.png?sv=2022-11-02&ss=b&srt=o&spr=https&st=2024-05-03T15%3A05%3A29Z&se=2024-05-03T15%3A15%3A29Z&sp=r&sig=HI2dXSu9Oni%2B6hGEpJ3zVbSrCYRnoqoVkmyeD%2BlQWC0%3D){kind=logo}
Wiz - Add Tags to Assets
- 05 Mar 2024
- 5 Minutes to read
- Print
- DarkLight
- PDF
Wiz - Add Tags to Assets
- Updated on 05 Mar 2024
- 5 Minutes to read
- Print
- DarkLight
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
Wiz - Add Tags to Assets extracts tags from correlated assets within Axonius and adds them to the corresponding asset in Wiz, if it exists, that matches the parameters of the selected query (or to assets selected in the asset table).
For example, if a Wiz device correlates with a Tenable device, the tags on the Tenable device will be added to that device in Wiz.
See an example of the custom tags data and the JSON schema below.
{{snippet.EC_Link_To_Create_EC_Set}}
Notes:
- This Enforcement Action works for all asset types except for Users.
- To use this Enforcement Action, you must successfully configure the Wiz adapter.
General Settings
{{snippet.EC_Action_General_Settings}}
- Use stored credentials from the Wiz adapter - Select this option to use the first connected Wiz adapter credentials.Note:To use this option, you must successfully configure a Wiz adapter connection.
Required Fields
These fields must be configured to run the Enforcement Set.
- {{snippet.EC Action Instance Field}}
Additional Fields
These fields are optional.
- {{snippet.EC Action Tunnel Name Field}}
Connection Parameters
If Use stored credentials from the Wiz adapter is disabled, these fields are required:
Wiz URL - The API URL of the Wiz server that Axonius can communicate with via the Required Ports. You can find the API URL required for the connection configuration via the following Wiz URL: https://app.wiz.io/user/profile. The Wiz URL should follow the pattern https://api.{region}.app.wiz.io/.
Wiz Authentication URL - Enter the authentication URL of either the Amazon Cognito or Auth0 (legacy) method of authentication used to enable the connection to Wiz together with the API token.
Note:The authentication URL should include the hostname only, omitting any suffixes. For example, enter
auth.app.wiz.iowithout a trailing/auth/tokenConfirm that the public IP address of your Axonius instance is added to the "Source IP address" configuration within the Wiz application.
If you are filtering outbound traffic from your Axonius instance, verify that you have both the Wiz URL and Wiz Authentication URL as allowed destinations.
Client Key and Client Secret - See Obtaining the Client Secret and Client ID for details about how to obtain the Client Key and Client Secret.
Required Permissions
The value supplied in Connection Parameters must have the following permissions:
- create:external_data_ingestion
- read:system_activities
- read:resources
Required Ports
Axonius must be able to communicate with the value supplied in Wiz URL via the following ports:
- TCP port 443
APIs
Axonius uses the wiz.io API.
Example of Custom Tag Data
Below is a sample of the custom tags data:
{
"integrationId": "000c0c7b-5f59-46ea-a305-934a15b94930",
"dataSources": [
{
"id": "29A4E640-4BFD-4779-856756756",
"analysisDate": "2023-08-02T16:50:00Z",
"assets": [
{
"assetIdentifier": {
"cloudPlatform": "AWS",
"providerId": "arn:aws:ec2:eu-central-1:9123455:instance/i-04ea5a462c85555"
},
"customTags": [
{
"key": "App",
"value": "Spotify"
},
{
"key": "Owner",
"value": "Beyoncé"
}
]
}
]
}
]
}
Custom Tag JSON Schema
Below is the JSON schema of the custom tags data:
{
"$id": "https://wiz.io/ingestionmodel.schema.json",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "Wiz Ingestion Model",
"type": "object",
"properties": {
"integrationId": {
"type": "string"
},
"dataSources": {
"type": "array",
"items": {
"$ref": "#/$defs/dataSource"
}
}
},
"required": [
"integrationId",
"dataSources"
],
"additionalProperties": false,
"$defs": {
"cloudPlatform": {
"enum": "{{.CloudPlatformEnum}}"
},
"status": {
"enum": "{{.StatusEnum}"
}
},
"severity": {
"enum": "{{.SeverityEnum}}"
},
"eventSeverity": {
"enum": "{{.EventSeverityEnum}}"
},
"detectionMethod": {
"enum": "{{.DetectionMethodEnum}}"
},
"dataCategory": {
"enum": "{{.DataCategoryEnum}}"
},
"dataClassifier": {
"enum": "{{.DataClassifierEnum}}"
},
"mitreTacticId": {
"enum": "{{.MitreTacticIdEnum}}"
},
"mitreTacticName": {
"enum": "{{.MitreTacticNameEnum}}"
},
"mitreTechniqueId": {
"enum": "{{.MitreTechniqueIdEnum}}"
},
"mitreTechniqueName": {
"enum": "{{.MitreTechniqueNameEnum}}"
},
"dataSource": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"analysisDate": {
"type": "string",
"format": "date-time"
},
"assets": {
"type": "array",
"items": {
"$ref": "#/$defs/asset"
}
}
},
"required": [
"id",
"assets"
],
"additionalProperties": false
},
"asset": {
"type": "object",
"properties": {
"assetIdentifier": {
"$ref": "#/$defs/assetIdentifier"
},
"cloudConfigurationFindings": {
"type": "array",
"items": {
"$ref": "#/$defs/cloudConfigFinding"
}
},
"hostConfigurationFindings": {
"type": "array",
"items": {
"$ref": "#/$defs/hostConfigFinding"
}
},
"vulnerabilityFindings": {
"type": "array",
"items": {
"$ref": "#/$defs/vulnerabilityFinding"
}
},
"webAppVulnerabilityFindings": {
"type": "array",
"items": {
"$ref": "#/$defs/webAppVulnerabilityFinding"
}
},
"dataFindings": {
"type": "array",
"items": {
"$ref": "#/$defs/dataFinding"
}
},
"events": {
"type": "array",
"items": {
"$ref": "#/$defs/event"
}
},
"customTags": {
"type": "array",
"items": {
"$ref": "#/$defs/keyValue"
}
}
},
"required": [
"assetIdentifier"
],
"additionalProperties": false
},
"assetIdentifier": {
"type": "object",
"properties": {
"cloudPlatform": {
"$ref": "#/$defs/cloudPlatform"
},
"providerId": {
"type": "string"
},
"networkAddress": {
"type": "string"
},
"endpointUrl": {
"type": "string"
}
},
"oneOf": [
{
"required": [
"providerId"
]
},
{
"required": [
"networkAddress"
]
},
{
"required": [
"endpointUrl"
]
}
],
"required": [
"cloudPlatform"
],
"additionalProperties": false
},
"cloudConfigFinding": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"status": {
"$ref": "#/$defs/status"
},
"severity": {
"$ref": "#/$defs/severity"
},
"externalDetectionSource": {
"$ref": "#/$defs/detectionMethod"
},
"detailedName": {
"type": "string"
},
"version": {
"type": "string"
},
"externalFindingLink": {
"type": "string"
},
"source": {
"type": "string"
},
"description": {
"type": "string"
},
"remediation": {
"type": "string"
}
},
"required": [
"name",
"status"
],
"additionalProperties": false
},
"hostConfigFinding": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"status": {
"$ref": "#/$defs/status"
},
"severity": {
"$ref": "#/$defs/severity"
},
"externalFindingLink": {
"type": "string"
},
"source": {
"type": "string"
},
"description": {
"type": "string"
},
"remediation": {
"type": "string"
}
},
"required": [
"name",
"status"
],
"additionalProperties": false
},
"vulnerabilityFinding": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"severity": {
"$ref": "#/$defs/severity"
},
"externalDetectionSource": {
"$ref": "#/$defs/detectionMethod"
},
"detailedName": {
"type": "string"
},
"version": {
"type": "string"
},
"fixedVersion": {
"type": "string"
},
"externalFindingLink": {
"type": "string"
},
"source": {
"type": "string"
},
"description": {
"type": "string"
},
"remediation": {
"type": "string"
},
"validatedAtRuntime": {
"type": "boolean"
}
},
"required": [
"name",
"severity"
],
"additionalProperties": false
},
"webAppVulnerabilityFinding": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"severity": {
"$ref": "#/$defs/severity"
},
"detailedName": {
"type": "string"
},
"externalFindingLink": {
"type": "string"
},
"source": {
"type": "string"
},
"description": {
"type": "string"
},
"remediation": {
"type": "string"
}
},
"required": [
"name",
"severity"
],
"additionalProperties": false
},
"dataFinding": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"source": {
"type": "string"
},
"externalFindingLink": {
"type": "string"
},
"dataCategory": {
"$ref": "#/$defs/dataCategory"
},
"severity": {
"$ref": "#/$defs/severity"
},
"dataClassifierId": {
"$ref": "#/$defs/dataClassifier"
}
},
"required": [
"name",
"dataCategory",
"dataClassifierId"
],
"additionalProperties": false
},
"event": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"timestamp": {
"type": "string",
"format": "date-time"
},
"name": {
"type": "string"
},
"description": {
"type": "string"
},
"externalFindingLink": {
"type": "string"
},
"severity": {
"$ref": "#/$defs/eventSeverity"
},
"mitreTacticIds": {
"type": "array",
"items": {
"$ref": "#/$defs/mitreTacticId"
}
},
"mitreTacticNames": {
"type": "array",
"items": {
"$ref": "#/$defs/mitreTacticName"
}
},
"mitreTechniqueIds": {
"type": "array",
"items": {
"$ref": "#/$defs/mitreTechniqueId"
}
},
"mitreTechniqueNames": {
"type": "array",
"items": {
"$ref": "#/$defs/mitreTechniqueName"
}
},
"principal": {
"type": "string"
},
"ipAddress": {
"type": "string"
},
"commandLine": {
"type": "string"
},
"path": {
"type": "string"
},
"hash": {
"type": "string"
}
},
"required": [
"id",
"timestamp",
"name",
"externalFindingLink",
"severity",
"mitreTacticIds",
"mitreTechniqueIds"
],
"additionalProperties": false
},
"keyValue": {
"type": "object",
"properties": {
"key": {
"type": "string"
},
"value": {
"type": "string"
}
},
"required": [
"key",
"value"
],
"additionalProperties": false
}
}
{{snippet.ECAction_To_learn_more}}
Was this article helpful?