Am I reading the correct user guide?
Am I reading the correct user guide?
Some connectors on the Vulcan help center offer multiple user guides tailored to different setups and versions.
To open the correct user guide for your setup and version, go to the connector's setup page and click How to connect.
Connector details
About Wiz Configurations
Wiz Configurations continuously detects and remediates misconfigurations from build time to runtime across your hybrid clouds – AWS, GCP, Azure, OCI, Alibaba Cloud, and VMware vSphere.
Support scope
Supported products | |
Category | Cloud |
Ingestion type | Assets and vulnerabilities |
Ingested asset type(s) | Hosts Images Cloud Resources |
Integration type | UNI directional (data is transferred from the Connector to the Vulcan Platform in one direction) |
Supported version and type | SaaS (latest) |
Connector Setup
Prerequisites and user permissions
Before you begin configuring the Connector, make sure you have the following:
Wiz Configurations user account with the relevant permissions (Client ID and Client Secret)
tionWiz API Endpoint URL, e.g.
https://api.eu1.app.wiz.io.
Creating a user with the relevant permissions
Go to Wiz Configurations platform.
Go to Settings > Add Service Account.
Define the next API scopes:
create:reports,read:reports,read:resourcesandread:cloud_configuration.
Copy the generated Client ID and Client Secret and store them securely.
Retrieving WIZ API endpoint URL and data center
The WIZ GraphQL API has a single endpoint:
https://api.<TENANT_DATA_CENTER>.<ENVIRONMENT>/graphql
Where:
<TENANT_DATA_CENTER>is your WIZ regional data center (e.g.,us1,us2,eu1oreu2).<ENVIRONMENT>is one ofapp.wiz.io,app.wiz.us, orgov.wiz.io.
Find this parameter in your Wiz tenant as follows:
Go to Wiz portal
Click Profile > Tenant Info
Copy the API Endpoint URL
To get your Tenant Data Center:
At the top right of your Wiz portal, click the user icon > Tenant Info (direct link).
At the left side, click Data Center and Regions (direct link).
Copy your Tenant Data Center.
Wiz Authentication URL(Token URL):
Configuring the Wiz Configurations connector
Login to the Vulcan ExposureOS platform and click Connectors > Add a Connector.
Click on the Wiz Configurations icon.
Set up the Connector as follows:
If your setup is through a gateway, refer to the Vulcan Gateway guide to configure the gateway before proceeding. If not, continue following the steps in this guide.
Set the server URL, Auth URL, Client ID, and Client Secret of your Wiz Configurations account.
Select the relevant authentication method (Amazon Cognito or LEgacy Auth0).
The Data pulling configuration configuration is dynamic, with available settings tailored to the specific connector and integration type. Below are the configurations relevant to this connector:
Configure the retention period for inactive assets based on their last seen date. If an asset is not detected or updated in a scan within the specified days, it will be automatically removed from the Vulcan ExposureOS platform. This ensures that your asset inventory stays current and relevant.
Select the statuses by which the Vulcan platform should archive assets.
Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Wiz Configurations instance.
Notes:
A successful connectivity test confirms that the platform can connect to the Wiz Configurations instance. However, it does not guarantee that the synchronization process will succeed, as additional syncing or processing issues may arise.
Example:
If the connectivity test fails, an error message with details about the issue will appear. Click the arrow next to the error message for more information about the exact error.
Example:
Connector scheduling: Set the connector's sync time and days. By default, all days are selected.
Click Create to start syncing the new connector, or Save Changes if editing an existing connector.
Allow some time for the sync to complete. Then, you can review the sync status on the Connectors main page or under Connector sync logs on the connector's specific setup page.
To confirm the sync is complete, navigate to the Connectors page. The sync is complete once the Wiz Configuration icon shows Connected.
Example:
Wiz Configurations in the Vulcan platform
Viewing findings
To view findings (instances) ingested by the Wiz Configurations connector:
Go to the Findings page.
Click on Filter and set the condition to Vulnerability > Source > is > Wiz Configurations.
Example:
You can also:
Filter by Business Group and add more filters to narrow your search further.
Filter by Connector-specific parameters (also known as Native Parameters) if available.
Click on a finding for more details.
Viewing vulnerabilities
To view vulnerabilities ingested by the Wiz Configurations connector:
Go to the Vulnerabilities page.
Click on Filter and set the condition to Vulnerability > Source > is > Wiz Configurations.
Example:
You can also:
Filter by Business Group and add more filters to narrow your search further.
Filter by Connector-specific parameters (also known as Native Parameters) if available.
Click on a vulnerability for more details.
Viewing assets
To view assets ingested by the Wiz Configurations connector:
Go to the Assets page.
Click on Filter and set the condition to Asset > Source > is > Wiz Configurations.
Example:
You can also:
Filter by Business Group and add more filters to narrow your search further.
Filter by Connector-specific parameters (also known as Native Parameters) if available.
Click on an asset for more details.
Taking action on vulnerabilities and assets
To take remediation action on vulnerabilities and assets ingested by Wiz Configurations:
Go to the Vulnerabilities or Assets Page.
Use the Filter to view the assets/vulnerabilities by source. You can always filter by Business Group and add more filters to narrow your search.
Select the relevant vulnerabilities/assets from the results list.
Click on Take Action to proceed with remediation or further actions.
Example:
Automating remediation actions on vulnerabilities
Use Vulcan Playbooks to create automation and remediate vulnerabilities at scale.
Data Mapping
The Vulcan Platform integrates with Wiz Configurations through an API that pulls relevant vulnerability and asset data and maps it to the platform's pages and fields. The vulnerabilities and/or assets data is ingested from the vendor platform and mapped into the Vulcan ExposureOs platform.
Host data mapping
Asset data
Wiz Configurations host UI field | Wiz Configurations host API field | Vulcan host field |
Name + Provider ID + Subscription external ID | Name Provider ID Wiz JSON Object.common.subscriptionExternalId or resource.name resource.providerId resource.subscription.externalId | Asset Uniqueness criteria |
- | Depending on the Cloud provider | Cloud ID cloud_instance_id |
Resource name | Name | Host Name (hostname) |
- | asset['Wiz JSON Object'].operatingSystem or OperatingSystem | Host OS (os) |
- | asset['Wiz JSON Object'].operatingSystem or OperatingSystem | Host OS Version (os_version) |
- | asset['Wiz JSON Object'].ipAddresses or IpAddresses | Host IP (ip ) |
- | asset['Wiz JSON Object'].ipAddresses or IpAddresses | Host external IP (ip ) |
- | - | Host FQDN (fqdn, if list fqdns) |
- | asset['Cloud Native JSON'].NetworkInterfaces.MacAddress | Host MAC addresses (mac_address) |
- | - | platform_family |
- | common.creationDate or image.common.creationDate or image.common.originalObject.CreationDate | Host first Seen (first_seen) |
- |
| Host Last report (last_seen) |
resource - id | resource.id | Host details(added_data)
|
tags | - | Host Tags - Vendor’s tags (tags) |
Subscription name | - | Host Tags - Additional (tags) |
Finding (instance) data
Wiz Configurations host UI field | Wiz Configurations host API field | Vulcan host field |
- | id | Vulnerability instance uniqueness criteria |
first seen at | firstSeenAt | Vulnerability instance First seen (first_seen) |
- | analyzedAt | Vulnerability instance Last seen (last_seen) |
id | id result | Vulnerability instance details(added_data) |
- | - | Vulnerability instance port(port) |
- | - | Vulnerability instance port(protocol) |
Unique vulnerability data
Wiz Configurations host UI field | Wiz Configurations host API field | Vulcan host field |
rule.id | - | Unique Vulnerability uniqueness criteria |
Rule name | rule.name | Vulnerability title (title) |
Severity | severity | Vulnerability score (cvss_score) |
Rule description | rule.description | Vulnerability description (description) |
Rule - Function as control | rule.functionAsControl | Vulnerability details (added_data) |
- | wiz_configurations|host|{{ rule.id }} | cloud_vv_id |
Solution (fix) data
Wiz Configurations host UI field | Wiz Configurations host field (API) | Vulcan host field |
Fix from Wiz | - | Fix - Title (title) |
Rule - Remediation instructions | rule.remediationInstructions | Fix - Description(description) |
Image data mapping
Asset data
Wiz Configurations image UI field | Wiz Configurations image API field | Vulcan image field |
Name + Provider ID + Subscription external ID | Name Provider ID Wiz JSON Object.common.subscriptionExternalId or resource.name resource.providerId resource.subscription.externalId | Asset Uniqueness criteria |
- | AssetName or Name | Image Name (name) |
- | asset['Wiz JSON Object'].operatingSystem | Image OS (os) |
- | asset['Wiz JSON Object'].operatingSystem | Image OS Version (os_version) |
Images | - | Image’s repository type (repository_type) |
- | asset['Wiz JSON Object'].repoExternalId | Image path location (path) |
Name + Provider ID + Subscription external ID | asset['Wiz JSON Object'].digest | Image sha256 (sha256) |
Images | common.creationDate or image.common.creationDate or image.common.originalObject.CreationDate | Image Last report (last_seen) |
- | Projects | Image details (added_data)
|
- | Projects | Image Tags - Additional (tags) |
Finding (instance) data
Wiz Configurations image UI field | Wiz Configurations image API field | Vulcan image field |
- | id | Vulnerability instance uniqueness criteria |
first seen at | firstSeenAt | Vulnerability instance First seen (first_seen) |
- | analyzedAt | Vulnerability instance Last seen (last_seen) |
id | id result | Vulnerability instance details (added_data) |
Unique vulnerability data
Wiz Configurations image UI field | Wiz Configurations image API field | Vulcan image field |
rule.id | - | Unique Vulnerability uniqueness criteria |
Rule name | rule.name | Vulnerability title (title) |
Severity | severity | Vulnerability score (cvss_score) |
Rule description | rule.description | Vulnerability description (description) |
Rule - Function as control | rule.functionAsControl | Vulnerability details (added_data) |
- | wiz_configurations|image|{{ rule.id }} | cloud_vv_id |
Solution (fix) data
Wiz Configurations image UI field | Wiz Configurations image API field | Vulcan image field |
Fix from Wiz | - | Fix - Title (title) |
Rule - Remediation instructions | rule.remediationInstructions | Fix - Description (description) |
Cloud resources data mapping
Asset data
Wiz Configurations cloud resource UI field | Wiz Configurations cloud resourcfe API field | Vulcan cloud resource field |
Name + Provider ID + Subscription external ID | Name Provider ID Wiz JSON Object.common.subscriptionExternalId or resource.name resource.providerId resource.subscription.externalId | Asset Uniqueness criteria |
- | Name or entitySnapshot.name | Cloud resource Name (name) |
- | Cloud Platform | Cloud type(cloud_type) |
Serverless | - | resource type(resource_type) |
- | Provider ID | Cloud id (native_id) |
- | asset['Wiz JSON Object'].common.creationDate or asset['Wiz JSON Object'].image.common.creationDate or asset['Wiz JSON Object'].image.common.originalObject.CreationDate | Cloud resource first Seen (first_seen) |
- |
| Cloud resource Last report (last_seen) |
Projects Cloud Platform Region Subscription Subscription ID Resource Type Native Type Provider ID Wiz External ID Role FunctionArn Kind Cloud Provider Url Runtime Status | Projects Wiz JSON Object.common.cloudPlatform Region Subscription Subscription ID Resource Type Native Type Provider ID External ID Cloud Native JSON.Role Cloud Native JSON.FunctionArn Wiz JSON Object.kind Wiz JSON Object.common.cloudProviderURL Wiz JSON Object.runtime Wiz JSON Object.common.status | Cloud resource details (added_data)
|
Tags | - | Cloud resource Tags - Vendor’s tags (tags) |
Projects | Projects | Cloud resource Tags - Additional (tags) |
Finding (instance) data
Wiz Configurations cloud resource UI field | Wiz Configurations cloud resource API field | Vulcan cloud resource field |
- | id | Vulnerability instance uniqueness criteria |
first seen at | firstSeenAt | Vulnerability instance First seen (first_seen) |
- | analyzedAt | Vulnerability instance Last seen (last_seen) |
id | id result | Vulnerability instance details(added_data) |
Unique vulnerability data
Wiz Configurations cloud resource UI field | Wiz Configurations cloud resource API field | Vulcan cloud resource field |
rule.id | - | Unique Vulnerability uniqueness criteria |
Rule name | rule.name | Vulnerability title (title) |
Severity | severity | Vulnerability score (cvss_score) |
Rule description | rule.description | Vulnerability description (description) |
Rule - Function as control | rule.functionAsControl | Vulnerability details(added_data) |
- | wiz_configurations|cloud_resource|{{ rule.id }} | cloud_vv_id |
Solution (fix) data
Wiz Configurations cloud resource UI field | Wiz Configurations cloud resource API field | Vulcan cloud resource field |
Fix from Wiz | - | Fix - Title (title) |
Rule - Remediation instructions | rule.remediationInstructions | Fix - Description (description) |
Vulnerability status mapping
Based on the
Statusfield
Wiz Configurations status* | Vulcan status |
Open | Vulnerable |
Resolved | Fixed |
- | Ignored - false positive |
Rejected | Ignored risk acknowledged |
*Wiz status description:
Vulnerability score mapping
Based on
severityfield
Wiz Configurations score | Vulcan score |
Critical | 10 |
High | 7 |
Medium | 5 |
Low | 3 |
- | 0 |
Status update Mechanisms
Every day, the Vulcan Platform syncs with the vendor's platform to receive updates on existing vulnerabilities and assets and to retrieve new ones.
The table below lists how the status update mechanism works in the Wiz Configurations for the vulnerabilities and assets in the Vulcan Platform.
Status change | When? |
The asset is archived | - Asset status on the connector's side indicates irrelevancy. |
The vulnerability instance status changes to "Fixed" | - Vulnerability status on the connector's side changes to |
Note: Asset or vulnerability updates on the vendor side are reflected on the Vulcan Platform only on the next scheduled connector sync (the next day).
API endpoints in use
API | Use in Vulcan | Mutation/Query | Permission Required | Test connection call |
<API_ENDPOINT_URL>/graphql | Assets - Inventory report | CreateReport | create:reports,read:reports, read:resources and | - |
<TOKEN_URL>/oauth/token | API authentication | - | - | Auth
|
Data Validation
This section shows how to validate and compare data between Vulcan ExposureOS and the Wiz Configurations platform.
Matching asset count
In Wiz Configurations:
Navigate to the Reports section in the Wiz Configurations platform.
Select Create Report.
Configure the Report:
Resource Type: Generate a separate inventory report for each of the following resource types:
SERVERLESS
CONTAINER_IMAGE
VIRTUAL_MACHINE
Scope: Set to All Resources.
Report Type: Select Standard.
Format: Choose your preferred format (e.g., CSV) to count records efficiently.
Filters: Ensure no additional filters are applied.
Download and Count Assets
Generate the report and download the file.
Count the total number of assets in the report.
In Vulcan:
Go to the Assets tab.
Apply the following filter:
Where → Asset → Connectoris Wiz Configurations.Click Apply.
Compare the Total Asset Count
The number of assets displayed in Vulcan should match the total assets counted in the Wiz Configurations inventory report.
Validations if assets are missing Vulcan
Asset Retention & Sync Timing:
Check if the missing asset is archived or if the sync process is incomplete.
Unsupported Asset Type:
Some assets may not be ingested if they fall outside the supported categories in Vulcan.