Axonius Documentation
Start typing to search…

Wiz

❗️

Customers using a Custom Wiz Service Account to connect Axonius to Wiz should migrate to using the Wiz Axonius integration Service Account (see below ). The integration is vetted by both companies and ensures a proper support and escalation mechanism. Contact Axonius support if you have any question.

Wiz analyzes all layers of the cloud stack to identify high-risk attack vectors to be prioritized and fixed.

Types of Assets Fetched

This adapter fetches the following types of assets:

Devices | Vulnerabilities | Users | Software | Roles | Groups | SaaS Applications | Domains & URLs | Compute Services | Application Services | Networks | Load Balancers | Databases | Containers | Object Storage | Network Services | File Systems | Accounts/Tenants | Serverless Functions | Disks | Compute Images | Secrets | Certificates | Alerts/Incidents | Permissions

Before You Begin

Supported From Version

Supported from Axonius version 4.4

APIs

Axonius uses the Wiz API.

Required Ports:

  • TCP port 443

Required Permissions

The Wiz Axonius integration is required for this adapter deployment. The appropriate permissions will be set automatically by the integration, which is vetted and tested by both Axonius and Wiz.

📘

Note:

Users are able to see the permissions set in the integration's Service Account prior to creating the integration.

Configuring the Wiz Axonius Integration

  1. In Wiz, go to Settings > Deployments > Integration and click + Add Deployment.

  2. Under the required category or by using the search bar, type Axonius.

  3. On the New Axonius Integration page:

    1. For Name, enter a meaningful name, for example: Axonius Integration
    2. For Scope, narrow the scope of this integration to specific projects
    3. Review the permissions required for the service account that is used for this integration.


  4. Click Add Integration.

  5. A new service account is created. Under New Service Account Credentials, copy and save the following to a local file or secure location for the next step:

    1. Client ID
    2. Client Secret
    3. API Endpoint URL
    4. API Authentication URL

Deploying the Wiz Adapter in Axonius

  • Navigate to the Adapters page, search for Wiz, and click on the adapter tile.
  • Click Add Connection.

Required Parameters

  1. API Endpoint URL - The API Endpoint URL of the Wiz server that Axonius can communicate with via the Required Ports. Use the API Endpoint URL that you previously copied.
  2. Authentication URL - Enter the URL of the Authentication service used for the Wiz application. Use the API Authentication URL that you previously copied.
📘

Notes

  • The authentication URL should include the hostname only, omitting any suffixes. For example, enter auth.app.wiz.io without a trailing /auth/token

  • Confirm that the public IP address of your Axonius instance is added to the "Source IP address" configuration within the Wiz application.

  • If you are filtering outbound traffic from your Axonius instance, verify that you have both the API Endpoint UR and Authentication URL as allowed destinations.

  1. Client Key and Client Secret - Input the Key and Secret from the Axonius Integration Service Account. Use the Client ID and Client Secret that you previously copied.

Optional Parameters

  1. HTTPS Proxy - Connect the adapter to a proxy instead of directly connecting it to the domain.
  2. Project ID Mapping (Legacy Only, DO NOT USE for new connections)
  3. Project UUID - Enter the Project UUID or use an asterisk * to retrieve all projects.
  4. Use legacy connection (Legacy Only) - uncheck if migrating from custom service account to Wiz Axonius integration service account.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Advanced Settings

📘

Note

Advanced settings can either apply to all connections for this adapter, or to a specific connection. Refer to ​Advanced Configuration for Adapters.

Expand/Collapse

  1. Inventory report maximum number of rows (imposed by Wiz API) (optional, default: 100000) - Set the maximum number of row for an Inventory report.

  2. Asset types to fetch (optional, default: VIRTUAL_MACHINE) - Select one or more types of assets to fetch.

  3. Do not fetch devices where Power State is Turned Off (optional) - When selected, devices with a power state 'off' are not fetched by Axonius.

  4. Fetch cloud configuration findings - Select this option to enrich assets with cloud configuration findings.

  5. Cloud configuration findings severity to fetch - Select severity levels from this drop-down to filter cloud configuration findings.

  6. Cloud configuration findings status to fetch - Select status values from this drop-down to filter cloud configuration findings.

  7. Issues report maximum number of rows (imposed by Wiz API) (optional, default: 30000) - Set the maximum number of row for an Issues report.

  8. Fetch issues (required) - Select whether to fetch issues and enrich devices with issue data.

  9. Fetch issues evidence (non-legacy) (required) - Select whether to fetch issues evidence data. This option is only available for non-legacy connections.

  10. Fetch issue source rules (required, default: False) - Select whether to fetch issue source rules data. This includes data for Controls as well as other sources for Issues, such as Cloud Configuration Rules and Cloud Event Rules.

  11. Issues severity to fetch (required, default: CRITICAL, HIGH, MEDIUM) - Select one or more severity levels to filter issues that are fetched.

  12. Issues status to fetch (required, default: OPEN, IN_PROGRESS) - Select one or more statuses to filter issues that are fetched.

  13. Fetch vulnerability findings (optional) - Select to fetch vulnerability information from Wiz.

  14. Vulnerability status to fetch - Enter the vulnerability statuses you want to fetch. The option are Open, Rejected, or Resolved.

  15. Ignore rejected and resolved vulnerabilities older than - Set a number of days so that the adapter will ignore rejected and resolved vulnerabilities older than that number of days.

  16. Fetch Installed Software - Select this option to fetch installed software for Containers, Container Images, and Virtual Machines.

  17. Filter installed software older than X days (optional, default: 8) - Select whether to enrich installed software data for installed software older than the provided number of days. If you enter 0, no filtering will occur.

  18. Parse vulnerability findings description (warning: heavy field) - Select this option to fetch the vulnerability description field.

  19. Vulnerability findings detection method to fetch - From the drop-down, select one or more detection methods to filter vulnerability findings that are fetched. If empty all methods will be fetched.

  20. Vulnerability findings severity to fetch (required) - Select one or more severity levels of vulnerability findings to filter findings that are fetched. The options are: CRITICAL, HIGH, MEDIUM, LOW, LOW_WITH_A_FIX, NONE. Select 'NONE' to not filter per vulnerability findings severity.

  21. Fetch network exposures - Select this option to fetch network exposures from Wiz. The Wiz network analysis engine identifies the effective exposure paths of cloud resources, providing an important layer of context for identifying and prioritizing critical risks in an environment.

  22. Enrich assets with Stateful set - Select this option to enrich assets with information on their Kubernetes cluster type.

  23. Enrich assets with Service Usage Technology - Select this option to enrich subscriptions with service usage tech information.

  24. Enrich assets with Authentication Configuration - Select to enrich assets with information on their Authentication Configuration.

  25. Attach volumes to associated VMs (required, default: True) - Select this option to attach cloud storage volumes to their associated VMs. When you select this option, volumes are not created as separate devices. When the option is cleared, each volume is created as a separate device.

  26. Attach network interfaces to associated assets (required, default: True) - Select this option to attach network interfaces to their associated assets.

  27. Fetch subscription tags - Select this option to fetch Subscription Tags. When this setting is selected, the adapter creates dynamic subscription_tag fields and parses the tags into the regular subscription_tags list.

  28. List of tags to parse as fields - Specify a comma-separated list of tag keys to be parsed as device fields. Each tag is a key-value pair that is part of the Adapter Tags complex field.

  29. Fetch Wiz users (required, default: False) - Select this option to fetch Wiz users (Wiz platform user accounts).

  30. Fetch cloud user assets (required, default: False) - Select this option to fetch cloud user assets discovered by Wiz.

  31. Cloud user asset types to fetch (optional) - Select one or more user types of assets to fetch.

  32. Parse Wiz vulnerability findings to a separate field - Wiz vulnerability findings are parsed by default into the Vulnerable Software field. Selecting this option will also parse them into a field named Vulnerability Findings.

  33. Fetch compute images as devices - Select this option to parse compute images as both Compute Images and Devices asset types. When this setting is unselected, the SANPSHOT asset type is only parsed as Compute Images.

📘

Note

To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.

Related Enforcement Actions

Wiz - Add Tags to Assets



Updated 2 days ago