Skip to main content
Wiz Connector

Learn all about integrating Wiz into the Vulcan Platform

Updated over 3 months ago

Overview

About Wiz

Wiz scans every layer of cloud environments without agents to provide complete visibility into every technology running in the client’s cloud without blind spots. Wiz connects via API to AWS, Azure, GCP, OCI, Alibaba Cloud, VMware vSphere, Openshift, and Kubernetes across virtual machines, containers, and serverless.

Why Integrating Wiz into the Vulcan platform?

The Wiz connector by Vulcan integrates with the Wiz platform to pull and ingest asset inventory and vulnerability data into your Vulcan Platform. Once the integration is complete, the Vulcan Platform correlates consolidates and contextualizes the ingested data to impact risk and remediation priority. Read more here.

Connector details

Category: Vulnerability Assessment

Ingested asset types: Hosts, Images, and Cloud Resources


Prerequisites and User Permissions

Make sure you have the following:

  • Wiz Service Account with the following permissions: create:reports, read:reports update:reports, and read:vulnerabilites

  • Wiz API Endpoint URL, e.g. https://api.eu1.app.wiz.io.

  • Wiz Client ID and Client Secret

  • User with access to All of the Wiz Project if all projects are to be fetched. If not, a user with access to the relevant projects is required. You can insert the projects ID you wish to fetch in the Wiz Connector setup page on the Vulcan Platform.


Configuring the Wiz Connector

  1. Log in to your Vulcan Cyber dashboard and go to Connectors.

  2. Click on Add a Connector.

  3. Click on the Wiz icon.

  4. Set up the connector as follows:

    1. Enter Wiz Servel URL, Auth URL, Client ID, and Client Secret. The instructions on retrieving this information exist in Wiz gated documentation portal.

    2. Insert the IDs or the projects you want to fetch (up to 5), separated by a comma. If you wish to fetch all projects, leave this field empty.

    3. Select the Wiz authentication method.

  5. Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Wiz instance, then click Create (or Save Changes).

  6. The Advanced Configuration drop-down allows you to set the Connector's sync time. By default, all days are selected.

  7. Allow some time for the sync to complete. You can review the sync status under Log.

  8. Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.

  9. To confirm the sync is complete, navigate to the Connectors tab to check the sync status. Once the Wiz icon shows Connected, the connection is complete.


From Wiz to the Vulcan Platform - Fields Mapping

Connector Fields Mapping - Hosts

Wiz field

Vulcan field / mapping info

Asset name + Provider ID
or

Asset Name + Unique ID

Asset uniqueness criteria

Name

Asset name

Cloud native JSON
WIZ JSON object

Asset details

Hosts

Asset type

IP Addresses (Wiz JSON)

IP

Operation System (Wiz JSON)

OS

Creation date (WIZ JSON)

Created date

Connector's last sync date

Last seen date

Network interface - MAC address from cloud JSON

Multiple Mac Addresses

Detailed Name (vuln report)
Version

Packages

Wiz tags

Asset Tags by vendor

cloud platform
subscription name
region
projects
subscription id
image id
image source
image name

Asset Tags (additional)

detailed name (package) and version

Vulnerability instance uniqueness criteria

First Detected

Vulnerability instance first seen

Last Detected

Vulnerability instance last seen

CVE score

Vulnerability instance score

Location path

Vulnerability instance location path

Vulnerability name

Unique vulnerability uniqueness criteria

Vulnerability name

Vulnerability title

CVE score

Vulnerability score

Description

Vulnerability description

CVE Description
Affected packages - detailed name
CVSS Severity
fixed version
reference link

Vulnerability details

'Vulnerable' when fetched

Vulnerability instance status*

CVE

CVE/S

Technical score
Fallback: cvss/cvss3 base score

Risk Calculation

Wiz recommended solution

Fix title

Remediation

FixedVersion

Fix Description

Location path Wiz URL, , score, impact score, Location path, version, detectionMathod, providerUniqueID, CloudProviderURL, CloudPlatform, Vulnerability tags, HasExploit, HasCisaKevExploit, exploitability score, vendor severity, project

Asset - Vulnerability instance connection (info tool tip)

Connector Fields Mapping - Images

Wiz field

Vulcan field/mapping info

Asset name + Provider ID
or

Asset Name + Unique ID

Asset uniqueness criteria

Name

Asset name

Cloud native JSON
WIZ JSON object

Asset details

Images - Wiz container images

Asset type

RepoExternalID (WIZ JSON)

Repository

Images

Repository type

Operation System (Wiz JSON)

OS

Operation System (Wiz JSON)

OS Version

digest

Path location

Creation date (WIZ JSON)

Created date

Connector's last sync date

Last seen

Wiz tags

Asset Tags by vendor

cloud platform
subscription name
region
projects
subscription id
image id
image source
image name

Asset Tags (additional)

detailed name

Component name

detailed version

Component type

Active

Asset status

Vulnerability name

Unique vulnerability uniqueness criteria

Vulnerability name

Vulnerability title

CVE score

Vulnerability score

CVE Description
Affected packages - detailed name
CVSS Severity
fixed version

Vulnerability description

Wiz URL, CVSS Severity, score, impact score, Location path, version, detectionMathod, providerUniqueID, CloudProviderURL, CloudPlatform, Vulnerability tags, reference link

Vulnerability details

'Vulnerable' when fetched

Vulnerability instance status*

CVE

CVE/S

Wiz recommended solution

Fix title

Remediation
FixedVersion

Fix Description

Location path Wiz URL, score, impact score, Location path, version, detectionMathod, providerUniqueID, CloudProviderURL, CloudPlatform, Vulnerability tags, HasExploit, HasCisaKevExploit, exploitability score, vendor severity, project

Asset - Vulnerability instance connection (info tooltip)

Connector Fields Mapping - Cloud Resources

Wiz Field

Vulcan Field

Asset name + Provider ID
or

Asset Name + Unique ID

Asset uniqueness criteria

Serverless inventory name

Asset name

Provider ID

Resource ID

Cloud Platform

Cloud (provider)

Cloud Native JSON
Wiz JSON Object

Asset details

Cloud Resources

Asset type

Wiz tags

Asset tags - vendor's tags

cloud platform
subscription name,
region,
projects
subscription id

Asset tags - additional

Created date (WIZ JSON)

Created date

Connector's last sync date

Last seen

Detailed name (package) and version

Vulnerability instance uniqueness criteria

FirstDetected

Vulnerability instance first seen

LastDetected

Vulnerability instance last seen

CVE score

Vulnerability instance score

Location path

Vulnerability instance location path

Vulnerability name

Unique vulnerability uniqueness criteria

Vulnerability name

Vulnerability title

Description

Vulnerability description

CVEDescription, effected packages - Detailed name, CVSS Severity, fixed version, reference link

Vulnerability details

'Vulnerable' when fetched

Vulnerability instance status*

CVE

CVE/S

Wiz recommended solution

Fix title

Remediation
FixedVersion

Fix description

Location path Wiz URL, , score, impact score, Location path, version, detectionMathod, providerUniqueID, CloudProviderURL, CloudPlatform, Vulnerability tags, HasExploit, HasCisaKevExploit, exploitability score, vendor severity, project

Assets-Vulnerability instance connection (info tooltip)

Vulnerability status mapping

Wiz Status

Vulcan Status

*All imported data is vulnerable

Vulnerable

*When a vulnerability instance is not imported, it is considered as fixed

Fixed

Vulnerability score mapping

Vulcan imports the CVSS of the vulnerabilities.

Notes:

  • Archived assets are assets that were'nt feched into the Vulcan Platform on the last sync with Wiz.

  • *Vulnerabilities status is updated to "Fixed" on the vulcan platform once they are marked as fixed on Wiz. Fetched vulnerabilities are 'vulnerable' vulnerabilities.

Support and Expected Behavior

Support and expected behavior remarks on some Wiz ingested vs. un-ingested fields:

Data Import using CSV Reports:

  • Inventory (assets): The connector imports data for VMs, container images, and serverless assets.

  • Vulnerabilities: Connected vulnerabilities are also imported.

Asset Mapping and Enrichment:

  • Mapping: Assets are mapped into Vulcan based on their presence in the Wiz vulnerability report.

  • Enrichment: Vulcan’s asset data is enriched using the Wiz inventory report. If an asset from the Wiz vulnerability report does not exist in the inventory report, it will appear with limited information derived from the vulnerability report.

Project Selection:

  • Selective Syncing: The connector allows syncing of up to 5 selected Wiz projects instead of all available Wiz projects.

  • Configuration: The IDs of the selected projects must be provided as user input on the connector’s configuration page.

5 Projects Selection:

  • The user can specify up to 5 Wiz project IDs for syncing.

  • Only data from these specified projects will be imported and processed.


Viewing Wiz vulnerabilities in the Vulcan Platform

To view vulnerabilities by Connector:

  1. Go to the Vulnerabilities page.

  2. Click on Filter and set the condition to Vulnerability > Connector is Wiz.


Viewing Wiz assets in the Vulcan Platform

Viewing assets by Connector for users with the new platform view (Asset Hub):

  1. Go to the Assets page.

  2. Click on "Filter " and specify the condition as "Assets > Connector is X".

Viewing assets by Connector for users with the older platform view:

  1. Go to the Assets page.

  2. Choose the relevant asset type tab.

  3. Click on "Filter" and specify the condition as "Assets > Connector is X"

You can add more filters to narrow down your search further.
See the complete list of available asset filters.

Click on any asset for more asset details.


Automating remediation actions on vulnerabilities detected by Wiz

Use Vulcan Playbooks to create automation and remediate vulnerabilities at scale.

Did this answer your question?