- 16 Oct 2024
- 5 Minutes to read
- Print
- DarkLight
- PDF
Wiz
- Updated on 16 Oct 2024
- 5 Minutes to read
- Print
- DarkLight
- PDF
Wiz analyzes all layers of the cloud stack to identify high-risk attack vectors to be prioritized and fixed.
Related Enforcement Actions
Wiz - Add Tags to Assets
Types of Assets Fetched
This adapter fetches the following types of assets:
- Devices
- Users
Parameters
- Wiz URL (required) - The API URL of the Wiz server that Axonius can communicate with via the Required Ports. You can find the API URL required for the connection configuration via the following Wiz URL: https://app.wiz.io/user/profile. The Wiz URL should follow the pattern https://api.{region}.app.wiz.io/.
- Wiz Authentication URL (required) - Enter the URL of the Authentication service used for the Wiz application (see Initial Setup below).
Authorize with Wiz, Amazon Cognito or Auth0 (legacy).
The authentication URL should include the hostname only, omitting any suffixes. For example, enter
auth.app.wiz.io
without a trailing/auth/token
Confirm that the public IP address of your Axonius instance is added to the "Source IP address" configuration within the Wiz application.
If you are filtering outbound traffic from your Axonius instance, verify that you have both the Wiz URL and Wiz Authentication URL as allowed destinations.
- Client Key and Client Secret (required) - See Initial Setup for details about how to obtain the Client Key and Client Secret.
- Use legacy connection - Select whether to use the legacy connection or the new Report API connection. There are separate permissions for the legacy connection and the new Report connection. Make sure you choose the appropriate permissions.
Axonius recomends you clear this checkbox and use the new non-legacy connection. Please note that the latest features are only supported by the non-legacy connection.
- HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
- Project ID Mapping (Legacy Only) - Enter the Project ID of the account to fetch.
- Project UUID - Enter a project UUID to fetch resources only from the project listed. To obtain the project UUID, in the Wiz platform:
- Select Settings > Projects.
- Click the three dots to the right of the relevant project.
- Copy the project UUID provided.
Specifying a single project UUID is most recommended. You can use an asterisk to pull all projects, but permission errors might encounter as a result.
To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.
Advanced Settings
Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to Advanced Configuration for Adapters.
Asset types to fetch (optional, default: VIRTUAL_MACHINE) - Select one or more types of assets to fetch.
Do not fetch devices where Power State is Turned Off (optional) - When selected, devices with a power state 'off' are not fetched by Axonius.
Fetch cloud configuration findings - Select this option to enrich assets with cloud configuration findings.
Cloud configuration findings severity to fetch - Select severity levels from this drop-down to filter cloud configuration findings.
Cloud configuration findings status to fetch - Select status values from this drop-down to filter cloud configuration findings.
Fetch issues (required) - Select whether to fetch issues and enrich devices with issue data.
Fetch issues evidence (non-legacy) (required) - Select whether to fetch issues evidence data. This option is only available for non-legacy connections.
Fetch issue source rules (required, default: False) - Select whether to fetch issue source rules data. This includes data for Controls as well as other sources for Issues, such as Cloud Configuration Rules and Cloud Event Rules.
Issues severity to fetch (required, default: CRITICAL, HIGH, MEDIUM) - Select one or more severity levels to filter issues that are fetched.
Issues status to fetch (required, default: OPEN, IN_PROGRESS) - Select one or more statuses to filter issues that are fetched.
Fetch vulnerability findings (optional) - Select to fetch vulnerability information from Wiz.
Fetch Installed Software - Select this option to fetch installed software for Containers, Container Images, and Virtual Machines.
Parse vulnerability findings description (warning: heavy field) - Select this option to fetch the vulnerability description field.
Vulnerability findings detection method to fetch - From the drop-down, select one or more detection methods to filter vulnerability findings that are fetched. If empty all methods will be fetched.
Vulnerability findings severity to fetch (required, default: CRITICAL, HIGH, MEDIUM) - Select one or more severity levels of vulnerability findings to filter findings that are fetched. Select 'NONE' to not filter per vulnerability findings severity.
Fetch network exposures - Select this option to fetch network exposures from Wiz. The Wiz network analysis engine identifies the effective exposure paths of cloud resources, providing an important layer of context for identifying and prioritizing critical risks in an environment.
Attach volumes to associated VMs (required, default: True) - Select this option to attach cloud storage volumes to their associated VMs. When you select this option, volumes are not created as separate devices. When the option is cleared, each volume is created as a separate device.
Attach network interfaces to associated assets (required, default: True) - Select this option to attach network interfaces to their associated assets.
Fetch subscription tags - Select this option to fetch Subscription Tags
List of tags to parse as fields - Specify a comma-separated list of tag keys to be parsed as device fields. Each tag is a key-value pair that is part of the Adapter Tags complex field.
Fetch Wiz users (required, default: False) - Select this option to fetch Wiz users (Wiz platform user accounts).
Fetch cloud user assets (required, default: False) - Select this option to fetch cloud user assets discovered by Wiz.
Cloud user asset types to fetch (optional) - Select one or more user types of assets to fetch.
To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.
APIs
Axonius uses the wiz.io API.
Initial Setup
To obtain the Wiz API URL
- Click your initials at the upper right corner of http://Wiz.io.
- Select Tenant Info.
- Under Tenant Info you can find your API Endpoint URL.
To obtain the Wiz Client ID and Client Secret
- Navigate to Settings > Access Management > Service Accounts .
- Click Add Service Account.
- Name the new service account, for example: Axonius Integration
- If you desire, narrow the scope of this service account to specific projects.
- Select the permission read:resources and click Add Service Account.
- Copy the CLIENT SECRET. Note that you won't be able to copy it after this stage.
- Copy the CLIENT ID, which is displayed under the Service Accounts page.
Required Ports
Axonius must be able to communicate with the value supplied in Wiz URL via the following ports:
- TCP port 443
Required Permissions
The value supplied in Client ID must have the following permissions:
Connection | Minimum Permissions | Alternative Permission |
---|---|---|
For Legacy connection | ||
For New Report connection | ||
For Fetch Wiz users (adv config) only applies to New Report connection. | ||
For Fetch Cloud Configuration findings (adv config) only applies to New Report connection. | ||
For Fetch Cloud users (adv config) |
Supported From Version
Supported from Axonius version 4.4