Wiz
  • 17 Apr 2024
  • 5 Minutes to read
  • Dark
    Light
  • PDF

Wiz

  • Dark
    Light
  • PDF

Article summary

Wiz analyzes all layers of the cloud stack to identify high-risk attack vectors to be prioritized and fixed.

Related Enforcement Actions
Wiz - Add Tags to Assets

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices
  • Users

Parameters

  1. Wiz URL (required) - The API URL of the Wiz server that Axonius can communicate with via the Required Ports. You can find the API URL required for the connection configuration via the following Wiz URL: https://app.wiz.io/user/profile. The Wiz URL should follow the pattern https://api.{region}.app.wiz.io/.
  2. Wiz Authentication URL (required) - Enter the authentication URL of either the Amazon Cognito or Auth0 (legacy) method of authentication used to enable the connection to Wiz together with the API token.
Note:
  • The authentication URL should include the hostname only, omitting any suffixes. For example, enter auth.app.wiz.io without a trailing /auth/token

  • Confirm that the public IP address of your Axonius instance is added to the "Source IP address" configuration within the Wiz application.

  • If you are filtering outbound traffic from your Axonius instance, verify that you have both the Wiz URL and Wiz Authentication URL as allowed destinations.

  1. Client Key and Client Secret (required) - See Obtaining the Client Secret and Client ID for details about how to obtain the Client Key and Client Secret.
  2. Use legacy connection - Select whether to use the legacy connection or the new Report API connection. There are separate permissions for the legacy connection and the new Report connection. Make sure you choose the appropriate permissions.
Note:

Axonius recomends you clear this checkbox and use the new non-legacy connection. Please note that the latest features are only supported by the non-legacy connection.

  1. HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
  2. Project ID Mapping (Legacy Only) - Enter the Project ID of the account to fetch.
  3. Project UUID - Enter a project UUID to fetch resources only from the project listed.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Wiz_adapter


Advanced Settings

Note:

Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

  1. Asset types to fetch (optional, default: VIRTUAL_MACHINE) - Select one or more types of assets to fetch.

  2. Do not fetch devices where Power State is Turned Off (optional) - When selected, devices with a power state 'off' are not fetched by Axonius.

  3. Fetch cloud configuration findings - Select this option to enrich assets with cloud configuration findings.

  4. Cloud configuration findings severity to fetch - Select severity levels from this drop-down to filter cloud configuration findings.

  5. Cloud configuration findings status to fetch - Select status values from this drop-down to filter cloud configuration findings.

  6. Fetch issues (required) - Select whether to fetch issues and enrich devices with issue data.

  7. Fetch issues evidence (non-legacy) (required) - Select whether to fetch issues evidence data. This option is only available for non-legacy connections.

  8. Fetch issue source rules (required, default: False) - Select whether to fetch issue source rules data. This includes data for Controls as well as other sources for Issues, such as Cloud Configuration Rules and Cloud Event Rules.

  9. Issues severity to fetch (required, default: CRITICAL, HIGH, MEDIUM) - Select one or more severity levels to filter issues that are fetched.

  10. Issues status to fetch (required, default: OPEN, IN_PROGRESS) - Select one or more statuses to filter issues that are fetched.

  11. Fetch vulnerability findings (optional) - Select to fetch vulnerability information from Wiz.

  12. Fetch Installed Software - Select this option to fetch installed software for Containers, Container Images, and Virtual Machines.

  13. Parse vulnerability findings description (warning: heavy field) - Select this option to fetch the vulnerability description field.

  14. Vulnerability findings detection method to fetch - From the drop-down, select one or more detection methods to filter vulnerability findings that are fetched. If empty all methods will be fetched.

  15. Vulnerability findings severity to fetch (required, default: CRITICAL, HIGH, MEDIUM) - Select one or more severity levels of vulnerability findings to filter findings that are fetched. Select 'NONE' to not filter per vulnerability findings severity.

  16. Attach volumes to associated VMs (required, default: True) - Select this option to attach cloud storage volumes to their associated VMs. When you select this option, volumes are not created as separate devices. When the option is cleared, each volume is created as a separate device.

  17. Attach network interfaces to associated assets (required, default: True) - Select this option to attach network interfaces to their associated assets.

  18. Fetch subscription tags - Select this option to fetch Subscription Tags

  19. List of tags to parse as fields - Specify a comma-separated list of tag keys to be parsed as device fields. Each tag is a key-value pair that is part of the Adapter Tags complex field.

  20. Fetch Wiz users (required, default: False) - Select this option to fetch Wiz users (Wiz platform user accounts).

  21. Fetch cloud user assets (required, default: False) - Select this option to fetch cloud user assets discovered by Wiz.

  22. Cloud user asset types to fetch (optional) - Select one or more user types of assets to fetch.

Note:

To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.


APIs

Axonius uses the wiz.io API.

Obtaining the Client Secret and Client ID

To obtain the Wiz URL

  • Navigate to your user profile and copy the API Endpoint URL.

To obtain the Wiz Client ID and Client Secret

  1. Navigate to Settings > Service Accounts .
  2. Click Add Service Account.
  3. Name the new service account, for example: Axonius Integration
  4. If you desire, narrow the scope of this service account to specific projects.
  5. Select the permission read:resources and click Add Service Account.
  6. Copy the CLIENT SECRET. Note that you won't be able to copy it after this stage.
  7. Copy the CLIENT ID, which is displayed under the Service Accounts page.


Required Ports

Axonius must be able to communicate with the value supplied in Wiz URL via the following ports:

  • TCP port 443

Required Permissions

The value supplied in Client ID must have the following permissions:

ConnectionMinimum PermissionsAlternative Permission
For Legacy connection
  • read:projects
  • read:issues
  • read:vulnerabilities
  • read:resources
  • read:all
  • For New Report connection
  • read:reports
  • create:reports
  • read:issues
  • read:vulnerabilities
  • For Fetch Wiz users (adv config)
    only applies to New Report connection.
  • read:users
  • For Fetch Cloud Configuration findings (adv config)
    only applies to New Report connection.
  • read:cloud_configuration
  • For Fetch Cloud users (adv config)
  • read:resources

  • Supported From Version

    Supported from Axonius version 4.4


    Was this article helpful?

    What's Next
    Changing your password will log you out immediately. Use the new password to log back in.
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.