- 10 Jul 2023
- 1 Minute to read
- DarkLight
Cases
- Updated on 10 Jul 2023
- 1 Minute to read
- DarkLight
With Torq, security teams can automate case management: create, update, process, and resolve cases in response to security alerts, ensuring quick prioritization and handling. Torq cases are based on Torq's powerful no-code automation platform, allowing you and your team to fully automate the case lifecycle to ensure team members are exposed to less noise and can focus on high-priority items.
Torq cases are OCSF-compliant, flexible, and easily extensible to fit your organization's needs and, together with automation, can be used to orchestrate any analysis and remediation flows efficiently. To view the active or recently resolved cases go to the Cases page.
Key features
- Case timeline to summarize the course of the investigation.
- Automatically create, update, process, and resolve cases using Torq steps.
- Observables are first-class citizen objects, meaning you can view the cases a single observable is associated with to discover relationships between seemingly unrelated events.
- Use events in the case lifecycle, such as adding a new observable, changing the severity, and more, to trigger workflows to automate case management.
- Link related cases for a comprehensive understanding of the broader context.
- Customization options.