.png?sv=2019-07-07&sig=BYNMB2j37ol5JF86q5xMoX%2Fz8o17BHWw183EirJBTH4%3D&spr=https%2Chttp&st=2023-03-25T10%3A59%3A42Z&se=2023-03-25T11%3A09%3A42Z&srt=o&ss=b&sp=r){kind=logo}
Wiz
- 20 Mar 2023
- 4 Minutes to read
-
Print
-
DarkLight
-
PDF
Wiz
- Updated on 20 Mar 2023
- 4 Minutes to read
-
Print
-
DarkLight
-
PDF
Wiz analyzes all layers of the cloud stack to identify high-risk attack vectors to be prioritized and fixed.
Types of Assets Fetched
This adapter fetches the following types of assets:
- Devices
- Users
Parameters
- Wiz URL (required) - The URL of the API of the Wiz server that Axonius can communicate with via the Required Ports. Retrieving the Wiz URL from the user profile https://app.wiz.io/user/profile. 'https://' is required.
- Wiz Authentication URL (required) - Enter the authentication URL of either the Amazon Cognito or Auth0 (legacy) method of authentication used to enable the connection to Wiz together with the API token.
Note:
-
The authentication URL should include the hostname only, omitting any suffixes. For example, enter
auth.app.wiz.iowithout a trailing/auth/token -
Confirm that the public IP address of your Axonius instance is added to the "Source IP address" configuration within the Wiz application.
-
If you are filtering outbound traffic from your Axonius instance, verify that you have both the Wiz URL and Wiz Authentication URL as allowed destinations.
- Client Key and Client Secret (required) - See Obtaining the Client Secret and Client ID for details about how to obtain the Client Key and Client Secret.
- Use legacy connection (required, default: true) - Select whether to use the legacy connection or the new Report API connection. There are separate permissions for the legacy connection and the new Report connection. Make sure you choose the appropriate permissions.
Note:
Axonius recomends you clear this checkbox and use the new non-legacy connection. Please note that the latest features are only supported by the non-legacy connection.
- HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
- Project ID Mapping (Legacy Only) - Enter the Project ID of the account to fetch.
- Project UUID - Enter a project UUID to fetch resources only from the project listed.
To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.
Advanced Settings
Note:
From version 4.6, Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to Advanced Configuration for Adapters.
- Asset types to fetch (optional, default: VIRTUAL_MACHINE) - Select one or more types of assets to fetch.
- Do not fetch devices where Power State is Turned Off (optional) - When selected, devices with a power state 'off' are not fetched by Axonius.
- Fetch issues (required) - Select whether to fetch issues and enrich devices with issue data.
- Fetch issues evidence (non-legacy) (required) - Select whether to fetch issues evidence data. This option is only available for non-legacy connections.
- Issues severity to fetch (required, default: CRITICAL, HIGH, MEDIUM) - Select one or more severity levels to filter issues that are fetched.
- Issues status to fetch (required, default: OPEN, IN_PROGRESS) - Select one or more statuses to filter issues that are fetched.
- Fetch vulnerability findings (optional) - Select to fetch vulnerability information from Wiz.
- Vulnerability findings severity to fetch (required, default: CRITICAL, HIGH, MEDIUM) - Select one or more severity levels of vulnerability findings to filter findings that are fetched. Select 'NONE' to not filter per vulnerability findings severity.
- Attach volumes to associated VMs (required, default: True) - Select this option to attach cloud storage volumes to their associated VMs. When you select this option, volumes are not created as separate devices. When the option is cleared, each volume is created as a separate device.
- List of tags to parse as fields - Specify a comma-separated list of tag keys to be parsed as device fields. Each tag is a key-value pair that is part of the Adapter Tags complex field.
- Fetch Wiz users (Required, default: False): Select this option to fetch Wiz users (Wiz platform user accounts).
Note:
To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.
APIs
Axonius uses the wiz.io API.
Obtaining the Client Secret and Client ID
To obtain the Wiz URL
- Navigate to your user profile and copy the API Endpoint URL.
To obtain the Wiz Client ID and Client Secret
- Navigate to Settings > Service Accounts .
- Click Add Service Account.
- Name the new service account, for example: Axonius Integration
- If you desire, narrow the scope of this service account to specific projects.
- Select the permission read:resources and click Add Service Account.
- Copy the CLIENT SECRET. Note that you won't be able to copy it after this stage.
- Copy the CLIENT ID, which is displayed under the Service Accounts page.
Required Ports
Axonius must be able to communicate with the value supplied in Wiz URL via the following ports:
- TCP port 443
Required Permissions
The value supplied in Client ID must have the following permissions:
| Connection | Minimum Permissions | Alternative Permission |
|---|---|---|
| For Legacy connection | ||
| For New Report connection |
- Fetch Wiz users advanced configuration requires
read:users. This only applies to New Report connection.
Supported From Version
Supported from Axonius version 4.4