Overview


About

Wiz rapidly scans your entire cloud and prioritizes critical risks so security and development teams can proactively harden your cloud. When integrated into the Vulcan platform, you'll be able to view vulnerabilities, Hosts, Cloud Resources, and Container images retrieved from the Wiz connector.


Required User Permissions

Make sure the Wiz user has the permission: "read:vulnerabilities permission"


Configure the Wiz Connector

  1. Log in to your Vulcan Cyber dashboard and go to Connectors.

  2. Click on Add a Connector.

  3. Click on the Wiz icon.

  4. Set up the connector as follows:

    1. API URL: The URL of the API of the Wiz server that Vulcan can communicate with. You can retrieve the Wiz URL from the user profile. https://app.wiz.io/user/profile.

    2. Authentication URL: Enter auth.wiz.io. Used to enable the connection to Wiz together with the API token.

    1. Client Key and Client Secret: To get the Client Key and Client Secret, follow the below procedure on the Wiz platform:

      1. Go to Settings > Service Accounts.

      2. Click Add Service Account.

      3. Insert a name for the service account. For example, "Vulcan."

      4. You can narrow the scope of this service account to specific projects.

      5. Select the permission read:vulnerabilities permission and click Add Service Account.

      6. Copy the CLIENT SECRET to a safe place.

      7. Copy the CLIENT ID to a safe place (Client ID is displayed under the Service Accounts page).

    2. Select the asset types you'd like to connect:

  5. Enable/Disable the option to Import vulnerabilities from inactive assets.

  6. Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.

  7. Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Wiz instance, then click Create (or Save Changes).

  8. Allow some time for the sync to complete. You can review the sync status under Log.

  9. To confirm the sync is complete, navigate to the Connectors tab to check the sync status. Once the Wiz icon shows Connected, the connection is complete.


From Wiz to the Vulcan Platform - Fields Mapping

Connector Fields Mapping - Hosts

Wiz field

Vulcan field

AssetName

Asset Name

  • Subscription ID

  • AssetRegion

  • Provider unique ID

  • Provider URL

  • Cloud platform

  • Subscription External ID

  • Status

Asset Details

API: AssetVirtualMachine

Asset type

IP Address

IP

OperatingSystem

OS

  • Tags

  • Projects

Asset Tags

Name

Vulnerability title

Score

Vulnerability score

  • CVE Description

  • DescriptionFetch CVSS3 score and CVSS v2

Vulnerability description

  • Score

  • CVE description

  • Description

  • Exploitability score

  • Impact score

  • Version

  • Detailed Name

  • Wiz URL

  • Link

  • CVSS Severity

  • Vendor Severity

Vulnerability details

NA

Vulnerability status

  • Remediation

  • Fixed version

Fixes

First detected (FirstDetectedAT)

First seen

Connector Fields Mapping - Container Images

Wiz field

Vulcan field

AssetName

Asset Name

  • ImageID

  • Subscription ID

  • AssetRegion

  • Provider unique ID

  • Provider URL

  • Cloud platform

  • Subscription External ID

  • Status

Asset details - Container

API: AssetContsainerImage

Asset Type

NA

Repository

NA

OS

  • Tags

  • Projects

Asset tags

Name

Vulnerability title

Score

Vulnerability score

  • CVE Description

  • Description

Vulnerability description

  • Score

  • CVE description

  • Description

  • Exploitability score

  • Impact score

  • Version

  • Detailed Name

  • Wiz URL

  • Link

  • CVSS Severity

  • Vendor Severity

Vulnerability details

NA

Vulnerability status

  • Remediation

  • Fixed version

Fixes

First detected

First seen

Connector Fields Mapping - Cloud Resources

Wiz Field

Vulcan Field

AssetName

Asset Name

Provider unique ID

ID

Cloud Platform

Cloud

  • Runtime

  • Subscription ID

  • AssetRegion

  • Provider URL

  • Subscription External ID

  • Status

Asset details

API: AssetServerless

Asset type

  • Tags

  • Projects

Asset Tags

Name

Vulnerability title

Score

Vulnerability score

  • CVE Description

  • Description

Vulnerability description

  • Score

  • CVE description

  • Description

  • Exploitability score

  • Impact score

  • Version

  • Detailed Name

  • Wiz URL

  • Link

  • CVSS Severity

  • Vendor Severity

Vulnerability details

NA

Vulnerability status

  • Remediation

  • Fixed version

Fixes

First detected

First seen

Vulnerability status mapping

Wiz Status

Vulcan Status

Only vulnerable data is imported from Wiz

Vulnerable

When a vulnerability instance is not imported, it is considered as fixed

Fixed

Vulnerability score mapping

Vulcan imports the CVSS of the vulnerabilities.


FAQ on retrieving vulnerabilities

What kind of vulnerabilities are retrieved through the Wiz connector?

Note: The Wiz API only provides vulnerabilities that represent some risk level, not fixed vulnerabilities. Vulcan regularly imports the whole list of vulnerabilities and marks vulnerability instances as fixed.


Locating Wiz vulnerabilities in the Vulcan Platform

As Wiz discovers vulnerabilities, the Vulcan Platform connector imports those vulnerabilities for reporting and action. You can view vulnerabilities via Connector by using the relevant filter:

  1. Open the Vulcan Platform dashboard and navigate to the Vulnerabilities. Click on the Search or filter vulnerabilities search box, scroll to the Vulnerability Source option, and click to filter by the vulnerability source.

  2. Locate Wiz on the vulnerability source/Connector list and click to filter results.

  3. Click on any vulnerability to view further information.


Locating Wiz assets (Hosts, Container Images, and Cloud Resources) in the Vulcan Platform

To locate all retrieved Hosts, Images, and Cloud Resources assets from Wiz:

  1. Open the Vulcan Cyber dashboard and navigate to Assets.

  2. Click one of the relevant tabs: Cloud Resources, Hosts, Images

  3. Click on the Search or filter websites input box and select Connector from the drop-down selection.

  4. Locate the Wiz option to view all synced assets.


Automating actions on vulnerabilities detected by Wiz

Large environments quickly become unmanageable if constant manual attention and action are necessary to remediate vulnerabilities. Take advantage of the automation capabilities of Vulcan Cyber and the Wiz connector.

Click here to learn how to create automation in the Vulcan Cyber Platform.

Did this answer your question?