Overview
From Wiz to the Vulcan Platform - Fields Mapping
About
Wiz rapidly scans your entire cloud and prioritizes critical risks so security and development teams can proactively harden your cloud. When integrated into the Vulcan platform, you'll be able to view vulnerabilities, Hosts, Cloud Resources, and Container images retrieved from the Wiz connector.
Required User Permissions
Make sure the Wiz user has the permission: "read:vulnerabilities permission
"
Configure the Wiz Connector
Log in to your Vulcan Cyber dashboard and go to Connectors.
Click on Add a Connector.
Click on the Wiz icon.
Set up the connector as follows:
API URL: The URL of the API of the Wiz server that Vulcan can communicate with. You can retrieve the Wiz URL from the user profile.
https://app.wiz.io/user/profile
.Authentication URL: Enter auth.wiz.io. Used to enable the connection to Wiz together with the API token.
Client Key and Client Secret: To get the Client Key and Client Secret, follow the below procedure on the Wiz platform:
Go to Settings > Service Accounts.
Click Add Service Account.
Insert a name for the service account. For example, "Vulcan."
You can narrow the scope of this service account to specific projects.
Select the permission
read:vulnerabilities permission
and click Add Service Account.Copy the CLIENT SECRET to a safe place.
Copy the CLIENT ID to a safe place (Client ID is displayed under the Service Accounts page).
Select the asset types you'd like to connect:
Enable/Disable the option to Import vulnerabilities from inactive assets.
Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.
Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Wiz instance, then click Create (or Save Changes).
Allow some time for the sync to complete. You can review the sync status under Log.
To confirm the sync is complete, navigate to the Connectors tab to check the sync status. Once the Wiz icon shows Connected, the connection is complete.
From Wiz to the Vulcan Platform - Fields Mapping
Connector Fields Mapping - Hosts
Wiz field | Vulcan field |
AssetName | Asset Name |
| Asset Details |
API: AssetVirtualMachine | Asset type |
IP Address | IP |
OperatingSystem | OS |
| Asset Tags |
Name | Vulnerability title |
Score | Vulnerability score |
| Vulnerability description |
| Vulnerability details |
NA | Vulnerability status |
| Fixes |
First detected (FirstDetectedAT) | First seen |
Connector Fields Mapping - Container Images
Wiz field | Vulcan field |
AssetName | Asset Name |
| Asset details - Container |
API: AssetContsainerImage | Asset Type |
NA | Repository |
NA | OS |
| Asset tags |
Name | Vulnerability title |
Score | Vulnerability score |
| Vulnerability description |
| Vulnerability details |
NA | Vulnerability status |
| Fixes |
First detected | First seen |
Connector Fields Mapping - Cloud Resources
Wiz Field | Vulcan Field |
AssetName | Asset Name |
Provider unique ID | ID |
Cloud Platform | Cloud |
| Asset details |
API: AssetServerless | Asset type |
| Asset Tags |
Name | Vulnerability title |
Score | Vulnerability score |
| Vulnerability description |
| Vulnerability details |
NA | Vulnerability status |
| Fixes |
First detected | First seen |
Vulnerability status mapping
Wiz Status | Vulcan Status |
Only vulnerable data is imported from Wiz | Vulnerable |
When a vulnerability instance is not imported, it is considered as fixed | Fixed |
Vulnerability score mapping
Vulcan imports the CVSS of the vulnerabilities.
FAQ on retrieving vulnerabilities
What kind of vulnerabilities are retrieved through the Wiz connector?
Note: The Wiz API only provides vulnerabilities that represent some risk level, not fixed vulnerabilities. Vulcan regularly imports the whole list of vulnerabilities and marks vulnerability instances as fixed.
Locating Wiz vulnerabilities in the Vulcan Platform
As Wiz discovers vulnerabilities, the Vulcan Platform connector imports those vulnerabilities for reporting and action. You can view vulnerabilities via Connector by using the relevant filter:
Open the Vulcan Platform dashboard and navigate to the Vulnerabilities. Click on the Search or filter vulnerabilities search box, scroll to the Vulnerability Source option, and click to filter by the vulnerability source.
Locate Wiz on the vulnerability source/Connector list and click to filter results.
Click on any vulnerability to view further information.
Locating Wiz assets (Hosts, Container Images, and Cloud Resources) in the Vulcan Platform
To locate all retrieved Hosts, Images, and Cloud Resources assets from Wiz:
Open the Vulcan Cyber dashboard and navigate to Assets.
Click one of the relevant tabs: Cloud Resources, Hosts, Images
Click on the Search or filter websites input box and select Connector from the drop-down selection.
Locate the Wiz option to view all synced assets.
Automating actions on vulnerabilities detected by Wiz
Large environments quickly become unmanageable if constant manual attention and action are necessary to remediate vulnerabilities. Take advantage of the automation capabilities of Vulcan Cyber and the Wiz connector.
Click here to learn how to create automation in the Vulcan Cyber Platform.