Wiz

Wiz analyzes all layers of the cloud stack to identify high-risk attack vectors to be prioritized and fixed.

Related Enforcement Actions
Wiz - Add Tags to Assets

Types of Assets Fetched

This adapter fetches the following types of assets:

• Devices
• Users

Parameters

1. Wiz URL (required) - The API URL of the Wiz server that Axonius can communicate with via the Required Ports. You can find the API URL required for the connection configuration via the following Wiz URL: https://app.wiz.io/user/profile. The Wiz URL should follow the pattern https://api.{region}.app.wiz.io/.
2. Wiz Authentication URL (required) - Enter the authentication URL of either the Amazon Cognito or Auth0 (legacy) method of authentication used to enable the connection to Wiz together with the API token.

3. Client Key and Client Secret (required) - See Obtaining the Client Secret and Client ID for details about how to obtain the Client Key and Client Secret.
4. Use legacy connection - Select whether to use the legacy connection or the new Report API connection. There are separate permissions for the legacy connection and the new Report connection. Make sure you choose the appropriate permissions.

5. HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
6. Project ID Mapping (Legacy Only) - Enter the Project ID of the account to fetch.
7. Project UUID - Enter a project UUID to fetch resources only from the project listed.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Advanced Settings

1. Asset types to fetch (optional, default: VIRTUAL_MACHINE) - Select one or more types of assets to fetch.

2. Do not fetch devices where Power State is Turned Off (optional) - When selected, devices with a power state 'off' are not fetched by Axonius.

3. Fetch cloud configuration findings - Select this option to enrich assets with cloud configuration findings.

4. Cloud configuration findings severity to fetch - Select severity levels from this drop-down to filter cloud configuration findings.

5. Cloud configuration findings status to fetch - Select status values from this drop-down to filter cloud configuration findings.

6. Fetch issues (required) - Select whether to fetch issues and enrich devices with issue data.

7. Fetch issues evidence (non-legacy) (required) - Select whether to fetch issues evidence data. This option is only available for non-legacy connections.

8. Fetch issue source rules (required, default: False) - Select whether to fetch issue source rules data. This includes data for Controls as well as other sources for Issues, such as Cloud Configuration Rules and Cloud Event Rules.

9. Issues severity to fetch (required, default: CRITICAL, HIGH, MEDIUM) - Select one or more severity levels to filter issues that are fetched.

10. Issues status to fetch (required, default: OPEN, IN_PROGRESS) - Select one or more statuses to filter issues that are fetched.

11. Fetch vulnerability findings (optional) - Select to fetch vulnerability information from Wiz.

12. Fetch Installed Software - Select this option to fetch installed software for Containers, Container Images, and Virtual Machines.

13. Parse vulnerability findings description (warning: heavy field) - Select this option to fetch the vulnerability description field.

14. Vulnerability findings detection method to fetch - From the drop-down, select one or more detection methods to filter vulnerability findings that are fetched. If empty all methods will be fetched.

15. Vulnerability findings severity to fetch (required, default: CRITICAL, HIGH, MEDIUM) - Select one or more severity levels of vulnerability findings to filter findings that are fetched. Select 'NONE' to not filter per vulnerability findings severity.

16. Attach volumes to associated VMs (required, default: True) - Select this option to attach cloud storage volumes to their associated VMs. When you select this option, volumes are not created as separate devices. When the option is cleared, each volume is created as a separate device.

17. Attach network interfaces to associated assets (required, default: True) - Select this option to attach network interfaces to their associated assets.

18. Fetch subscription tags - Select this option to fetch Subscription Tags

19. List of tags to parse as fields - Specify a comma-separated list of tag keys to be parsed as device fields. Each tag is a key-value pair that is part of the Adapter Tags complex field.

20. Fetch Wiz users (required, default: False) - Select this option to fetch Wiz users (Wiz platform user accounts).

21. Fetch cloud user assets (required, default: False) - Select this option to fetch cloud user assets discovered by Wiz.

22. Cloud user asset types to fetch (optional) - Select one or more user types of assets to fetch.

APIs

Axonius uses the wiz.io API.

Obtaining the Client Secret and Client ID

To obtain the Wiz URL

• Navigate to your user profile and copy the API Endpoint URL.
  
  

To obtain the Wiz Client ID and Client Secret

1. Navigate to Settings > Service Accounts .
2. Click Add Service Account.
3. Name the new service account, for example: Axonius Integration
4. If you desire, narrow the scope of this service account to specific projects.
5. Select the permission read:resources and click Add Service Account.
6. Copy the CLIENT SECRET. Note that you won't be able to copy it after this stage.
7. Copy the CLIENT ID, which is displayed under the Service Accounts page.

Required Ports

Axonius must be able to communicate with the value supplied in Wiz URL via the following ports:

• TCP port 443
  
  

Required Permissions

The value supplied in Client ID must have the following permissions:

Supported From Version

Supported from Axonius version 4.4