Wiz

Wiz is a cloud security tool that scans your cloud environments to provide complete visibility into every technology running in your cloud. You can bring virtual network, virtual machine, vulnerability and more data from Wiz into Brinqa to construct a unified view of your attack surface and strengthen your cybersecurity posture.

This document details the information you must provide for the connector to authenticate with Wiz when the data integration runs, and how to obtain that information from Wiz. See create a data integration for step-by-step instructions on setting up the integration.

Required connection settings

When setting up a data integration, select Wiz from the Connector dropdown. If you cannot find the connector in the dropdown, make sure that you have installed it first. You must provide the following information to authenticate Wiz with Brinqa:

API URL: The Wiz API endpoint URL. The default URL is https://api.<region>.app.wiz.io.
Token URL: The Wiz API authentication token URL. The URL is specific to the identity provider (IdP) for the Wiz service account. See Table 1 for more information.
OAuth audience: The audience of your OAuth token. The audience is specific to your IdP. See Table 1 for more information.
Client ID and Client secret: The credentials associated with the Wiz service account, which must have permissions to log in to the API server and return data.

The Token URL and OAuth audience values depend on the IdP you use for the Wiz service account. The following table summarizes the different values:

Table 1. Wiz token URL and audience values

IdP	Token URL	Audience
Amazon Cognito	`https://auth.app.wiz.io/oauth/token`	`wiz-api`
Auth0	`https://auth.wiz.io/oauth/token`	`beyond-api`

Obtain the client ID and client secret from Wiz

For the Wiz connector to use the Wiz API, you must provide the client ID and client secret from an active Wiz service account.

To obtain these credentials, please follow the steps in the official Wiz documentation for Brinqa integration. This guide is maintained by Wiz and outlines the process for creating the required service account and assigning appropriate permissions.

note

If you do not have the permissions to create a service account or assign permissions, contact your Wiz administrator.

The Wiz connector was developed in collaboration with Wiz and adheres to their recommended solutions. It has been certified by Wiz to ensure optimal functionality and security.

Due to limitations with GraphQL in exporting large datasets, the connector generates reports in CSV format.
The Wiz connector generates one report per asset type for Vulnerabilities, with each report prefixed by BRINQA-VULNERABILITIES-REPORT_.
It also generates one report per inventory type for Inventory, with each report prefixed by BRINQA-INVENTORY-REPORT_. This lets you easily identify and monitor said reports.
These reports are automatically deleted from Wiz based on your specified data cleanup frequency.

Additional settings

The Wiz connector contains additional options for specific configuration:

Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.
Maximum retries: The maximum number of times that the integration attempts to connect to the Wiz API before giving up and reporting a failure. The default setting is 5.
Report timeout (hours): The maximum number of hours to wait for a report to be generated before giving up and reporting a failure. The default setting is 4 hours.
Request timeout (secs): The maximum number of seconds allotted before a request will time out. The default setting is 600 seconds (10 minutes). Although it is not recommended, you can also enter zero (0) to disable timeouts.

Types of data to retrieve

The Wiz connector can retrieve the following types of data from the Wiz API:

Table 2: Data retrieved from Wiz

Category	Connector Object	Required	Maps to Data Model
Cloud Inventory	API Gateway	No	Not mapped
	Application Endpoint	No	Not mapped
	Backup Service	No	Not mapped
	Bucket	No	Not mapped
	CI/CD Service	No	Not mapped
	Cloud Log Configuration	No	Not mapped
	Compute Instance Group	No	Not mapped
	Container	Yes	Container
	Container Image	Yes	Container Image
	Container Registry	No	Not mapped
	Container Service	No	Not mapped
	Daemon Set	No	Not mapped
	Database Server	Yes	Database Instance
	Deployment	No	Not mapped
	Encryption Key	No	Not mapped
	File System Service	No	Not mapped
	Firewall	No	Not mapped
	Kubernetes Cluster	No	Not mapped
	Load Balancer	No	Not mapped
	Messaging Service	No	Not mapped
	Raw Access Policy	No	Not mapped
	Resource Group	No	Not mapped
	Secret Container	No	Not mapped
	Serverless	Yes	Serverless
	Snapshot	No	Not mapped
	Storage Account	No	Not mapped
	Subnet	No	Not mapped
	Subscription	No	Not mapped
	Virtual Machine	Yes	Host
	Virtual Machine Image	Yes	Host Image
	Virtual Network	Yes	Network Segment
	Volume	No	Not mapped
	Web Service	No	Not mapped
Configuration	Configuration Finding	No	Violation
	Control	Yes	Violation Definition
Issue	Issue	Yes	Violation
	Issue Definition	Yes	Violation Definition
Vulnerability	Vulnerability	Yes	Vulnerability
	Vulnerability Definition	Yes	Vulnerability Definition

This diagram shows how Configuration Finding, Issue and Vulnerability connector objects relate to their definitions and the inventory assets they are found in.

Figure 1: Connector object relationships

info

For detailed steps on how to view the data retrieved from Wiz in the Brinqa Platform, see How to view your data.

Attribute mappings

Expand the sections below to view the mappings between the source and the Brinqa data model attributes.

Cloud Inventory

Common Inventory Attributes

The following attributes are shared across all cloud inventory connector objects (e.g., Virtual Machine, Container, Container Image, Database Server, Serverless, Virtual Network).

Table 3: Common inventory attribute mappings

Source Field	Attribute Name
graphEntity.providerUniqueId / externalId	UID
name / graphEntity.properties.name	NAME
graphEntity.properties.name	DESCRIPTION
(generated)	CATEGORIES
status / graphEntity.properties.status	STATUS
status / graphEntity.properties.status	PROVIDER_STATUS
status / graphEntity.properties.status	SOURCE_STATUS
region / graphEntity.properties.region	REGION
cloudPlatform	CLOUD_PLATFORM
cloudProviderURL	CLOUD_PROVIDER_URL
nativeType	NATIVE_TYPE
graphEntity.providerUniqueId	PROVIDER_ID
externalId	EXTERNAL_ID
type	RESOURCE_TYPE
cloudAccount.externalId	SUBSCRIPTION_ID
cloudAccount.name	SUBSCRIPTION_NAME
projects[].id	PROJECT_IDS
projects[].name	PROJECT_NAMES
tags / graphEntity.properties.tags	TAGS
lastSeen	LAST_SEEN
createdAt / graphEntity.properties.creationDate	SOURCE_CREATED_DATE
updatedAt	SOURCE_LAST_MODIFIED
firstSeen	FIRST_SEEN
isOpenToAllInternet	OPEN_TO_ALL_INTERNET
isAccessibleFromInternet	IS_ACCESSIBLE_FROM_INTERNET
hasAdminPrivileges	HAS_ADMIN_PRIVILEGES
hasHighPrivileges	HAS_HIGH_PRIVILEGES
hasSensitiveData	HAS_SENSITIVE_DATA
hasAccessToSensitiveData	HAS_ACCESS_TO_SENSITIVE_DATA
graphEntity.properties.applicationEndpoint.validatedOpenPorts	VALIDATED_OPEN_PORTS
technology.name	TECHNOLOGY_NAME
technology.stackLayer	TECHNOLOGY_STACK_LAYER
cloudAccount.cloudProvider	CLOUD_PROVIDER
regionLocation	REGION_LOCATION
typeFields.instanceType	INSTANCE_TYPE
resourceGroup.id	RESOURCE_GROUP_ID
resourceGroup.externalId	RESOURCE_GROUP_EXTERNAL_ID

Container

Includes all Common Inventory Attributes plus:

Table 4: Container attribute mappings

Source Field	Attribute Name
graphEntity.properties.virtualMachineExternalId	HOST
graphEntity.properties.imageExternalId	IMAGE
graphEntity.properties.Runtime	RUNTIME
graphEntity.properties.kubernetes.baseExtraData.clusterExternalId	CLUSTER_EXTERNAL_ID
graphEntity.properties.kubernetes.baseExtraData.clusterName	CLUSTER_NAME
graphEntity.properties.kubernetes.namespaceExternalId	KUBERNETES_NAMESPACE_EXTERNAL_ID
graphEntity.properties.kubernetes.baseExtraData.flavour	KUBERNETES_FLAVOUR

Container Image

Includes all Common Inventory Attributes plus:

Table 5: Container Image attribute mappings

Source Field	Attribute Name
graphEntity.properties.imageTag / graphEntity.properties.registry	IMAGE
graphEntity.properties.kubernetes.baseExtraData.clusterExternalId	CLUSTER_EXTERNAL_ID
graphEntity.properties.kubernetes.baseExtraData.clusterName	CLUSTER_NAME
graphEntity.properties.repoExternalId	REPO_EXTERNAL_ID

Virtual Machine

Includes all Common Inventory Attributes plus:

Table 6: Virtual Machine attribute mappings

Source Field	Attribute Name
providerData.PublicDnsName / providerData.properties.computerName / name	HOSTNAMES
graphEntity.properties.externalId / providerData.InstanceId	INSTANCE_ID
graphEntity.properties.operatingSystem / typeFields.operatingSystem	OPERATING_SYSTEM
typeFields.ipAddresses	IP_ADDRESSES
typeFields.ipAddresses (filtered)	PRIVATE_IP_ADDRESSES
typeFields.ipAddresses (filtered)	PUBLIC_IP_ADDRESSES
providerData.PrivateDnsName	PRIVATE_DNS_NAMES
providerData.PublicDnsName	PUBLIC_DNS_NAMES
providerData (combined)	DNS_NAMES
providerData.NetworkInterfaces[].MacAddress	MAC_ADDRESSES
graphEntity.properties.image.common.providerUniqueId	IMAGE
graphEntity.properties.creationDate	FIRST_SEEN
providerData.LaunchTime / providerData.lastStartTimestamp	LAST_STARTED
providerData.lastStopTimestamp	LAST_STOPPED
providerData.Architecture	ARCHITECTURE
providerData.Monitoring.State	MONITORING
providerData.VpcId / providerData.networkInterfaces[].network	NETWORK_ID
providerData.SubnetId / providerData.networkInterfaces[].subnetwork	SUBNET_ID
providerData.StateReason	STATE_REASON
graphEntity.properties.isContainerHost	IS_CONTAINER_HOST

Virtual Machine Image

Includes all Common Inventory Attributes plus:

Table 7: Virtual Machine Image attribute mappings

Source Field	Attribute Name
graphEntity.properties.operatingSystem	OPERATING_SYSTEM
providerData.family	FAMILY
providerData.isPublic	IS_PUBLIC
providerData.ImageLocation	IMAGE_LOCATION
providerData.ImageOwnerAlias	IMAGE_OWNER
providerData.PlatformDetails	IMAGE_OS

Virtual Network

Includes all Common Inventory Attributes plus:

Table 8: Virtual Network attribute mappings

Source Field	Attribute Name
providerData.addressRanges / providerData.CidrBlock	IPV4_RANGES
providerData.isDefault / providerData.IsDefault	IS_DEFAULT
providerData.flowLogsEnabled	FLOW_LOGS_ENABLED
providerData.hasDeployedInstances	HAS_DEPLOYED_INSTANCES
providerData.addressRangeEdges	ADDRESS_RANGE_EDGES
providerData.properties.enableDdosProtection	DDOS_PROTECTION_ENABLED

Configuration

Configuration Finding

Table 9: Configuration Finding attribute mappings

Source Field	Attribute Name
finding.id	UID
finding.status	STATUS
finding.severity	SEVERITY
finding.result	RESULT
finding.rule.id	TYPE
finding.resource.id	TARGETS
finding.firstSeenAt	FIRST_SEEN
finding.remediation	RECOMMENDATION
finding.resource.name	ENTITY_NAME
finding.resource.type	ENTITY_TYPE

Control

Table 10: Control attribute mappings

Source Field	Attribute Name
rule.id	UID
rule.name	NAME
rule.description	DESCRIPTION
rule.remediationInstructions	RECOMMENDATION
(generated)	CATEGORIES

Issue

Issue

Table 11: Issue attribute mappings

Source Field	Attribute Name
issue.id	UID
issue.id	NAME
issue.status	STATUS
issue.severity	SEVERITY
issue.control.id	TYPE
issue.entitySnapshot.providerId	TARGETS
issue.createdAt	FIRST_SEEN
issue.updatedAt	LAST_SEEN
issue.control.resolutionRecommendation	RECOMMENDATION
issue.entitySnapshot.name	ENTITY_NAME
issue.entitySnapshot.nativeType	ENTITY_TYPE
issue.dueAt	DUE_AT

Issue Definition

Table 12: Issue Definition attribute mappings

Source Field	Attribute Name
control.id	UID
control.name	NAME
control.description	DESCRIPTION
control.severity	SEVERITY
control.resolutionRecommendation	RECOMMENDATION
control.type	TYPE
control.securitySubCategories[].title	SECURITY_SUB_CATEGORIES
(generated)	CATEGORIES

Vulnerability

Vulnerability

Table 13: Vulnerability attribute mappings

Source Field	Attribute Name
vulnerability.id	UID
vulnerability.name	NAME
vulnerability.status	STATUS
vulnerability.vendorSeverity	SEVERITY
vulnerability.vendorSeverity	VENDOR_SEVERITY
vulnerability.cvssSeverity	CVSS_SEVERITY
vulnerability.nvdSeverity	NVD_SEVERITY
vulnerability.firstDetectedAt	FIRST_FOUND
vulnerability.lastDetectedAt	LAST_FOUND
vulnerability.resolvedAt	LAST_FIXED
vulnerability.CVEDescription / vulnerability.name	TYPE
vulnerability.vulnerableAsset.providerId	TARGETS
vulnerability.detailedName	RESULTS
vulnerability.description	DESCRIPTION
vulnerability.score	SCORE
vulnerability.impactScore	IMPACT_SCORE
vulnerability.hasExploit	EXPLOIT_AVAILABLE
vulnerability.exploitabilityScore	EXPLOITABILITY_SCORE
vulnerability.remediation	RECOMMENDATION
vulnerability.resolutionReason	RESOLUTION_REASON
vulnerability.detectionMethod	DETECTION_METHOD
vulnerability.locationPath	LOCATION_PATH
vulnerability.vulnerableAsset.name	ENTITY_NAME
vulnerability.vulnerableAsset.type	ENTITY_TYPE
vulnerability.wizUrl	WIZ_URL
vulnerability.wideInternetAccess	WIDE_INTERNET_ACCESS
vulnerability.limitedInternetAccess	LIMITED_INTERNET_ACCESS
vulnerability.criticalRelatedIssuesCount	CRITICAL_RELATED_ISSUES_COUNT
vulnerability.highRelatedIssuesCount	HIGH_RELATED_ISSUES_COUNT
vulnerability.mediumRelatedIssuesCount	MEDIUM_RELATED_ISSUES_COUNT
vulnerability.lowRelatedIssuesCount	LOW_RELATED_ISSUES_COUNT
vulnerability.infoRelatedIssuesCount	INFO_RELATED_ISSUES_COUNT

Vulnerability Definition

Table 14: Vulnerability Definition attribute mappings

Source Field	Attribute Name
vulnerability.name	UID
vulnerability.name	NAME
vulnerability.CVEDescription / vulnerability.description	DESCRIPTION
vulnerability.vendorSeverity	SEVERITY
vulnerability.score	SCORE
vulnerability.remediation	RECOMMENDATION
vulnerability.exploitabilityScore	EXPLOITABILITY_SCORE
vulnerability.hasExploit	EXPLOIT_AVAILABLE
vulnerability.hasExploit / vulnerability.hasCisaKevExploit	EXPLOITABILITY
vulnerability.hasCisaKevExploit	CISA_EXPLOITED
vulnerability.cisaKevDueDate	CISA_DUE_DATE
vulnerability.cisaKevReleaseDate	CISA_ADDED_DATE
vulnerability.affectedSoftware	AFFECTED
vulnerability.externalId	EXTERNAL_UIDS
vulnerability.publishedAt	PUBLISHED_DATE
vulnerability.references / vulnerability.sourceUrl	REFERENCES
vulnerability.epssScore	EPSS_SCORE
vulnerability.epssPercentile	EPSS_PERCENTILE
vulnerability.nvdSeverity	NVD_SEVERITY
vulnerability.vendorSeverity	VENDOR_SEVERITY
vulnerability.cvssV2.attackComplexity	CVSS_V2_ACCESS_COMPLEXITY
vulnerability.cvssV2.attackVector	CVSS_V2_ATTACK_VECTOR
vulnerability.cvssV2.baseScore	CVSS_V2_BASE_SCORE
vulnerability.cvssV2.confidentialityImpact	CVSS_V2_CONFIDENTIALITY_IMPACT
vulnerability.cvssV2.integrityImpact	CVSS_V2_INTEGRITY_IMPACT
vulnerability.cvssV2.privilegesRequired	CVSS_V2_AUTHENTICATION
vulnerability.cvssV3.attackComplexity	CVSS_V3_ATTACK_COMPLEXITY
vulnerability.cvssV3.attackVector	CVSS_V3_ATTACK_VECTOR
vulnerability.cvssV3.confidentialityImpact	CVSS_V3_CONFIDENTIALITY_IMPACT
vulnerability.cvssV3.integrityImpact	CVSS_V3_INTEGRITY_IMPACT
vulnerability.cvssV3.privilegesRequired	CVSS_V3_PRIVILEGES_REQUIRED
vulnerability.cvssV3.userInteractionRequired	CVSS_V3_USER_INTERACTION
(generated)	CATEGORIES

Operation options

The Wiz connector supports the following operation options. See connector operation options for information about how to apply them.

Expand the sections below to view the supported operation options per connector object.

Cloud Inventory

Common Inventory Operation Options

All cloud inventory objects share the following operation options. These options filter the data retrieved from Wiz V2 Cloud Inventory Reports.

Table 15: Common inventory operation options

Connector Object	Option	All Possible Values	Description	Example
All inventory objects	subscriptionId	Any cloud subscription or account ID(s).	A comma-separated list to filter inventory objects by their cloud subscription or account ID.	Key: `subscriptionId`, Value: `sub-123,sub-456`. This key and value combination only retrieves inventory objects for subscription IDs `sub-123` and `sub-456`.
	region	Any cloud region string.	A comma-separated list to filter inventory objects by their cloud region.	Key: `region`, Value: `us-east-1,eu-west-1`. This key and value combination only retrieves inventory objects in the `us-east-1` and `eu-west-1` regions.
	cloudPlatform	AWS, Azure, GCP, OCI, Alibaba, VMware vSphere	A comma-separated list to filter inventory objects by their cloud platform.	Key: `cloudPlatform`, Value: `AWS,Azure`. This key and value combination only retrieves inventory objects for the `AWS` and `Azure` cloud platforms.
	hasAdminPrivileges	true or false	Filter inventory objects by whether the resource has admin privileges.	Key: `hasAdminPrivileges`, Value: `true`. This key and value combination only retrieves inventory objects with admin privileges.
	hasHighPrivileges	true or false	Filter inventory objects by whether the resource has high privileges.	Key: `hasHighPrivileges`, Value: `true`. This key and value combination only retrieves inventory objects with high privileges.
	hasSensitiveData	true or false	Filter inventory objects by whether the resource has sensitive data.	Key: `hasSensitiveData`, Value: `true`. This key and value combination only retrieves inventory objects with sensitive data.
	hasAccessToSensitiveData	true or false	Filter inventory objects by whether the resource has access to sensitive data.	Key: `hasAccessToSensitiveData`, Value: `true`. This key and value combination only retrieves inventory objects with access to sensitive data.
	isAccessibleFromInternet	true or false	Filter inventory objects by whether the resource is accessible from the internet.	Key: `isAccessibleFromInternet`, Value: `true`. This key and value combination only retrieves inventory objects accessible from the internet.
	isOpenToAllInternet	true or false	Filter inventory objects by whether the resource is open to all internet.	Key: `isOpenToAllInternet`, Value: `true`. This key and value combination only retrieves inventory objects open to all internet.
	hasNote	true or false	Filter inventory objects by whether the resource has associated notes.	Key: `hasNote`, Value: `true`. This key and value combination only retrieves inventory objects with notes.

Configuration

Configuration Finding

Table 16: Configuration Finding operation options

Connector Object	Option	All Possible Values	Description	Example
Configuration Finding	frameworkCategory	Any Wiz framework category ID(s).	A comma-separated list to filter configuration findings by their associated framework category.	Key: `frameworkCategory`, Value: `wct-id-4,wct-id-7`. This key and value combination only retrieves configuration findings for framework categories `wct-id-4` and `wct-id-7`.
	includeDeleted	true or false	Include or exclude deleted configuration findings in the results. Leave the value blank to indicate all findings.	Key: `includeDeleted`, Value: `false`. This key and value combination excludes deleted configuration findings from the results.
	ruleName	Any string identifying a rule name.	A comma-separated list to filter configuration findings by the specified rule names.	Key: `ruleName`, Value: `ruleName1`,`ruleName2`. This key and value combination only retrieves findings related to the `ruleName1` and `ruleName2` rules.
	resourceType	Any string identifying a resource type.	A comma-separated list to filter configuration findings by the specified resource type.	Key: `resourceType`, Value: `type1`,`type2`. This key and value combination only retrieves configuration findings for resources of type `Server`.
	result	ERROR, FAIL, NOT_ASSESSED, PASSED	A comma-separated list to filter configuration findings based on their result status. Leave the value blank to indicate all result statuses.	Key: `result`, Value: `ERROR`,`FAIL`. This key and value combination only retrieves findings with an `ERROR` or `FAIL` result status.
	severity	NONE, LOW, MEDIUM, HIGH, CRITICAL	A comma-separated list to filter configuration findings based on severity.	Key: `severity`, Value: `HIGH`,`CRITICAL`. This key and value combination only retrieves findings with a severity of `HIGH` or `CRITICAL`.
	status	OPEN, RESOLVED, REJECTED	A comma-separated list to filter configuration findings by their status.	Key: `status`, Value: `OPEN`,`REJECTED`. This key and value combination only retrieves findings that are in the `OPEN` or `REJECTED` status.

Control

Table 17: Control operation options

Connector Object	Option	All Possible Values	Description	Example
Control	frameworkCategory	Any Wiz framework category ID(s).	A comma-separated list to filter controls by their associated framework category.	Key: `frameworkCategory`, Value: `wct-id-4,wct-id-7`. This key and value combination only retrieves controls for framework categories `wct-id-4` and `wct-id-7`.
	includeDeleted	true or false	Include or exclude deleted controls in the results. Leave the value blank to indicate all controls.	Key: `includeDeleted`, Value: `false`. This key and value combination excludes deleted controls from the results.
	resourceType	Any string identifying a resource type.	A comma-separated list to filter controls by the specified resource type.	Key: `resourceType`, Value: `type1`,`type2`. This key and value combination only retrieves controls for resources of type `Server`.
	ruleName	Any string identifying a rule name.	A comma-separated list to filter controls by the specified rule names.	Key: `ruleName`, Value: `ruleName1`,`ruleName2`. This key and value combination only retrieves controls related to the `ruleName1` and `ruleName2` rules.
	result	ERROR, FAIL, NOT_ASSESSED, PASSED	A comma-separated list to filter controls based on their result status. Leave the value blank to indicate all result statuses.	Key: `result`, Value: `ERROR`,`FAIL`. This key and value combination only retrieves controls with an `ERROR` or `FAIL` result status.
	severity	NONE, LOW, MEDIUM, HIGH, CRITICAL	A comma-separated list to filter controls based on severity.	Key: `severity`, Value: `HIGH`,`CRITICAL`. This key and value combination only retrieves controls with a severity of `HIGH` or `CRITICAL`.
	status	OPEN, RESOLVED, REJECTED	A comma-separated list to filter controls by their status.	Key: `status`, Value: `OPEN`,`REJECTED`. This key and value combination only retrieves controls that are in the `OPEN` or `REJECTED` status.

Issue

Issue & Issue Definition

Table 18: Issue and Issue Definition operation options

Connector Object	Option	All Possible Values	Description	Example
Issue	type	CLOUD_CONFIGURATION, THREAT_DETECTION, TOXIC_COMBINATION	A comma-separated list of issue types. You can use this option to filter issues by their issue type, as determined by Wiz.	Key: `type` Value: `THREAT_DETECTION`,`TOXIC_COMBINATION`. This key and value combination only retrieves issues with the specified type.
Issue, Issue Definition	fetchInterval	A duration string using `d` (days), `h` (hours), or `M` (months).	The time window of data to query during synchronization. The default is `30d` (30 days).	Key: `fetchInterval`, Value: `7d`. This key and value combination retrieves data from the last 7 days.
	frameworkCategory	Any Wiz framework category ID(s).	A comma-separated list to filter issues by their associated framework category.	Key: `frameworkCategory`, Value: `wct-id-4,wct-id-7`. This key and value combination only retrieves issues for framework categories `wct-id-4` and `wct-id-7`.
	hasAutoRemediation	true or false	Filter issues with or without auto remediation.	Key: `hasAutoRemediation` Value: `true`. This key and value combination only retrieves issues with auto remediation.
	hasRemediation	true or false	Filter issues with or without remediation.	Key: `hasRemediation` Value: `false`. This key and value combination only retrieves issues without a remediation.
	hasServiceTicket	true or false	Filter issues with or without a related service ticket.	Key: `hasServiceTicket` Value: `true`. This key and value combination only retrieves issues with related service tickets.
	issueFetchThreads	Integer	The number of threads used for concurrent fetching of issue details. Default is 4.	Key: `issueFetchThreads` Value: `8`. This key and value combination uses 8 threads for fetching issue details.
	projectId	Any project ID(s).	Filter issues associated with the specified project ID. Leave the value blank to indicate all project IDs.	Key: `projectId` Value: `1234`. This key and value combination only retrieves issues for project ID `1234`.
	resolutionReason	CONTROL_CHANGED, CONTROL_DISABLED, CONTROL_DELETED, EXCEPTION, FALSE_POSITIVE, ISSUE_FIXED, OBJECT_DELETED, WONT_FIX	A comma-separated list to filter issues by resolution reason. Leave the value blank to indicate all resolution reasons.	Key: `resolutionReason` Value: `FALSE_POSITIVE`. This key and value combination only retrieves issues that are false positives.
	severity	CRITICAL, HIGH, INFORMATIONAL, LOW, MEDIUM	A comma-separated list to filter issues based on severity. Leave the value blank to indicate all severities.	Key: `severity` Value: `LOW, MEDIUM`. This key and value combination only retrieves issues of low or medium severity.
	stackLayer	APPLICATION_AND_DATA, CI_CD, CLOUD_ENTITLEMENTS, CODE, COMPUTE_PLATFORMS, DATA_STORES, SECURITY_AND_IDENTITY	A comma-separated list to filter issues from a specified stack layer. Leave the value blank to indicate all stack layers.	Key: `stackLayer` Value: ``. This key and value combination retrieves issues from all stack layers.
	status	IN_PROGRESS, OPEN, REJECTED, RESOLVED	A comma-separated list to filter issues by their status. Leave the value blank to indicate all statuses.	Key: `status` Value: `OPEN`. This key and value combination only retrieves open issues.

Vulnerability

Vulnerability

Table 19: Vulnerability operation options

Connector Object	Option	All Possible Values	Description	Example
Vulnerability	assetHasAdminPrivileges	true or false	Filter vulnerabilities for assets with or without admin privileges.	Key: `assetHasAdminPrivileges` Value: `true`. This key and value combination only retrieves vulnerabilities for assets with admin privileges.
	assetHasHighPrivileges	true or false	Filter vulnerabilities for assets with or without high privileges.	Key: `assetHasHighPrivileges`, Value: `false`. This key and value combination only retrieves vulnerabilities for assets without high privileges.
	assetId	Any Wiz asset ID(s).	A comma-separated list to filter vulnerabilities by the asset ID. Leave the value blank to indicate all asset IDs.	Key: `assetId`, Value: `1234,5678`. This key and value combination only retrieves vulnerabilities for asset IDs `1234` and `5678`.
	assetStatus	Active, Error, Inactive	A comma-separated list to filter vulnerabilities for assets with the specified status. Leave the value blank to indicate all asset statuses.	Key: `assetStatus`, Value: `Active,Error`. This key and value combination only retrieves vulnerabilities from assets with statuses `Active` and `Error`.
	assetType	VIRTUAL_MACHINE, CONTAINER, CONTAINER_IMAGE, REPOSITORY_BRANCH, SERVERLESS	A comma-separated list to filter vulnerabilities by the asset type. Leave the value blank to indicate all asset types.	Key: `assetType`, Value: `CONTAINER,SERVERLESS`. This key and value combination only retrieves vulnerabilities for the asset types `CONTAINER` and `SERVERLESS`.
	baseContainerImage	Any string identifying a base container image.	A comma-separated list to filter vulnerabilities by their base container image.	Key: `baseContainerImage`, Value: `ubuntu:latest,alpine:3.15`. This key and value combination only retrieves vulnerabilities for the base container images `ubuntu:latest` and `alpine:3.15`.
	cnaScore	Any numeric value from 0.1-10.0	Retrieve all vulnerabilities with a CVE Numbering Authority (CNA) score of the specified value or higher.	Key: `cnaScore`, Value: `7.5`. This key and value combination only retrieves vulnerabilities with a CNA score of `7.5` or higher.
	cloudPlatforms	Any string identifying a cloud platform.	A comma-separated list to filter vulnerabilities by their associated cloud platform.	Key: `cloudPlatforms`, Value: `AWS,Azure`. This key and value combination only retrieves vulnerabilities for the cloud platforms `AWS` and `Azure`.
	containerRegistry	Any name identifying a container registry.	A comma-separated list to filter vulnerabilities associated with the specified container registry.	Key: `containerRegistry`, Value: `ECR,GCR`. This key and value combination only retrieves vulnerabilities related to the container registries `ECR` and `GCR`.
	containerRepository	Any name identifying a container repository.	A comma-separated list to filter vulnerabilities associated with the specified container repository.	Key: `containerRepository`, Value: `Azure Container Repository,Docker Hub`. This key and value combination only retrieves vulnerabilities in the repositories `Azure Container Repository` and `Docker Hub`.
	containerServiceId	Any string identifying a container service ID.	A comma-separated list to filter vulnerabilities by their associated container service ID.	Key: `containerServiceId`, Value: `service-123,service-456`. This key and value combination only retrieves vulnerabilities for the container service IDs `service-123` and `service-456`.
	detailedName	Any string identifying a detailed name.	A comma-separated list to filter vulnerabilities by their detailed name.	Key: `detailedName`, Value: `Critical Vulnerability,High Risk`. This key and value combination only retrieves vulnerabilities with the detailed names `Critical Vulnerability` and `High Risk`.
	detectionMethod	DEFAULT_PACKAGE, FILE_PATH, INSTALLED_PROGRAM, INSTALLED_PROGRAM_BY_SERVICE, LIBRARY, OS, PACKAGE	A comma-separated list to filter vulnerabilities found by the specified detection method. Leave the value blank to indicate all detection methods.	Key: `detectionMethod`, Value: `FILE_PATH,PACKAGE`. This key and value combination only retrieves vulnerabilities detected through `FILE_PATH` and `PACKAGE`.
	effectiveAttackVector	Any string identifying an attack vector.	A comma-separated list to filter vulnerabilities by their effective attack vector.	Key: `effectiveAttackVector`, Value: `NETWORK,PHYSICAL`. This key and value combination only retrieves vulnerabilities with the effective attack vectors `NETWORK` and `PHYSICAL`.
	hasCisaKevExploit	true or false	Filter vulnerabilities with or without an available Cybersecurity & Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) exploit.	Key: `hasCisaKevExploit`, Value: `true`. This key and value combination only retrieves vulnerabilities with a CISA KEV exploit.
	hasExploit	true or false	Filter vulnerabilities with or without an available exploit.	Key: `hasExploit`, Value: `false`. This key and value combination only retrieves vulnerabilities without an exploit.
	hasFix	true or false	Filter vulnerabilities with or without an available fix.	Key: `hasFix`, Value: `true`. This key and value combination only retrieves vulnerabilities with a fix.
	hasTriggerableRemediation	true or false	Filter vulnerabilities by whether they have triggerable remediation.	Key: `hasTriggerableRemediation`, Value: `true`. This key and value combination only retrieves vulnerabilities with triggerable remediation.
	isAssetAccessibleFromInternet	true or false	Filter vulnerabilities for assets by whether the associated asset is accessible from the internet, as determined by Wiz.	Key: `isAssetAccessibleFromInternet`, Value: `true`. This key and value combination only retrieves vulnerabilities for assets accessible from the internet.
	isAssetOpenToAllInternet	true or false	Filter vulnerabilities for assets by whether they are publicly accessible over the internet.	Key: `isAssetOpenToAllInternet`, Value: `true`. This key and value combination only retrieves vulnerabilities for assets publicly accessible over the internet.
	isBaseLayer	true or false	Filter vulnerabilities for container images by whether they are attributed to a base image.	Key: `isBaseLayer`, Value: `false`. This key and value combination only retrieves vulnerabilities for container images not attributed to a base image.
	isEndOfLife	true or false	Filter vulnerabilities by whether the associated asset is end-of-life.	Key: `isEndOfLife`, Value: `true`. This key and value combination only retrieves vulnerabilities for end-of-life assets.
	isOperatingSystemEndOfLife	true or false	Filter vulnerabilities by whether the associated operating system is end-of-life.	Key: `isOperatingSystemEndOfLife`, Value: `true`. This key and value combination only retrieves vulnerabilities for end-of-life operating systems.
	isScannedFromRegistry	true or false	Filter vulnerabilities by whether they are scanned from a container registry.	Key: `isScannedFromRegistry`, Value: `true`. This key and value combination only retrieves vulnerabilities scanned from a container registry.
	isScannedFromWorkload	true or false	Filter vulnerabilities by whether they are scanned from a workload.	Key: `isScannedFromWorkload`, Value: `true`. This key and value combination only retrieves vulnerabilities scanned from a workload.
	nvdSeverity	NONE, LOW, MEDIUM, HIGH, CRITICAL	A comma-separated list to filter vulnerabilities by their NVD severity.	Key: `nvdSeverity`, Value: `HIGH,CRITICAL`. This key and value combination only retrieves vulnerabilities with NVD severities `HIGH` and `CRITICAL`.
	projectId	Any Wiz project ID(s).	A comma-separated list to filter vulnerabilities associated with the specified project ID(s). Leave the value blank to indicate all project IDs.	Key: `projectId`, Value: `1234,5678`. This key and value combination only retrieves vulnerabilities for project IDs `1234` and `5678`.
	relatedIssueSeverity	NONE, LOW, MEDIUM, HIGH, CRITICAL	A comma-separated list to filter vulnerabilities by the severity of related issues.	Key: `relatedIssueSeverity`, Value: `CRITICAL,HIGH`. This key and value combination only retrieves vulnerabilities with related issues of severities `CRITICAL` and `HIGH`.
	score	Any numeric value from 0.1-10.0	Retrieve all vulnerabilities with a CVSS3 (Common Vulnerability Scoring System) score of the specified value or higher.	Key: `score`, Value: `8.0`. This key and value combination only retrieves vulnerabilities with a CVSS3 score of `8.0` or higher.
	status	OPEN, REJECTED, RESOLVED	A comma-separated list to filter vulnerabilities by their status.	Key: `status`, Value: `OPEN,RESOLVED`. This key and value combination only retrieves vulnerabilities with statuses `OPEN` and `RESOLVED`.
	subscriptionExternalId	AWS Account, Azure Subscription, GCP Project, OCI Compartment	A comma-separated list to filter vulnerabilities by their associated external subscription ID.	Key: `subscriptionExternalId`, Value: `AWS Account,Azure Subscription`. This key and value combination only retrieves vulnerabilities associated with the external subscription IDs `AWS Account` and `Azure Subscription`.
	validatedInRuntime	true or false	Filter vulnerabilities by whether they have been validated in runtime.	Key: `validatedInRuntime`, Value: `true`. This key and value combination only retrieves vulnerabilities validated in runtime.
	vcsRepositoryId	Any string identifying a VCS repository ID.	A comma-separated list to filter vulnerabilities by their associated VCS repository ID.	Key: `vcsRepositoryId`, Value: `repo-123,repo-456`. This key and value combination only retrieves vulnerabilities for the VCS repository IDs `repo-123` and `repo-456`.
	vendorScore	Any numeric value from 0.1-10.0	Retrieve all vulnerabilities with a vendor score of the specified value or higher.	Key: `vendorScore`, Value: `8.0`. This key and value combination only retrieves vulnerabilities with a vendor score of `8.0` or higher.
	vendorSeverity	NONE, LOW, MEDIUM, HIGH, CRITICAL	A comma-separated list to filter vulnerabilities by their vendor severity.	Key: `vendorSeverity`, Value: `HIGH,CRITICAL`. This key and value combination only retrieves vulnerabilities with vendor severities `HIGH` and `CRITICAL`.
	vulnerabilityExternalId	Any CVE ID(s)	A comma-separated list of CVE IDs to filter vulnerabilities by their associated CVE ID.	Key: `vulnerabilityExternalId`, Value: `CVE-2023-12345,CVE-2023-44487`. This key and value combination only retrieves vulnerabilities with the CVE IDs `CVE-2023-12345` and `CVE-2023-44487`.
	vulnerabilityId	Any Wiz vulnerability ID(s).	A comma-separated list to filter vulnerabilities by their vulnerability ID.	Key: `vulnerabilityId`, Value: `vuln-123,vuln-456`. This key and value combination only retrieves vulnerabilities with the vulnerability IDs `vuln-123` and `vuln-456`.
	weightedSeverity	NONE, LOW, MEDIUM, HIGH, CRITICAL	A comma-separated list to filter vulnerabilities by their weighted severity.	Key: `weightedSeverity`, Value: `MEDIUM,HIGH`. This key and value combination only retrieves vulnerabilities with weighted severities.

Wiz operation options

The Wiz connector operation options were developed in collaboration with Wiz and adhere to their supported API filters. If you require an operation option that isn’t listed in the above tables, please refer to the Wiz API documentation, or contact your Wiz Support team. They can coordinate with Brinqa Support to determine whether the Wiz API supports the request and whether it can be added to the connector.

The option keys and possible values are case-sensitive as they are shown in this documentation.

APIs

The Wiz connector uses the Wiz API. Specifically, it executes the following GraphQL queries to retrieve data:

Table 20: Wiz API GraphQL queries

Category	Connector Object	GraphQL Query
Cloud Inventory	API Gateway	Reports GraphQL queries
	Application Endpoint	Reports GraphQL queries
	Backup Service	Reports GraphQL queries
	Bucket	Reports GraphQL queries
	CI/CD Service	Reports GraphQL queries
	Cloud Log Configuration	Reports GraphQL queries
	Compute Instance Group	Reports GraphQL queries
	Container	Reports GraphQL queries
	Container Image	Reports GraphQL queries
	Container Registry	Reports GraphQL queries
	Container Service	Reports GraphQL queries
	Daemon Set	Reports GraphQL queries
	Database Server	Reports GraphQL queries
	Deployment	Reports GraphQL queries
	Encryption Key	Reports GraphQL queries
	File System Service	Reports GraphQL queries
	Firewall	Reports GraphQL queries
	Kubernetes Cluster	Reports GraphQL queries
	Load Balancer	Reports GraphQL queries
	Messaging Service	Reports GraphQL queries
	Raw Access Policy	Reports GraphQL queries
	Resource Group	Reports GraphQL queries
	Secret Container	Reports GraphQL queries
	Serverless	Reports GraphQL queries
	Snapshot	Reports GraphQL queries
	Storage Account	Reports GraphQL queries
	Subnet	Reports GraphQL queries
	Subscription	Reports GraphQL queries
	Virtual Machine	Reports GraphQL queries
	Virtual Machine Image	Reports GraphQL queries
	Virtual Network	Reports GraphQL queries
	Volume	Reports GraphQL queries
	Web Service	Reports GraphQL queries
Configuration	Configuration Finding	Cloud Configuration Findings GraphQL queries
	Control	Cloud Configuration Findings GraphQL queries
Issue	Issue	Issue GraphQL queries
	Issue Definition	Issue GraphQL queries
Vulnerability	Vulnerability	Reports GraphQL queries
	Vulnerability Definition	Vulnerability Definition GraphQL query

Cloud Configuration Finding queries

Click to expand

The following query retrieves information about cloud configuration findings:

query CloudConfigurationFindingsPage($filterBy: ConfigurationFindingFilters, $first: Int, $after: String, $orderBy: ConfigurationFindingOrder) {  
  page: configurationFindings(filterBy: $filterBy, first: $first, after: $after, orderBy: $orderBy) {  
    nodes {  
      id  
      targetExternalId  
      deleted  
      targetObjectProviderUniqueId  
      firstSeenAt  
      severity  
      result  
      status  
      remediation  
      resource {  
        id  
        providerId  
        name  
        nativeType  
        type  
        region  
        subscription {  
          id  
          name  
          externalId  
          cloudProvider  
        }  
        projects {  
          id  
          name  
          riskProfile {  
            businessImpact  
          }  
        }  
        tags {  
          key  
          value  
        }  
      }  
      rule {  
        id  
        graphId  
        name  
        description  
        remediationInstructions  
        functionAsControl  
      }  
      securitySubCategories {  
        id  
        title  
        category {  
          id  
          name  
          framework {  
            id  
            name  
          }  
        }  
      }  
      ignoreRules {  
        id  
        name  
        enabled  
        expiredAt  
      }  
    }  
    pageInfo {  
      hasNextPage  
      endCursor  
    }  
  }  
}

Issue GraphQL queries

Click to expand

The following query retrieves information about issue and issue definition:

query issueFindings($filterBy: IssueFilters, $first: Int, $after: String $orderBy: IssueOrder) {  
  page: issuesV2(filterBy: $filterBy, first: $first, after: $after, orderBy: $orderBy) {  
    nodes {  
      id  
      status  
      severity  
      type  
      openReason  
      resolutionReason  
      suggestions  
      resolvedAt  
      createdAt  
      updatedAt  
      dueAt  
      statusChangedAt  
      rejectionExpiredAt  
      sourceRule {  
        __typename  
        ... on Control {  
          id  
          name  
          description  
          severity  
          resolutionRecommendation  
          securitySubCategories {  
            id  
            title  
            category {  
              id  
              name  
              framework {  
                id  
                name  
              }  
            }  
          }  
        }  
        ... on CloudEventRule {  
          id  
          name  
          description  
          sourceType  
          type  
          cloudEventRuleSeverity: severity  
          securitySubCategories {  
            id  
            title  
            category {  
              id  
              name  
              framework {  
                id  
                name  
              }  
            }  
          }  
        }  
        ... on CloudConfigurationRule {  
          id  
          name  
          description  
          remediationInstructions  
          serviceType  
          severity  
          securitySubCategories {  
            id  
            title  
            category {  
              id  
              name  
              framework {  
                id  
                name  
              }  
            }  
          }  
        }  
      }  
      entity: entitySnapshot {  
        id  
        type  
        nativeType  
        name  
        status  
        cloudPlatform  
        cloudProviderURL  
        providerId  
        region  
        resourceGroupExternalId  
        subscriptionExternalId  
        subscriptionName  
        subscriptionTags  
        tags  
        externalId  
      }  
      projects {  
        id  
        name  
        description  
        slug  
        businessUnit  
        riskProfile {  
          businessImpact  
        }  
      }  
      serviceTickets {  
        id  
        externalId  
        name  
        url  
      }  
      notes {  
        id  
        createdAt  
        updatedAt  
        text  
        user {  
          id  
          name  
          email  
        }  
        serviceAccount {  
          id  
          name  
          type  
        }  
      }  
    }  
    pageInfo {  
      hasNextPage  
      endCursor  
    }  
  }  
}

Reports GraphQL queries

Click to expand

The following queries retrieve data for cloud inventory and vulnerability connector objects from the reports endpoint. The rest of the queries create a report and generate the URL to download the report:

query ReportsSearch($filterBy: ReportFilters, $first: Int, $after: String) {
  page: reports(first: $first, after: $after, filterBy: $filterBy) {
    nodes {
      id
      name
      createdBy {
        id
        email
      }
      lastRun {
        id
        runAt
      }
      lastSuccessfulRun {
        id
        runAt
      }
      type {
        id
        name
      }
    }
    pageInfo {
      hasNextPage
      endCursor
    }
  }
}

mutation CreateReport($input: CreateReportInput!) { 
  operation: createReport(input: $input) { 
    node: report { 
      id 
    } 
  } 
} 

mutation RerunReport($reportId: ID!) { 
  operation: rerunReport(input: {id: $reportId}) { 
    node: report { 
      id 
    } 
  } 
}

query ReportDownloadUrl($reportId: ID!) { 
  node: report(id: $reportId) { 
    id
    name 
    lastRun { 
      id 
      url 
      status 
    } 
  } 
}

Vulnerability Definition GraphQL query

Click to expand

The following query retrieves information about vulnerability definition:

query VulnerabilityDefinitions($filterBy: VulnerabilityFilters, $first: Int, $after: String) { 
  page: vulnerabilities(filterBy: $filterBy, first: $first, after: $after) { 
    nodes { 
      affectedTechnologies { 
        id 
        name 
      } 
      baseScore 
      cisaKevDueDate 
      cisaKevReleaseDate 
      cvssv2 { 
        attackComplexity 
        attackVector 
        confidentialityImpact 
        integrityImpact 
        privilegesRequired 
        userInteractionRequired 
      } 
      cvssv3 { 
        attackComplexity 
        attackVector 
        confidentialityImpact 
        integrityImpact 
        privilegesRequired 
        userInteractionRequired 
      } 
      description 
      exploitabilityScore 
      exploitable 
      externalId 
      hasCisaKevExploit 
      id 
      name 
      publishedAt 
      severity 
      sourceFeeds { 
        id 
        name 
        url 
      } 
      sourceUrl    
    }
    pageInfo { 
      endCursor 
      hasNextPage 
    } 
    totalCount 
  } 
} 

Changelog

The Wiz connector has undergone the following changes:

Table 21: Wiz connector changelog

Version	Description	Date Published
3.4.2	- Split vulnerability sync by severity to improve report generation reliability. - Added a new operation option, `fetchInterval`, for the Issue and Issue Definition objects to control the time window of data queried. - Added the TECHNOLOGY_NAME, TECHNOLOGY_STACK_LAYER, CLOUD_PROVIDER, REGION_LOCATION, INSTANCE_TYPE, RESOURCE_GROUP_ID, and RESOURCE_GROUP_EXTERNAL_ID attributes to all inventory objects. - Added the SOURCE_LAST_MODIFIED and FIRST_SEEN attributes to all inventory objects.	March 5th, 2026
3.4.1	- Added a new additional setting to make the request timeout configurable: Request timeout (secs). - Added a new operation option for the Issue and Issue Definition objects to configure the number of threads for concurrent fetching: `issueFetchThreads`.	February 2nd, 2026
3.4.0	- Switched Issue and Issue Definition object synchronization from GraphQL to reports for improved reliability and performance. - Integrated with the Wiz Cloud Resource V2 API endpoint for retrieving inventory data. - Added the HAS_ACCESS_TO_SENSITIVE_DATA, HAS_ADMIN_PRIVILEGES, HAS_HIGH_PRIVILEGES, and HAS_SENSITIVE_DATA attributes to all inventory objects (e.g., Virtual Machine, Container, Container Image). - Updated vulnerability report naming to ensure uniqueness when multiple integrations use different operation options.	January 5th, 2026
3.3.16	The connector now retrieves the Application Endpoint object from Wiz.	December 3rd, 2025
3.3.15	Added the SOURCE_STATUS attribute in all asset type objects.	October 9th, 2025
3.3.14	Added a new additional setting to make the report timeout configurable: Report timeout	July 31st, 2025
3.3.13	Added the ENTITY_EXTERNAL_ID, ENTITY_ID, ENTITY_NAME, ENTITY_STATUS, ENTITY_TYPE, SUBSCRIPTION_EXTERNAL_ID, and SUBSCRIPTION_ID attributes to the Issue object.	July 30th, 2025
3.3.12	Added the ASSET_HAS_LIMITED_INTERNET_EXPOSURE and ASSET_HAS_WIDE_INTERNET_EXPOSURE attributes to the Vulnerability object.	June 11th, 2025
3.3.11	- Fixed an issue where dates were appearing in the future due to the date parser not handling nanoseconds correctly. As a result, the date parser has been updated to accurately reflect the source data from Wiz. - Added the NAMESPACE_EXTERNAL_ID attribute to the Container object. - Code cleanup and general maintenance.	May 20th, 2025
3.3.8	Updated the schema to include the CLUSTER_EXTERNAL_ID and CLUSTER_NAME attributes on the Container object. This change ensures that the attributes are recognized by the Brinqa Platform and properly ingested.	April 29th, 2025
3.3.7	- Added the ADDITIONAL_IDS attribute to the API Gateway object. - Added the CLUSTER_EXTERNAL_ID and CLUSTER_NAME attributes to the Container object to support Kubernetes context.	April 16th, 2025
3.3.6	- Added a new operation option for the Issue object to filter by issue type: `type`. - Added the CATEGORIES attribute to the Issue object. - Added support for ticketing information from Wiz to help prevent duplicate ticket creation and improve issue tracking. As a result, the following attributes were added to the Issue object: TICKET_EXTERNAL_ID TICKET_ID TICKET_NAME TICKET_URL	March 11th, 2025
3.3.5	Fixed an issue where the TARGETS attribute on the Vulnerability object included empty string values. The connector now prevents empty values from being added to the targets list.	February 19th, 2025
3.3.4	Fixed an issue where configuration findings were not correctly associating with assets. The connector now imports RESOURCE_EXTERNAL_ID and RESOURCE_PROVIDER_ID on the Configuration Finding object to establish proper relationships between findings and their associated assets.	February 12th, 2025
3.3.3	Fixed an issue where the connector was incorrectly mapping IP addresses and private DNS names to both the IP_ADDRESSES and PRIVATE_IP_ADDRESSES attributes on the Virtual Machine object. The connector now properly distinguishes between these attributes.	February 6th, 2025
3.3.2	- The Configuration Finding object is no longer required and now maps to Violation. - Added the RECOMMENDATION, TARGETS, and TYPE attributes to the Configuration Finding object.	January 15th, 2025
3.3.1	The connector now retrieves the Configuration Finding object from Wiz.	January 7th, 2025
3.3.0	Replaced the deprecated `vulnerabilityParams.type` attribute on the Vulnerability object with `columnSelection` to support Wiz's updated export behavior. This improves CSV parsing by no longer relying on the `Content-Length` header, which may be `0` even when data is present.	December 24th, 2024
3.2.6	The connector now retrieves the Secret Container object from Wiz.	December 6th, 2024
3.2.5	Fixed an issue where attributes from Wiz were not being mapped correctly to the Host data model. To support out-of-the-box relationships between Hosts and Container Images, the connector now maps the EXTERNAL_ID attribute to the SOURCE_UIDS attribute.	December 3rd, 2024
3.2.4	Added the NAME attribute to the Vulnerability Definition object.	November 14th, 2024
3.2.3	Code cleanup and general maintenance to help improve error handling.	November 13th, 2024
3.2.2	Fixed an issue where the Issue and Issue Definition object syncs were failing.	November 13th, 2024
3.2.1	Fixed an issue where the Resource Group and Storage Account object syncs were failing due to an "Empty header line: cannot bind data" error.	November 11th, 2024
3.2.0	Enhanced the Vulnerability object sync process to improve efficiency by using regular reports with the `updateAt` date filter, as recommended by Wiz. The Wiz connector now retrieves all vulnerabilities with detection support via the GraphQL API, rather than creating vulnerability definitions from vulnerability data.	November 1st, 2024
3.1.18	Code cleanup and maintenance.	October 2nd, 2024
3.1.17	- Fixed an issue where the Issue and Issue Definition object syncs were failing. - Added the SOURCE_SEVERITY_SCORE attribute to the Vulnerability object. - Code cleanup and maintenance.	October 2nd, 2024
3.1.16	- Added remediation instructions to the Issue Definition object. - Addressed a potential NullPointerException (NPE) on the Issue object.	September 25th, 2024
3.1.15	Enhanced the method for retrieving vulnerability status by splitting "New" from "Active" status. The Wiz connector now uses the FIRST_SEEN_AT filter for "New" vulnerabilities and the UPDATED_AT filter for "Active" vulnerabilities to ensure more accurate reporting.	July 22nd, 2024
3.1.14	Added the IS_CONTAINER_HOST attribute to the Virtual Machine object.	June 14th, 2024
3.1.13	Code cleanup and general maintenance.	May 21st, 2024
3.1.12	Fixed an issue where the CVSS_V2_BASE_SCORE and CVSS_V3_BASE_SCORE attributes on the Vulnerability Definition object were not populating.	April 11th, 2024
3.1.11	Revised the logic of getting asset type information from the source data.	February 22nd, 2024
3.1.10	- Updated to fetch `vmId` as the Instance ID for Azure assets. - Switched the order of adding attributes to allow native or specific attributes to take higher precedence. - Updated dependencies.	February 5th, 2024
3.1.9	- Fixed an issue where an `Empty header line` error occurred when reports returned by Wiz were empty. - Fixed an issue related to the `Missing 1 header column: ["uid"]` error.	January 30th, 2024
3.1.8	Added a new additional setting to help manage API throttling: Maximum retries	October 28th, 2023
3.1.7	- Updated to the new Wiz logo. - Enhanced handling for missing UID in objects retrieved from Wiz.	September 19th, 2023
3.1.6	Code cleanup and general maintenance.	September 14th, 2023
3.1.5	Code cleanup and general maintenance.	September 7th, 2023
3.1.4	- The connector now retrieves the image name for Container Image objects. - The connector now maps the provider ID to the TARGETS attribute on the Issue object.	July 26th, 2023
3.1.3	Code cleanup and general maintenance.	July 21st, 2023
3.1.2	Fixed an issue where Targets were not being received for Vulnerabilities with Container Image assets.	July 10th, 2023
3.1.1	The connector now retrieves the Database Server, Issue, and Issue Definition objects from Wiz.	June 15th, 2023
3.1.0	Initial Integration+ release.	June 14th, 2023

Required connection settings​

Obtain the client ID and client secret from Wiz​

Additional settings​

Types of data to retrieve​

Attribute mappings​

Cloud Inventory​

Configuration​

Issue​

Vulnerability​

Operation options​

Cloud Inventory​

Configuration​

Issue​

Vulnerability​

APIs​

Cloud Configuration Finding queries​

Issue GraphQL queries​

Reports GraphQL queries​

Vulnerability Definition GraphQL query​

Changelog​

Required connection settings

Obtain the client ID and client secret from Wiz

Additional settings

Types of data to retrieve

Attribute mappings

Cloud Inventory

Configuration

Issue

Vulnerability

Operation options

Cloud Inventory

Configuration

Issue

Vulnerability

APIs

Cloud Configuration Finding queries

Issue GraphQL queries

Reports GraphQL queries

Vulnerability Definition GraphQL query

Changelog