Overview
About Wiz
Wiz scans every layer of cloud environments without agents to provide complete visibility into every technology running in the client’s cloud without blind spots. Wiz connects via API to AWS, Azure, GCP, OCI, Alibaba Cloud, VMware vSphere, Openshift, and Kubernetes across virtual machines, containers, and serverless.
Why Integrating Wiz into the Vulcan platform?
The Wiz connector by Vulcan integrates with the Wiz platform to pull and ingest asset inventory and vulnerability data into your Vulcan Platform. Once the integration is complete, the Vulcan Platform correlates consolidates and contextualizes the ingested data to impact risk and remediation priority. Read more here.
Connector details
Category: Vulnerability Assessment
Ingested asset types: Hosts, Images, and Cloud Resources
Prerequisites and User Permissions
Make sure you have the following:
Wiz Service Account with the following permissions:
create:reports,read:reports update:reports, andread:vulnerabilitesWiz API Endpoint URL, e.g.
https://api.eu1.app.wiz.io.Wiz Client ID and Client Secret
User with access to All of the Wiz Project. In order to integrate only selected projects, please contact Vulcan support
Configurig the Wiz Connector
Log in to your Vulcan Cyber dashboard and go to Connectors.
Click on Add a Connector.
Click on the Wiz icon.
Set up the connector as follows:
Enter Wiz Servel URL, Auth URL, Client ID and Client Secret. The instructions on how to retrieve this information exist in Wiz gated documentation portal.
To get your Server URL, In Wiz portal, click on the user icon > User settings, and copy the API Endpoint URL (https://api.<region>.app.wiz.io)
Auth URL:
For Wiz gov tenants - https://auth.gov.wiz.io
For regular tenants - https://auth.app.wiz.io
Select Wiz authentication method.
Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.
Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Wiz instance, then click Create (or Save Changes).
Allow some time for the sync to complete. You can review the sync status under Log.
To confirm the sync is complete, navigate to the Connectors tab to check the sync status. Once the Wiz icon shows Connected, the connection is complete.
From Wiz to the Vulcan Platform - Fields Mapping
Connector Fields Mapping - Hosts
Wiz field | Vulcan field / mapping info |
Asset name + Provider ID Asset Name + Unique ID | Asset uniqueness criteria |
Name | Asset name |
Cloud native JSON | Asset details |
Hosts | Asset type |
IP Addresses (Wiz JSON) | IP |
Operation System (Wiz JSON) | OS |
Creation date (WIZ JSON) | Created date |
Connector's last sync date | Last seen date |
Network interface - MAC address from cloud JSON | Multiple Mac Addresses |
Detailed Name (vuln report) | Packages |
Wiz tags | Asset Tags by vendor |
cloud platform | Asset Tags (additional) |
detailed name (package) and version | Vulnerability instance uniqueness criteria |
First Detected | Vulnerability instance first seen |
Last Detected | Vulnerability instance last seen |
CVE score | Vulnerability instance score |
Location path | Vulnerability instance location path |
Vulnerability name | Unique vulnerability uniqueness criteria |
Vilnerability name | Vulnerability title |
CVE score | Vulnerability score |
Description | Vulnerability description |
CVE Descriptin | Vulnerability details |
'Vulnerable' when fetched | Vulnerability instance status* |
CVE | CVE/S |
Technical score | Risk Calculation |
Wiz recommended solution | Fix title |
Remediation FixedVersion | Fix Description |
Location path Wiz URL, , score, impact score, Location path, version, detectionMathod, providerUniqueID, CloudProviderURL, CloudPlatform, Vulnerability tags, HasExploit, HasCisaKevExploit, exploitability score, vendor severity, project | Asset - Vulnerability instance connection (info tool tip) |
Connector Fields Mapping - Images
Wiz field | Vulcan field / mapping info |
Asset name + Provider ID Asset Name + Unique ID | Asset uniqueness criteria |
Name | Asset name |
Cloud native JSON | Asset details |
Images - Wiz container images | Asset type |
RepoExternalID (WIZ JSON) | Repository |
Images | Repository type |
Operation System (Wiz JSON) | OS |
Operation System (Wiz JSON) | OS Version |
digest | Path location |
Creation date (WIZ JSON) | Created date |
Connector's last sync date | Last seen |
Wiz tags | Asset Tags by vendor |
cloud platform | Asset Tags (additional) |
detailed name | Component name |
detailed version | Component type |
Active | Asset status |
Vulnerability name | Unique vulnerability uniqueness criteria |
Vilnerability name | Vulnerability title |
CVE score | Vulnerability score |
CVE Descriptin | Vulnerability description |
Wiz URL, CVSS Severity, score, impact score, Location path, version, detectionMathod, providerUniqueID, CloudProviderURL, CloudPlatform, Vulnerability tags, reference link | Vulnerability details |
'Vulnerable' when fetched | Vulnerability instance status* |
CVE | CVE/S |
Wiz recommended solution | Fix title |
Remediation | Fix Description |
Location path Wiz URL, score, impact score, Location path, version, detectionMathod, providerUniqueID, CloudProviderURL, CloudPlatform, Vulnerability tags, HasExploit, HasCisaKevExploit, exploitability score, vendor severity, project | Asset - Vulnerability instance connection (info tooltip) |
Connector Fields Mapping - Cloud Resources
Wiz Field | Vulcan Field |
Asset name + Provider ID Asset Name + Unique ID | Asset uniqueness criteria |
Serverless inventory name | Asset name |
Providor ID | Resource ID |
Cloud Platform | Cloud (provider) |
Cloud Native JSON | Asset details |
Cloud Resources | Asset type |
Wiz tags | Asset tags - vendor's tags |
cloud platform | Asset tags - additional |
Created date (WIZ JSON) | Created date |
Connector's last sync date | Last seen |
Detailed name (package) and version | Vulnerability instance uniqueness criteria |
FirstDetected | Vulnerability instance first seen |
LastDetected | Vulnerability instance last seen |
CVE score | Vulnerability instance score |
Location path | Vulnerability instance location path |
Vulnerability name | Unique vulnerability uniqueness criteria |
Vulnerability name | Vulnerability title |
Description | Vulnerability description |
CVEDescription, effected packages - Detailed name, CVSS Severity, fixed version, reference link | Vulnerability details |
'Vulnerable' when fetched | Vulnerability instance status* |
CVE | CVE/S |
Wiz recommended solution | Fix title |
Remediation | Fix description |
Location path Wiz URL, , score, impact score, Location path, version, detectionMathod, providerUniqueID, CloudProviderURL, CloudPlatform, Vulnerability tags, HasExploit, HasCisaKevExploit, exploitability score, vendor severity, project | Assets-Vulnerability instance connection (info tooltip) |
Vulnerability status mapping
Wiz Status | Vulcan Status |
*All imported data is vulnerable | Vulnerable |
*When a vulnerability instance is not imported, it is considered as fixed | Fixed |
Vulnerability score mapping
Vulcan imports the CVSS of the vulnerabilities.
Notes:
Archived assets are assets that were'nt feched into the Vulcan Platform on the last sync with Wiz.
*Vulnerabilities status is updated to "Fixed" on the vulcan platform once they are marked as fixed on Wiz. Fetched vulnerabilities are 'vulnerable' vulnerabilities.
Locating Wiz vulnerabilities in the Vulcan Platform
As Wiz discovers vulnerabilities, the Vulcan Platform connector imports those vulnerabilities for reporting and action. You can view vulnerabilities via Connector by using the relevant filter:
Open the Vulcan Platform dashboard and navigate to the Vulnerabilities. Click on the Search or filter vulnerabilities search box, scroll to the Vulnerability Source option, and click to filter by the vulnerability source.
Locate Wiz on the vulnerability source/Connector list and click to filter results.
Click on any vulnerability to view further information.
Locating Wiz assets (Hosts, Container Images, and Cloud Resources) in the Vulcan Platform
To locate all retrieved Hosts, Images, and Cloud Resources assets from Wiz:
Open the Vulcan Cyber dashboard and navigate to Assets.
Click one of the relevant tabs: Cloud Resources, Hosts, Images
Click on the Search or filter websites input box and select Connector from the drop-down selection.
Locate the Wiz option to view all synced assets.
Automating actions on vulnerabilities detected by Wiz
Large environments quickly become unmanageable if constant manual attention and action are necessary to remediate vulnerabilities. Take advantage of the automation capabilities of Vulcan Cyber and the Wiz connector.
Click here to learn how to create automation in the Vulcan Cyber Platform.
FAQs
Can a user connect several Wiz projects to Vulcan?
Wiz has a limitation that it can either fetch all projects or 1 specific project. The user will have to define 1 project or all the projects when setting the connector.