Skip to main content
All CollectionsConnectorsOlder Release
Wiz Issues Connector (previous revision)
Wiz Issues Connector (previous revision)
Updated over a week ago

Am I reading the correct user guide?

Some connectors on the Vulcan help center offer multiple user guides tailored to different setups and versions.

Click on 'How to connect' on the Connector's setup page to open the right guide for your setup and version, ensuring accuracy and relevance.


Overview

About Wiz Issues

Wiz scans every layer of cloud environments without agents to provide complete visibility into every technology running in the client’s cloud without blind spots. Wiz connects via API to AWS, Azure, GCP, OCI, Alibaba Cloud, VMware vSphere, Openshift, and Kubernetes across virtual machines, containers, and serverless.

Why integrate Wiz Issues into the Vulcan platform?

The Wiz Issues by Vulcan integrates with the Wiz platform to pull and ingest Host, Image, and Cloud assets and their associated vulnerability-type issues into your Vulcan Platform. Once the integration is complete, the Vulcan Platform scans the report's findings to correlate, consolidate, and contextualize the ingested data to impact risk and remediation priority.

Wiz Issue Conenctor Details

Supported products

Wiz Issues

Category

Cloud

Ingested asset type(s)

Hosts

Images

Cloud Resources

Integration type

UNI directional (data is transferred from the Connector to the Vulcan Platform in one direction)

Supported version and type

SaaS (latest)


Connector Setup

Prerequisites and user permissions

Before you begin configuring the Connector, make sure you have the following:

  • A Wiz service account with the following access permissions:

    • create:reports

    • delete:reports

    • update:reports

    • read:reports

    • read:issues

    • write:reports

  • The authentication credentials for that service account.

  • Your Wiz issues URL: https://api.usXX.app.wiz.io (or https://api.usXX.app.wiz.io/graphql).

    Read more about Wiz Endpoint URLs

Configuring the Wiz Issues Connector

  1. Log in to your Vulcan Cyber dashboard and go to Connectors.

  2. Click on Add a Connector.

  3. Click on the Wiz Issues icon.

  4. Set up the Connector as follows:

    • Enter your Wiz account's Server URL, author URL, Client ID, and Client secret.

  5. Select the relevant authentication method.

  6. Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Wiz instance, then click Create (or Save Changes).

  7. The Advanced Configuration drop-down allows you to set the Connector's sync time. By default, all days are selected.

  8. Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.

  9. Allow some time for the sync to complete. Then, you can review the sync status under Log on the Connector's setup page.

  10. To confirm the sync is complete, navigate to the Connectors page. Once the Wiz Issues icon shows Connected, the sync is complete.


Wiz Issues in the Vulcan Platform

Viewing Wiz Issues vulnerabilities in the Vulcan Platform

To view vulnerabilities by Connector:

  1. Go to the Vulnerabilities page.

  2. Click on Filter and set the condition to Vulnerability > Connector is Wiz Issues.

Viewing Wiz Issues assets in the Vulcan Platform

Viewing assets by Connector for users with the new platform view (Asset Hub):

  1. Go to the Assets page.

  2. Click on "Filter " and specify the condition as "Assets > Connector is Wiz Issues".

Viewing assets by Connector for users with the older platform view:

  1. Go to the Assets page.

  2. Choose the relevant asset type tab.

  3. Click on "Filter" and specify the condition as "Assets > Connector is Wiz Issues"

You can add more filters to narrow down your search further.
See the complete list of available asset filters.

Click on any asset for more asset details.

Taking Action on vulnerabilities/issues and assets detected by Wiz Issues

To take remediation action on vulnerabilities and assets detected by Wiz Issues:

  1. Go to the Vulnerabilities or Assets Page.

  2. Use the Filter to filter vulnerabilities by the Wiz Issues connector and display all synced vulnerabilities/assets and their associated assets/vulnerabilities.

  3. Select the relevant vulnerabilities/assets from the results list.

  4. Click on Take Action to proceed with remediation or further actions.

Automating remediation actions on vulnerabilities detected by Wiz Issues

Use Vulcan Playbooks to create automation and remediate vulnerabilities at scale.


From Wiz Issues to the Vulcan Platform - Data Mapping

The Vulcan Platform integrates with Wiz through API to pull relevant vulnerabilities and assets data and map it into the Vulcan Platform pages and fields.

  • Inventories ingested: VIRTUAL_MACHINE, CONTAINER_IMAGE, SERVERLESS

  • All issue types are ingested into the Vulcan Platform

Host fields mapping

Wiz field

Vulcan field

Name

External ID

or

entitySnapshot.name

entitySnapshot.externalId

Uniqueness criteria

Name

Asset Name

Cloud native JSON
WIZ JSON object
Provider ID
External ID
Cloud Platform
Subscription
Subscription ID
Projects
Region
Resource Type
Native Type
Public DNS name (Cloud json)

Asset details

Hosts

Asset type

asset['Wiz JSON Object'].ipAddresses or IpAddresses

IP

asset['Wiz JSON Object'].operatingSystem or OperatingSystem

OS

common.creationDate or image.common.creationDate or image.common.originalObject.CreationDate

Created date

Last connector’s sync date.

Last seen date

asset['Cloud Native JSON'].NetworkInterfaces.MacAddress

Multiple mac addresses

id

Vulnerability instance uniqueness criteria

First connector sync date.

Vulnerability instance first seen

Last connector sync date.

Vulnerability instance Last seen

sourceRule.name

Unique vulnerability uniqueness criteria

sourceRule.name

Vulnerability title

severity

Vulnerability score

sourceRule.controlDescription or sourceRule.cloudEventRuleDescription or sourceRule.cloudConfigurationRuleDescription

Vulnerability description

Source Rule ID

Source Rule Control

Vulnerability details

severity

CVSS

sourceRule.name

Fix title

sourceRule.resolutionRecommendation or sourceRule.remediationInstructions

Fix description

Image fields mapping

Wiz field

Vulcan field

Name

External ID

or

entitySnapshot.name

entitySnapshot.externalId

Uniqueness criteria

AssetName or Name

Asset Name

Projects

Cloud Platform

Region

Subscription

Subscription ID

Resource Type

Native Type

Provider ID

Wiz External ID

Image Source

Asset details

Images - Wiz Container Images

Asset type

asset['Wiz JSON Object'].repoExternalId

Repository

Images

Repo type

asset['Wiz JSON Object'].operatingSystem

OS

asset['Wiz JSON Object'].operatingSystem

OS version

asset['Wiz JSON Object'].repoExternalId

Path location

Tags.items()

Asset Tags - Vendor’s tags

Project

Cloud Platform

Region

Subscription

Subscription ID

Image Source

Asset Tags - Additional

Last connector’s sync date.

Last seen

common.creationDate or image.common.creationDate or image.common.originalObject.CreationDate

Creation date

id

Vulnerability instance uniqueness criteria

sourceRule.name

Unique vulnerability uniqueness criteria

sourceRule.name

Vulnerability title

severity

Vulnerability score

description

Vulnerability description

Source Rule ID

Source Rule Control

Vulnerability details

severity

CVSS

sourceRule.name

Fix title

sourceRule.resolutionRecommendation or sourceRule.remediationInstructions

Fix descriptions

Severity

Status

Created At

Updated At

Issue ID

Service Tickets

Notes

Due At

WizURL

Asset - Vulnerability instance connection (info tooltip)

Cloud Resource fields mapping

Wiz field

Vulcan field

Name

External ID

or

entitySnapshot.name

entitySnapshot.externalId

Uniqueness criteria

Name or entitySnapshot.name

Asset Name

Projects

Cloud Platform

Region

Subscription

Subscription ID

Resource Type

Native Type

Provider ID

Wiz External ID

Role

FunctionArn

Kind

Cloud Provider Url

Runtime

Asset details

Cloud Resources

Asset type

Tags.items()

Asset Tags - Vendor’s tags

Project

Cloud Platform

Region

Subscription

Subscription ID

Asset Tags - Additional

asset['Wiz JSON Object'].common.creationDate

asset['Wiz JSON Object'].image.common.creationDate or asset['Wiz JSON Object'].image.common.originalObject.CreationDate

Created date

Last connector’s sync date.

Last seen

id

Vulnerability instance uniqueness criteria

sourceRule.name

Unique vulnerability uniqueness criteria

sourceRule.name

Vulnerability title

sourceRule.controlDescription or sourceRule.cloudEventRuleDescription or sourceRule.cloudConfigurationRuleDescription

Vulnerability description

Source Rule Control

Source Rule ID

Vulnerability details

severity

CVSS

sourceRule.name

Fix title

sourceRule.resolutionRecommendation or sourceRule.remediationInstructions

Fix description

Severity

Status

Created At

Updated At

Issue ID

Service Tickets

Notes

Due At

WizURL

Assets-Vulnerability instance connection (info tooltip)

Vulnerability status mapping

Wiz Status

Vulcan Status

Vulnerable

if the status isn’t 'RESOLVED', it is considered 'vulnerable'.

Fixed

When vuln-instance is not imported, or the status is 'RESOLVED,' it is considered 'fixed.'

Ignored - false positive

-

Ignored risk acknowledged

-

Vulnerability score mapping

Wiz score

Vulcan score

CRITICAL

10

HIGH

8

MEDIUM

6

LOW

4

INFORMATIONAL

2

Status Update Mechanisms

Every day, the Vulcan Platform syncs with the vendor's platform to receive updates on existing vulnerabilities and assets and to retrieve new ones (if any are added).

The table below lists how the status update mechanism works in the Wiz Issues connector for the vulnerabilities and assets in the Vulcan Platform.

Update type in Vulcan

Mechanism (When?)

The asset is archived

- Asset not found on the Connector's last sync

- Asset not seen for X days according to "Last Seen"

The vulnerability instance status changes to "Fixed"

- If the vulnerability no longer appears in the scan findings.

- Vulnerability status on the Connector's side changes to 'RESOLVED'

Note: Asset or vulnerability updates on the vendor side are reflected on the Vulcan Platform only on the next scheduled connector sync (the next day).

API Endpoints in Use

API version: November 2022

API

Mutation/Query

Use in Vulcan

Permissions required

POST:

{{ auth_url }}/oauth/token

-

Auth

POST:

{{ server_url }}/graphql

CreateReport

Generate an asset report in the client environment.

create:reports

POST:

{{ server_url }}/graphql

ReportDownloadUrl

Getting the url to download the report.

read:reports

GET:

report_url

-

Getting the data in the report.

POST:

{{ server_url }}/graphql

IssuesTable

Getting data about finding (assets, vulnerabilities and solutions).

read:issues

Did this answer your question?