Glossary

Activity logs include information for the following activities: triggered workflows, single-step executions, and events that didn't trigger a workflow. They are searchable and filterable. You can access activity logs via the UI or the API.

An application programming interface is a way for two or more computer programs to communicate with each other. It is a type of software interface, offering a service to other pieces of software. In Torq, it's how we pass and send information to your third-party applications, among other things.

An API key is a unique token generated on a user level within a workspace. It's used to authorize Torq's API calls when making requests, retrieving data, or performing actions.

Audit logs record the occurrence of an event, the timestamp, the instigating user or service, and the impacted entity. Audit logs come from the workspace the calling API key originates from - not all workspaces within an organization. 

Use the break operator within a loop to stop and exit the loop.

Cases automate tracking, investigating, and managing security incidents, by centralizing relevant data and facilitating the incident response process.

CIS (Center for Internet Security) AWS (Amazon Web Services) refers to a set of security guidelines and best practices for safely using Amazon's cloud computing services.

A claim mapping describes how the value of a specific user attribute in the IdP will be translated into a role in Torq when using single sign-on (SSO). For example, add a claim with the name groups that will assign each user in the IdP group engineers (claim value) the Contributor role in Torq.

Pertaining to Cases: the Closed status indicates that all actions related to the Case have been completed. 

Context expressions are a way to reference parameters or output from within previous workflow steps.  

The Contributor role can view, trigger, edit, and publish workflows and integration data. 

The Creator role can view, trigger, create, and modify workflows and integrations.
 

Custom steps are user-made steps that can be created from HTTP mode, a cURL command, or nested workflows. They are workspace-specific unless imported. 

The designer (or canvas) refers to the visual area where Torq users drag and arrange steps and build workflows. 

An event is a notification that responds to a specific action, allowing Torq to respond or trigger other actions accordingly.

An execution is an alternative word for a workflow or step run. 

The Exit operator will end and exit the workflow.

Save a copy of a workflow locally, allowing you to import it into other workspaces.

The If operator checks if a given condition is true or false before performing a specific action.

IMAP (Internet Mail Access Protocol) is a protocol for retrieving email messages from a mail server. In Torq, the IMAP trigger is used to ingest emails as events from a configured IMAP server.

Bring a workflow or step from outside of Torq into your workspace.

Insights is Torq's analytics dashboard, which contains information on time saved through Torq and workflow stats.  

Integrations are connections to third-party services (see vendors). There are separate Trigger and Step integrations. 

A connection to an external service (vendor) and is used to interact with data as part of a workflow.

A loop is a repetition of the same steps multiple times until a specific condition is met.

The workflow metadata is information about the current execution that's available in the context automatically, such as the workspace ID, workflow name, user email, etc. 

Use mock outputs to execute steps without making the API requests they are based on and get a manually preconfigured response instead. 

Nested workflows are a way to perform a common action or set of actions that you intend to reuse across workflows by placing one workflow within another workflow - the nested workflow will run when triggered by the parent workflow. 

NIST, the National Institute of Standards and Technology, is a U.S. government agency responsible for developing and promoting measurement standards, guidelines, and best practices in various fields, including cybersecurity.

Pertinent to Cases: Observables are OCSF-compliant objects that represent the indicators related to each case, such as IP addresses, URLs, file hashes, resource UIDs, and more.

The Operator role can view and trigger workflows. 

The Owner role can view, modify, trigger, publish, and delete workflows and integrations within a workspace and manage the users and SSO within the workspace. 

A parameter is a variable used in a step that allows you to input values or settings, influencing the step's behavior or output.

A published workflow is an operational workflow that will run when its trigger conditions are met. 

Queuing a workflow involves placing tasks or requests in a line and ensuring they are processed in sequential order or based on priority.

Pertains to Cases: Quick actions are shortcuts to run workflows that were suggested for a case. 

The workflow or user that created a case. 

Pertaining to Cases, the Resolved status indicates that the issue has been addressed but may have some follow-up tasks remaining. 

Users within Torq are assigned workspace specific roles that designate which materials they can view, edit, & create. 

A run refers to when a workflow or step performs its actions. 

Pertinent to Cases: A runbook is a documented set of procedures and instructions that provide predefined instructions to serve as a guiding framework for case investigations. 

Related to Cases and reflects the level of urgency for a case. These correspond to the OCSF schema event severity identifier. 

Service Level Agreement is the duration in which a case should be resolved.

SOC 2 (Service Organization Control 2) is an auditing standard that assesses the security, availability, processing integrity, confidentiality, and privacy of an organization's systems and processes.

Single Sign-On (SSO) is a security mechanism that allows users to log in to multiple applications or systems using a single set of credentials, simplifying access management and security.

Pertaining to Cases: The case states correspond to the OCSF schema state identifier and are another word for Severity. 

Step runners are the components responsible for scheduling a step's execution and retrieving the step's output by using an adapter (either Kubernetes or Docker). Step runners can be hosted by Torq or your organization.

Single-purpose, automated actions. There are built-in steps (which are customizable) or you can create your own from scratch. 

Single-purpose, automated actions that are arranged on the designer and executed in a business-logical order to accomplish a workflow goal. In simple terms, a step will always begin with a verb that describes the action being taken on a piece of data.

A tag is a keyword or label assigned to workflows to aid in filtering and organization. 

A template is a customizable workflow built by security experts that can serve as either a starting point for creating workflows with certain vendors or use cases or that can be quickly filled in and utilized as is.

The TimeBack benchmark is a way to monitor how much time each automated workflow saves you.

Defines the conditions under which the workflow begins. When used as a verb, it means to start running the workflow. 

Utility steps are tools to assist with arrays, mathematics, debugging, functions, date & time, and more reaccuring tasks. 

Third-party services that can be securely connected and used within Torq through integrations. 

The Viewer role can view workflows and integrations. 

A wait operator temporarily pauses the execution of a workflow for a specified duration before proceeding to the next step.

Webhooks are listeners that wait to notify you about events and send forth data. Webhooks are created with a randomized URL and secured through obscurity.  

A unique URL endpoint in Torq where data is sent from external services.

A workflow is a logic you build to automate practices and actions, consisting of a trigger and a series of steps or operators. 

A workspace is an account within an organization.

A workspace variable is saved information (number, JSON, string, or boolean) that can be accessed and used across multiple workflows within one workspace.