL injection. We can automate every type of security-related incident through the workflows in Torq.

    What is most valuable?

    All the workflows are something really particular. From what I have seen in the past, I have never seen this maturity of automated processes, and the whole idea of drag and drop automation is really simple. This is something I have never seen before. Even with our previous vendor, we did not have this type of maturity. We needed to manually create our own tasks, and it took much longer than what we are doing with Torq.

    AI is helping us summarize security alerts. The first thing I do in the morning is get into cases and review all the open cases and incidents. The first thing I see is the AI summary, and it is already telling me all the details that I need to know. Of course, we configured it so that all the relevant details appear in the AI summary, but I almost never need to check the actual details in the logs of the case because I have this summary. On the workflow aspect, I have created multiple tasks that work with AI. For example, I summarize some sort of log and extract only the relevant data from it. I created an agent that can automate processes and make manual API calls to review and collect data that I need for some specific alerts. Recently, they upgraded the Hyperagents and added many automated processes that I am looking forward to using. For example, they created a prompt that can help analyze JSON, which is really good for me because I needed to use it and looked for something like this. They have an option to output from an LLM as JSON, which also really helped me. I am using it on a daily basis.

    In the previous system, we were not happy with it. We saw that there were many processes we needed to do manually, while there are options around the market that can help us do those processes automatically. For example, for collecting data, we needed to create the HTTP request ourselves, while in Torq, there are already multiple custom-made tasks that collect the API data themselves, and we do not need to build the whole HTTP request. We looked for a way to save time and automate processes, and Torq really answered those questions.

    What needs improvement?

    This is exactly what we discussed two days ago with the Torq team. We told them where we want to see improvements. For example, we have MCP that we are working with our cloud security platform, and we wanted to connect this MCP to the case management. When I go inside a case, I want to have a search bar where I can search details about my cloud and everything in my cloud, details about the specific vendors of the alert, not only the alert itself. Currently, we have a search bar for the alert itself, but we do not have a search bar for the connectors. This is one place for improvement.

    We already talked about some filtering that they can add. They have a dashboard case dashboard, which is a separate page from the cases itself. We thought about adding a specific widget to the cases page so that we can see statistics inside the cases page. However, there were a few things before that we wanted them to work on, and they have already solved them. For example, we wanted to implement Torq to have access only within our VPN, and as far as I know, they worked on it. A month ago, it succeeded, and we are currently only connecting inside of the VPN.

    For how long have I used the solution?

    I have been using Torq for the past four to five months.

    What do I think about the stability of the solution?

    As far as I know for now, I have never seen any message from them that there is maintenance and we need to wait or something like that.

    What do I think about the scalability of the solution?

    I would rate scalability about nine.

    How are customer service and support?

    I would rate customer service nine.

    Which solution did I use previously and why did I switch?

    Our previous solution was Cortex. When we reviewed multiple SOAR solutions, we saw that all the new SOAR companies are doing basically the same thing. We then looked for the specific company that could help us automate and create automated processes with the most mature solution. Torq really answered those questions and really helped us with it. When we started the process and began working with Torq and seeing all the system, we saw that it became really easy to create a workflow. I do not need to think too much. I know I have many drag and drop tasks that can automate a process, which I could have done manually for months.

    How was the initial setup?

    The setup was easy. All of our security operations team got into Torq and started working on workflows in parallel, which made the entire onboarding process really easier. Something that should have taken half a year took two to three months, and then we finished everything and migrated everything.

    What about the implementation team?

    Only our teams implemented Torq.

    What was our ROI?

    The main thing that I got when we started working with Torq is time. I used to have much more time to review alerts, and most of the alerts were manually closed rather than automatically closed. I had most of my day investigating alerts and solving them. A huge part of them are false positives and things that are legitimate and just need a quick check or sending a message.

    Since we started working with Torq, I am handling much fewer alerts. It is becoming really easy for me to handle an alert. I have all the information that I need. I do not need to connect to different vendors to receive this information. The main thing I got from Torq is time, and this free time helps me to build another automated system, learn, and there is no need to explain what time is and how important it is.

    I used to spend something like three to four hours each day working on cases. Now when we are working in Torq, in the first hour and a half to two hours, I am solving all the cases and the open cases, and I am free to do whatever I need.

    What's my experience with pricing, setup cost, and licensing?

    Unfortunately, I am not aware of the pricing itself. This is something that my manager would be able to answer, but I am not aware of the price.

    What other advice do I have?

    I would definitely recommend Torq. I have no doubt, really. When we looked for another vendor, Torq really answered all our questions. It really helps us to receive the best solution for our SOAR.

    We already connected Torq with our EDR, SIM logs, and DLP systems. When we connected it, the whole idea of Torq was collecting all the data to a specific place. We created alerts in the SIM and then automatically sent them to Torq. We do not handle the alerts in the SIM, only on Torq. When we collected the data from all the vendors, it is really easy when everything is in one place. We have everything in Torq, and then we do not need to connect to each system to review all the data.

    I believe we looked for a maturity that they did not have at first, but right now I can see and tell that they have this maturity, and we are going to use the Agentic AI. It used to be like a six, and right now it seems like an eight, maybe nine even when we review it. I would rate this review an eight overall.

    Orlando M.

    Efficient Automation with Robust Integrations

    Reviewed on Feb 03, 2026
    Review provided by G2
    What do you like best about the product?
    I really like Torq's integration capability, as it allows for native integration with multiple platforms, making it possible to create more complex workflows and improving operational efficiency. I also appreciate its ease of use; the learning curve is quick and it is really easy to work with, although it requires some prior development knowledge. The visibility it offers by displaying workflows in graphic mode helps reduce errors when generating complex flows, which I find very useful.
    What do you dislike about the product?
    The topic of licensing is somewhat complex, in which it is very well defined. It is important to keep updated the way products should be licensed.
    What problems is the product solving and how is that benefiting you?
    Torq improves operations by automating processes, making them more efficient and productive. Its native integration with multiple platforms allows for the creation of complex and operationally efficient workflows, as well as making them visually easier, reducing errors.