Table of Contents


Overview

About Wiz

Wiz scans every layer of cloud environments without agents to provide complete visibility into every technology running in the client’s cloud without blind spots. Wiz connects via API to AWS, Azure, GCP, OCI, Alibaba Cloud, VMware vSphere, Openshift, and Kubernetes across virtual machines, containers, and serverless.

Why Integrating Wiz into the Vulcan platform?

The Wiz connector by Vulcan integrates with the Wiz platform to pull and ingest asset inventory and vulnerabilities data into your Vulcan Platform. Once the integration is complete, the Vulcan Platform correlates, consolidates, and contextualizes the ingested data to impact risk and remediation priority. Read more here.

Connector details

Category: Vulnerability Assessment

Ingested asset types: Hosts, Images and Cloud Resources


Prerequisites and User Permissions

Make sure you have the following:

  • Wiz Service Account with the following permissions: create:reports, delete:reports, update:reports, read:reports and write:reports permissions.

  • Wiz API Endpoint URL, e.g. https://api.eu1.app.wiz.io.

  • Wiz Client ID and Client Secret


Configurig the Wiz Connector

  1. Log in to your Vulcan Cyber dashboard and go to Connectors.

  2. Click on Add a Connector.

  3. Click on the Wiz icon.

  4. Set up the connector as follows:

    • Enter Wiz Servel URL, Auth URL, Client ID and Client Secret. The instructions on how to retrieve this information exist in Wiz gated documentation portal.

    • Select Wiz authentication method.

  5. Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.

  6. Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Wiz instance, then click Create (or Save Changes).

  7. Allow some time for the sync to complete. You can review the sync status under Log.

  8. To confirm the sync is complete, navigate to the Connectors tab to check the sync status. Once the Wiz icon shows Connected, the connection is complete.


From Wiz to the Vulcan Platform - Fields Mapping

Connector Fields Mapping - Hosts

Wiz field

Vulcan field / mapping info

Asset name + Provider ID
or

Asset Name + Unique ID

Asset uniqueness criteria

Name

Asset name

Cloud native JSON
WIZ JSON object

Asset details

Hosts

Asset type

IP Addresses (Wiz JSON)

IP

Operation System (Wiz JSON)

OS

Cration date (WIZ JSON)

Created date

Connector's last sync date

Last seen date

Network interface - MAC address from cloud JSON

Multiple Mac Addresses

Detailed Name (vuln report)
Version

Packages

Wiz tags

Asset Tags by vendor

cloud platform
subscription name
region
projects
subscription id
image id
image source
image name

Asset Tags (additional)

detailed name (package) and version

Vulnerability instance uniqueness criteria

First Detected

Vulnerability instance first seen

Last Detected

Vulnerability instance last seen

CVE score

Vulnerability instance score

Location path

Vulnerability instance location path

Vulnerability name

Unique vulnerability uniqueness criteria

Vilnerability name

Vulnerability title

CVE score

Vulnerability score

Description

Vulnerability description

CVE Descriptin
Affected packages - detailed name
CVSS Severity
fixed version

Vulnerability details

'Vulnerable' when fetched

Vulnerability instance status*

CVE

CVE/S

Technical score
Fallback: cvss/cvss3 base score

Risk Calculation

Fix for <vulnerability name>

Fix title

Remediation

FixedVersion

Fix Description

Link

Fix reference

Location path Wiz URL, , score, impact score, Location path, version, detectionMathod, providerUniqueID, CloudProviderURL, CloudPlatform, Vulnerability tags, HasExploit, HasCisaKevExploit, exploitability score, vendor severity, project

Asset - Vulnerability instance connection (info tool tip)

Connector Fields Mapping - Images

Wiz field

Vulcan field / mapping info

Asset name + Provider ID
or

Asset Name + Unique ID

Asset uniqueness criteria

Name

Asset name

Cloud native JSON
WIZ JSON object

Asset details

Images - Wiz container images

Asset type

RepoExternalID (WIZ JSON)

Repository

Images

Repository type

Operation System (Wiz JSON)

OS

Operation System (Wiz JSON)

OS Version

digest

Path location

Cration date (WIZ JSON)

Created date

Connector's last sync date

Last seen

Wiz tags

Asset Tags by vendor

cloud platform
subscription name
region
projects
subscription id
image id
image source
image name

Asset Tags (additional)

detailed name

Component name

detailed version

Component type

Active

Asset status

Vulnerability name

Unique vulnerability uniqueness criteria

Vilnerability name

Vulnerability title

CVE score

Vulnerability score

CVE Descriptin
Affected packages - detailed name
CVSS Severity
fixed version

Vulnerability description

Wiz URL, CVSS Severity, score, impact score, Location path, version, detectionMathod, providerUniqueID, CloudProviderURL, CloudPlatform, Vulnerability tags,

Vulnerability details

'Vulnerable' when fetched

Vulnerability instance status*

CVE

CVE/S

Fix for <vulnerability name>

Fix title

Remediation
FixedVersion

Fix Description

Link to fix

Fix reference

Location path Wiz URL, , score, impact score, Location path, version, detectionMathod, providerUniqueID, CloudProviderURL, CloudPlatform, Vulnerability tags, HasExploit, HasCisaKevExploit, exploitability score, vendor severity, project

Asset - Vulnerability instance connection (info tooltip)

Connector Fields Mapping - Cloud Resources

Wiz Field

Vulcan Field

Asset name + Provider ID
or

Asset Name + Unique ID

Asset uniqueness criteria

Serverless inventory name

Asset name

Providor ID

Resource ID

Cloud Platform

Cloud (provider)

Cloud Native JSON
Wiz JSON Object

Asset details

Cloud Resources

Asset type

Wiz tags

Asset tags - vendor's tags

cloud platform
subscription name,
region,
projects
subscription id

Asset tags - additional

Created date (WIZ JSON)

Created date

Connector's last sync date

Last seen

Detailed name (package) and version

Vulnerability instance uniqueness criteria

FirstDetected

Vulnerability instance first seen

LastDetected

Vulnerability instance last seen

CVE score

Vulnerability instance score

Location path

Vulnerability instance location path

Vulnerability name

Unique vulnerability uniqueness criteria

Vulnerability name

Vulnerability title

Description

Vulnerability description

CVEDescription, effected packages - Detailed name, CVSS Severity, fixed version

Vulnerability details

'Vulnerable' when fetched

Vulnerability instance status*

CVE

CVE/S

Fix for <vulnerability name>

Fix title

Remediation
FixedVersion

Fix description

Link to fix

Fix reference

Location path Wiz URL, , score, impact score, Location path, version, detectionMathod, providerUniqueID, CloudProviderURL, CloudPlatform, Vulnerability tags, HasExploit, HasCisaKevExploit, exploitability score, vendor severity, project

Assets-Vulnerability instance connection (info tooltip)

Vulnerability status mapping

Wiz Status

Vulcan Status

*All imported data is vulnerable

Vulnerable

*When a vulnerability instance is not imported, it is considered as fixed

Fixed

Vulnerability score mapping

Vulcan imports the CVSS of the vulnerabilities.

Notes:

  • Archived assets are assets that were'nt feched into the Vulcan Platform on the last sync with Wiz.

  • *Vulnerabilities status is updated to "Fixed" on the vulcan platform once they are marked as fixed on Wiz. Fetched vulnerabilities are 'vulnerable' vulnerabilities.


Locating Wiz vulnerabilities in the Vulcan Platform

As Wiz discovers vulnerabilities, the Vulcan Platform connector imports those vulnerabilities for reporting and action. You can view vulnerabilities via Connector by using the relevant filter:

  1. Open the Vulcan Platform dashboard and navigate to the Vulnerabilities. Click on the Search or filter vulnerabilities search box, scroll to the Vulnerability Source option, and click to filter by the vulnerability source.

  2. Locate Wiz on the vulnerability source/Connector list and click to filter results.

  3. Click on any vulnerability to view further information.


Locating Wiz assets (Hosts, Container Images, and Cloud Resources) in the Vulcan Platform

To locate all retrieved Hosts, Images, and Cloud Resources assets from Wiz:

  1. Open the Vulcan Cyber dashboard and navigate to Assets.

  2. Click one of the relevant tabs: Cloud Resources, Hosts, Images

  3. Click on the Search or filter websites input box and select Connector from the drop-down selection.

  4. Locate the Wiz option to view all synced assets.


Automating actions on vulnerabilities detected by Wiz

Large environments quickly become unmanageable if constant manual attention and action are necessary to remediate vulnerabilities. Take advantage of the automation capabilities of Vulcan Cyber and the Wiz connector.

Click here to learn how to create automation in the Vulcan Cyber Platform.

Did this answer your question?