Streamlining Incident Response with Automated Workflows

The Panther team is excited to unveil our latest alert destination integration: Torq! Torq is transforming cybersecurity with its pioneering enterprise-grade, AI-driven hyperautomation platform. By connecting the entire security infrastructure stack, Torq makes autonomous security operations a reality. It empowers organizations to instantly and precisely remediate security events, and orchestrate complex security processes at scale. Panther users can now set up Torq as an alert destination with just a few clicks and start leveraging Torq to automate their incident response workflows, from alert triage to fully automated remediation for low-level alerts. 

Torq helps you get more value from Panther through its ability to orchestrate and automate the resolution of security alerts detected by your Security Operations Center (SOC). Torq HyperSOC™ was engineered to solve the existential challenges faced by SOC teams including alert volume, alert fatigue, and the global talent shortage. By leveraging external threat intelligence feeds and infinite integration possibilities, Torq enriches alerts with contextual data, enabling seamless prioritization and routing of alerts to the appropriate security analysts or team members for any necessary further investigation and response work. This streamlined process ensures critical alerts reach the right practitioner first and receive prompt attention, enhancing overall response efficiency and detection time. 

Torq enables SOC teams to auto-remediate up to 95% of Tier-1 cases by leveraging AI to execute SOC-defined automation runbooks at machine speed. Automating remediation for low-level alerts frees up the security team’s time to focus on more critical alerts and potential threats, increasing total threat model coverage. While some security teams overwhelmed with alert volume may be forced to choose to disable low-level alerts – potentially losing crucial historical context for future investigations – automated alert remediation is a solution that leaves the alert intact without the need for any tradeoffs. 

Let’s examine how Panther users can leverage Torq for incident response workflows. In this example, Panther has detected the creation of a user role with sensitive permissions in AWS and generated an alert, given the potential security risk for this action. The alert is sent to Torq and triggers predefined automation for this type of alert. Torq enriches the alert with relevant IP data, asks the user involved if they performed the action, and remediates the alert by automatically deleting the user role in AWS. This proactive approach to incident response, leveraging Torq as an alert destination for Panther, frees up valuable security team members’ time without sacrificing security posture. 

Panther and Torq now seamlessly integrate, pairing the power of Panther’s detection-as-code workflows with Torq’s automated incident response workflows. Whether automating alert triage, prioritization, or remediation, Torq empowers security teams to respond swiftly and decisively to potential threats, bolstering the resilience of their organization’s security posture.

Ready to experience the power of Torq plus Panther? Request a demo of Panther.