Wiz
Wiz is a cloud security tool that scans your cloud environments to provide complete visibility into every technology running in your cloud. You can bring virtual network, virtual machine, vulnerability and more data from Wiz into Brinqa to construct a unified view of your attack surface and strengthen your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with Wiz when the data integration runs, and how to obtain that information from Wiz. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Wiz from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate Wiz with Brinqa:
-
API URL: The Wiz API endpoint URL. The default URL is
https://api.<region>.app.wiz.io
. -
Token URL: The Wiz API authentication token URL. The URL is specific to the identity provider (IdP) for the Wiz service account. See Table 1 for more information.
-
OAuth audience: The audience of your OAuth token. The audience is specific to your IdP. See Table 1 for more information.
-
Client ID and Client secret: The credentials associated with the Wiz service account, which must have permissions to log in to the API server and return data.
The Token URL and OAuth audience values depend on the IdP you use for the Wiz service account. The following table summarizes the different values:
Table 1. Wiz token URL and audience values
IdP | Token URL | Audience |
---|---|---|
Amazon Cognito | https://auth.app.wiz.io/oauth/token | wiz-api |
Auth0 | https://auth.wiz.io/oauth/token | beyond-api |
Obtain the client ID and client secret from Wiz
For the Wiz connector to use the Wiz API, you must provide the client ID and client secret from an active Wiz service account.
To obtain these credentials, please follow the steps in the official Wiz documentation for Brinqa integration. This guide is maintained by Wiz and outlines the process for creating the required service account and assigning appropriate permissions.
If you do not have the permissions to create a service account or assign permissions, contact your Wiz administrator.
The Wiz connector was developed in collaboration with Wiz and adheres to their recommended solutions. It has been certified by Wiz to ensure optimal functionality and security.
- Due to limitations with GraphQL in exporting large datasets, the connector generates reports in CSV format.
- The Wiz connector generates one report per asset type for Vulnerabilities, with each report prefixed by
BRINQA-VULNERABILITIES-REPORT_
. - It also generates one report per inventory type for Inventory, with each report prefixed by
BRINQA-INVENTORY-REPORT_
. This lets you easily identify and monitor said reports. - These reports are automatically deleted from Wiz based on your specified data cleanup frequency.
Additional settings
The Wiz connector contains additional options for specific configuration:
-
Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.
-
Maximum retries: The maximum number of times that the integration attempts to connect to the Wiz API before giving up and reporting a failure. The default setting is 5.
-
Report timeout (hours): The maximum number of hours to wait for a report to be generated before giving up and reporting a failure. The default setting is 4 hours.
Types of data to retrieve
The Wiz connector can retrieve the following types of data from the Wiz API:
Table 2: Data retrieved from Wiz
Connector Object | Required | Maps to Data Model |
---|---|---|
API Gateway | No | Not mapped |
Backup Service | No | Not mapped |
Bucket | No | Not mapped |
CI/CD Service | No | Not mapped |
Compute Instance Group | No | Not mapped |
Configuration Finding | No | Violation |
Container | Yes | Container |
Container Image | Yes | Container Image |
Container Registry | No | Not mapped |
Container Service | No | Not mapped |
Control | Yes | Violation Definition |
Daemon Set | No | Not mapped |
Database Server | Yes | Database Instance |
Deployment | No | Not mapped |
Encryption Key | No | Not mapped |
File System Service | No | Not mapped |
Firewall | No | Not mapped |
Issue | Yes | Violation |
Issue Definition | Yes | Violation Definition |
Kubernetes Cluster | No | Not mapped |
Raw Access Policy | No | Not mapped |
Resource Group | No | Not mapped |
Secret Container | No | Not mapped |
Serverless | Yes | Serverless |
Storage Account | No | Not mapped |
Subnet | No | Not mapped |
Subscription | No | Not mapped |
Virtual Machine | Yes | Host |
Virtual Machine Image | Yes | Host Image |
Virtual Network | Yes | Network Segment |
Volume | No | Not mapped |
Vulnerability | Yes | Vulnerability |
Vulnerability Definition | Yes | Vulnerability Definition |
Web Service | No | Not mapped |
For detailed steps on how to view the data retrieved from Wiz in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
Configuration Finding
Table 3: Configuration Finding attribute mappings
Source Field Name | Maps to Attribute |
---|---|
firstSeenAt | firstSeen |
id | uid |
remediation | recommendation |
resource.id | targets |
resource.name | Local variable |
resource.type | Local variable |
result | results |
rule | type |
severity | severity |
status | status |
Container
Table 4: Container attribute mappings
Source Field Name | Maps to Attribute |
---|---|
Cloud Native JSON.tags | tags |
Cloud Platform | Local variable |
Description | description |
External ID | Local variable |
Last Seen | lastSeen |
Name | Local variable |
Native Type | Local variable |
Projects | Local variable |
Provider ID | Local variable |
Provider ID/External ID | uid |
name | name |
categories | categories |
Region | region |
Resource Type | Local variable |
Subscription | Local variable |
Subscription ID | Local variable |
Wiz JSON Object.Runtime | Local variable |
Wiz JSON Object.applicationEndpoint.openToAllInternet | Local variable |
Wiz JSON Object.applicationEndpoint.validatedOpenPorts | Local variable |
Wiz JSON Object.common.creationDate | sourceCreatedDate |
Wiz JSON Object.common.status | providerStatus |
Wiz JSON Object.common.status | status |
Wiz JSON Object.imageExternalId | image |
Wiz JSON Object.kubernetes.baseExtraData.clusterExternalId | Local variable |
Wiz JSON Object.kubernetes.baseExtraData.clusterName | Local variable |
Wiz JSON Object.virtualMachineExternalId | host |
Container Image
Table 5: Container Image attribute mappings
Source Field Name | Maps to Attribute |
---|---|
Categories | categories |
Cloud Native JSON.tags | tags |
Cloud Platform | Local variable |
Description | description |
External ID | Local variable |
Last Seen | Local variable |
Name | name |
Native Type | Local variable |
Projects | Local variable |
Provider ID | Local variable |
Provider ID/External ID | uid |
Region | region |
Resource Type | Local variable |
Subscription | Local variable |
Subscription ID | Local variable |
Wiz JSON Object.applicationEndpoint.openToAllInternet | Local variable |
Wiz JSON Object.applicationEndpoint.validatedOpenPorts | Local variable |
Wiz JSON Object.common.creationDate | sourceCreatedDate |
Wiz JSON Object.common.status | providerStatus |
Wiz JSON Object.common.status (normalized) | status |
Wiz JSON Object.digest | digest |
Wiz JSON Object.encrypted | Local variable |
Wiz JSON Object.repoExternalId | Local variable |
Control
Table 6: Control attribute mappings
Source Field Name | Maps to Attribute |
---|---|
description | description |
id | uid |
name | name |
remediationInstructions | recommendation |
Issue
Table 7: Issue attribute mappings
Source Field Name | Maps to Attribute |
---|---|
CREATED_AT | firstFound |
CREATED_AT | sourceCreatedDate |
DUE_AT | Local variable |
ENTITY.EXTERNAL_ID | Local variable |
ENTITY.ID | Local variable |
ENTITY.NAME | Local variable |
ENTITY.STATUS | Local variable |
ENTITY.TYPE | Local variable |
ENTITY.UID | targets |
ID | uid |
NOTES.TEXT | Local variable |
RESOLVED_AT | lastFixed |
RESOLUTION_REASON | Local variable |
SEVERITY | severity, severityScore, sourceSeverity |
SEVERITY | severityScore |
SEVERITY | sourceSeverity |
SERVICE_TICKETS.EXTERNAL_ID | Local variable |
SERVICE_TICKETS.ID | Local variable |
SERVICE_TICKETS.NAME | Local variable |
SERVICE_TICKETS.URL | Local variable |
SOURCE_RULES.ID | type |
STATUS | providerStatus, sourceStatus, status, statusCategory |
SUBSCRIPTION.EXTERNAL_ID | Local variable |
SUBSCRIPTION.ID | Local variable |
TYPE | categories |
UPDATED_AT | sourceLastModified |
Issue Definition
Table 8: Issue Definition attribute mappings
Source Field Name | Maps to Attribute |
---|---|
ISSUE.SOURCERULE.DESCRIPTION | description |
ISSUE.SOURCERULE.ID | uid |
ISSUE.SOURCERULE.NAME | name |
ISSUE.SOURCERULE.NAME | summary |
ISSUE.SOURCERULE.REMEDIATIONINSTRUCTIONS | recommendation |
ISSUE.SOURCERULE.RESOLUTIONRECOMMENDATION | recommendation |
ISSUE.SOURCERULE.RESOLUTIONRECOMMENDATIONPLAINTEXT | recommendation |
ISSUE.SOURCERULE.RISKS | Local variable |
ISSUE.SOURCERULE.SECURITYSUBCATEGORIES.DISPLAYNAME | categories |
ISSUE.SOURCERULE.SEVERITY | severity, severityScore, sourceSeverity |
ISSUE.SOURCERULE.THREATS | Local variable |
ISSUE.SOURCERULE.TYPE | Local variable |
Virtual Machine
Table 9: Virtual Machine attribute mappings
Source Field Name | Maps to Attribute |
---|---|
Categories | categories |
Cloud Native JSON.Architecture | Local variable |
Cloud Native JSON.ImageId | image |
Cloud Native JSON.InstanceId | instanceId |
Cloud Native JSON.InstanceType | Local variable |
Cloud Native JSON.Monitoring.State | Local variable |
Cloud Native JSON.NetworkInterfaces.MacAddress | macAddresses |
Cloud Native JSON.PrivateDnsName | dnsNames |
Cloud Native JSON.PrivateDnsName | privateDnsNames |
Cloud Native JSON.PrivateIpAddress | ipAddresses |
Cloud Native JSON.PrivateIpAddress | privateIpAddresses |
Cloud Native JSON.PublicDnsName | hostnames |
Cloud Native JSON.PublicDnsName | publicDnsNames |
Cloud Native JSON.PublicIpAddress | ipAddresses |
Cloud Native JSON.PublicIpAddress | publicIpAddresses |
Cloud Native JSON.StateReason | Local variable |
Cloud Native JSON.Subscription | Local variable |
Cloud Native JSON.Subscription ID | Local variable |
Cloud Native JSON.lastStartTimestamp | lastStarted |
Cloud Native JSON.lastStopTimestamp | lastStopped |
Cloud Native JSON.name | Local variable |
Cloud Native JSON.networkInterfaces.network | Local variable |
Cloud Native JSON.networkInterfaces.subnetwork | Local variable |
Cloud Native JSON.project | Local variable |
Cloud Native JSON.providerId | Local variable |
Cloud Native JSON.tags | tags |
Cloud Platform | Local variable |
Description | description |
External ID | Local variable |
Last Seen | Local variable |
Name | name |
Native Type | Local variable |
Projects | Local variable |
Provider ID | Local variable |
Provider ID/External ID | uid |
Region | region |
Resource Type | Local variable |
Subscription | Local variable |
Subscription ID | Local variable |
Wiz JSON Object.Runtime | Local variable |
Wiz JSON Object.applicationEndpoint.openToAllInternet | Local variable |
Wiz JSON Object.applicationEndpoint.validatedOpenPorts | Local variable |
Wiz JSON Object.common.creationDate | firstSeen |
Wiz JSON Object.common.creationDate | sourceCreatedDate |
Wiz JSON Object.common.status | providerStatus |
Wiz JSON Object.common.status | status |
Wiz JSON Object.imageExternalId | image |
Wiz JSON Object.isContainerHost | Local variable |
Wiz JSON Object.operatingSystem | operatingSystem |
Virtual Machine Image
Table 10: Virtual Machine Image attribute mappings
Source Field Name | Maps to Attribute |
---|---|
Categories | categories |
Cloud Native JSON.tags | tags |
Cloud Platform | Local variable |
Description | description |
External ID | Local variable |
Last Seen | Local variable |
Name | name |
Native Type | Local variable |
Projects | Local variable |
Provider ID | Local variable |
Provider ID/External ID | uid |
Region | region |
Resource Type | Local variable |
Subscription | Local variable |
Subscription ID | Local variable |
Wiz JSON Object.ImageLocation | Local variable |
Wiz JSON Object.ImageOwnerAlias | Local variable |
Wiz JSON Object.PlatformDetails | Local variable |
Wiz JSON Object.applicationEndpoint.openToAllInternet | Local variable |
Wiz JSON Object.applicationEndpoint.validatedOpenPorts | Local variable |
Wiz JSON Object.common.creationDate | sourceCreatedDate |
Wiz JSON Object.common.status | providerStatus |
Wiz JSON Object.common.status | status |
Wiz JSON Object.family | Local variable |
Wiz JSON Object.is_public | Local variable |
Virtual Network
Table 11: Virtual Network attribute mappings
Source Field Name | Maps to Attribute |
---|---|
Categories | categories |
Cloud Native JSON.addressSpace.addressPrefixes | Local variable |
Cloud Native JSON.enableDdosProtection | Local variable |
Cloud Native JSON.tags | tags |
Cloud Platform | Local variable |
Description | description |
External ID | Local variable |
Last Seen | Local variable |
Name | name |
Native Type | Local variable |
Projects | Local variable |
Provider ID | Local variable |
Provider ID/External ID | uid |
Region | region |
Resource Type | Local variable |
Subscription | Local variable |
Subscription ID | Local variable |
Wiz JSON Object.addressRangeEdges | Local variable |
Wiz JSON Object.addressRanges | ipv4Ranges |
Wiz JSON Object.applicationEndpoint.openToAllInternet | Local variable |
Wiz JSON Object.applicationEndpoint.validatedOpenPorts | Local variable |
Wiz JSON Object.common.creationDate | sourceCreatedDate |
Wiz JSON Object.common.status | providerStatus |
Wiz JSON Object.common.status | status |
Wiz JSON Object.flowLogsEnabled | Local variable |
Wiz JSON Object.hasDeployedInstances | Local variable |
Wiz JSON Object.isDefault | Local variable |
Vulnerability
Table 12: Vulnerability attribute mappings
Source Field Name | Maps to Attribute |
---|---|
ASSETID | targets |
ASSETNAME | Local variable |
CRITICALRELATEDISSUESCOUNT | Local variable |
CVSSSEVERITY | Local variable |
DETAILEDNAME | results |
DETECTIONMETHOD | Local variable |
DESCRIPTION | description |
EXPLOITABILITYSCORE | Local variable |
FINDINGSTATUS | providerStatus, sourceStatus, status, statusCategory |
FIRSTDETECTED | firstFound |
FIXEDVERSION | Local variable |
HIGHRELATEDISSUESCOUNT | Local variable |
ID | uid |
IMPACTSCORE | Local variable |
INFORELATEDISSUESCOUNT | Local variable |
LASTDETECTED | lastFound |
LOCATIONPATH | locationPath |
LOWRELATEDISSUESCOUNT | Local variable |
MEDIUMRELATEDISSUESCOUNT | Local variable |
NAME | name |
NAME | type |
NVDSEVERITY | Local variable |
PROVIDERUNIQUEID | Local variable |
REMEDIATION | recommendation |
RESOLUTIONREASON | Local variable |
RESOLVEDAT | lastFixed |
SCORE | sourceSeverityScore |
SEVERITY | severity, severityScore, sourceSeverity |
TYPE | categories |
VERSION | Local variable |
VENDORSEVERITY | Local variable |
WIZURL | Local variable |
Vulnerability Definition
Table 13: Vulnerability Definition attribute mappings
Source Field Name | Maps to Attribute |
---|---|
AFFECTEDSOFTWARE | affected |
CATEGORIES | categories |
CISAKEVDUEDATE | cisaDueDate |
CISAKEVRELEASEDATE | cisaAddedDate |
CVSSV2.ATTACKCOMPLEXITY | cvssV2AccessComplexity |
CVSSV2.ATTACKVECTOR | cvssV2AttackVector |
CVSSV2.BASESCORE | cvssV2BaseScore |
CVSSV2.CONFIDENTIALITYIMPACT | cvssV2ConfidentialityImpact |
CVSSV2.INTEGRITYIMPACT | cvssV2IntegrityImpact |
CVSSV2.PRIVILEGESREQUIRED | cvssV2Authentication |
CVSSV3.ATTACKCOMPLEXITY | cvssV3AttackComplexity |
CVSSV3.ATTACKVECTOR | cvssV3AttackVector |
CVSSV3.CONFIDENTIALITYIMPACT | cvssV3ConfidentialityImpact |
CVSSV3.INTEGRITYIMPACT | cvssV3IntegrityImpact |
CVSSV3.PRIVILEGESREQUIRED | cvssV3PrivilegesRequired |
CVSSV3.USERINTERACTIONREQUIRED | cvssV3UserInteraction |
DESCRIPTION | description |
EPSSPERCENTILE | epssPercentile |
EPSSSEVERITY | Local variable |
EPSSSCORE | epssScore |
EXPLOITABILITY/HASCISAKEVEXPLOIT | exploitability |
EXPLOITABILITYSCORE | Local variable |
EXTERNALID | externalUids |
HASHCISAKEVEXPLOIT | cisaExploited |
HIGHPROFILETHREAT | Local variable |
ISHIGHPROFILETHREAT | Local variable |
NAME | cveIds, cveRecords, name, uid |
NVDSEVERITY | Local variable |
PUBLISHEDAT | publishedDate |
RECOMMENDATION | recommendation |
REFERENCES | references |
SEVERITY | severity, severityScore, sourceSeverity |
SOURCEURL | references |
VENDORSEVERITY | Local variable |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
Operation options
The Wiz connector supports the following operation options. See connector operation options for information about how to apply them.
Expand the sections below to view the supported operation options per connector object.
Configuration Finding
Table 14: Configuration Finding operation options
Connector Object | Option | All Possible Values | Description | Example |
---|---|---|---|---|
Configuration Finding | frameworkCategory | Any Wiz framework category ID(s). | A comma-separated list to filter configuration findings by their associated framework category. | Key: frameworkCategory ,Value: wct-id-4,wct-id-7 .This key and value combination only retrieves configuration findings for framework categories wct-id-4 and wct-id-7 . |
includeDeleted | true or false | Include or exclude deleted configuration findings in the results. Leave the value blank to indicate all findings. | Key: includeDeleted ,Value: false .This key and value combination excludes deleted configuration findings from the results. | |
ruleName | Any string identifying a rule name. | A comma-separated list to filter configuration findings by the specified rule names. | Key: ruleName ,Value: ruleName1 ,ruleName2 .This key and value combination only retrieves findings related to the ruleName1 and ruleName2 rules. | |
resourceType | Any string identifying a resource type. | A comma-separated list to filter configuration findings by the specified resource type. | Key: resourceType ,Value: type1 ,type2 .This key and value combination only retrieves configuration findings for resources of type Server . | |
result | ERROR, FAIL, NOT_ASSESSED, PASSED | A comma-separated list to filter configuration findings based on their result status. Leave the value blank to indicate all result statuses. | Key: result ,Value: ERROR ,FAIL .This key and value combination only retrieves findings with an ERROR or FAIL result status. | |
severity | NONE, LOW, MEDIUM, HIGH, CRITICAL | A comma-separated list to filter configuration findings based on severity. | Key: severity ,Value: HIGH ,CRITICAL .This key and value combination only retrieves findings with a severity of HIGH or CRITICAL . | |
status | OPEN, RESOLVED, REJECTED | A comma-separated list to filter configuration findings by their status. | Key: status ,Value: OPEN ,REJECTED .This key and value combination only retrieves findings that are in the OPEN or REJECTED status. |
Control
Table 15: Control operation options
Connector Object | Option | All Possible Values | Description | Example |
---|---|---|---|---|
Control | frameworkCategory | Any Wiz framework category ID(s). | A comma-separated list to filter controls by their associated framework category. | Key: frameworkCategory ,Value: wct-id-4,wct-id-7 .This key and value combination only retrieves controls for framework categories wct-id-4 and wct-id-7 . |
includeDeleted | true or false | Include or exclude deleted controls in the results. Leave the value blank to indicate all controls. | Key: includeDeleted ,Value: false .This key and value combination excludes deleted controls from the results. | |
resourceType | Any string identifying a resource type. | A comma-separated list to filter controls by the specified resource type. | Key: resourceType ,Value: type1 ,type2 .This key and value combination only retrieves controls for resources of type Server . | |
ruleName | Any string identifying a rule name. | A comma-separated list to filter controls by the specified rule names. | Key: ruleName ,Value: ruleName1 ,ruleName2 .This key and value combination only retrieves controls related to the ruleName1 and ruleName2 rules. | |
result | ERROR, FAIL, NOT_ASSESSED, PASSED | A comma-separated list to filter controls based on their result status. Leave the value blank to indicate all result statuses. | Key: result ,Value: ERROR ,FAIL .This key and value combination only retrieves controls with an ERROR or FAIL result status. | |
severity | NONE, LOW, MEDIUM, HIGH, CRITICAL | A comma-separated list to filter controls based on severity. | Key: severity ,Value: HIGH ,CRITICAL .This key and value combination only retrieves controls with a severity of HIGH or CRITICAL . | |
status | OPEN, RESOLVED, REJECTED | A comma-separated list to filter controls by their status. | Key: status ,Value: OPEN ,REJECTED .This key and value combination only retrieves controls that are in the OPEN or REJECTED status. |
Issue & Issue Definition
Table 16: Issue and Issue Definition operation options
Connector Object | Option | All Possible Values | Description | Example |
---|---|---|---|---|
Issue, Issue Definition | frameworkCategory | Any Wiz framework category ID(s). | A comma-separated list to filter issues by their associated framework category. | Key: frameworkCategory ,Value: wct-id-4,wct-id-7 .This key and value combination only retrieves issues for framework categories wct-id-4 and wct-id-7 . |
Issue, Issue Definition | hasAutoRemediation | true or false | Filter issues with or without auto remediation. | Key: hasAutoRemediation Value: true .This key and value combination only retrieves issues with auto remediation. |
Issue, Issue Definition | hasRemediation | true or false | Filter issues with or without remediation. | Key: hasRemediation Value: false .This key and value combination only retrieves issues without a remediation. |
Issue, Issue Definition | hasServiceTicket | true or false | Filter issues with or without a related service ticket. | Key: hasServiceTicket Value: true .This key and value combination only retrieves issues with related service tickets. |
Issue, Issue Definition | projectId | Any project ID(s). | Filter issues associated with the specified project ID. Leave the value blank to indicate all project IDs. | Key: projectId Value: 1234 .This key and value combination only retrieves issues for project ID 1234 . |
Issue, Issue Definition | resolutionReason | CONTROL_CHANGED, CONTROL_DISABLED, CONTROL_DELETED, EXCEPTION, FALSE_POSITIVE, ISSUE_FIXED, OBJECT_DELETED, WONT_FIX | A comma-separated list to filter issues by resolution reason. Leave the value blank to indicate all resolution reasons. | Key: resolutionReason Value: FALSE_POSITIVE .This key and value combination only retrieves issues that are false positives. |
Issue, Issue Definition | severity | CRITICAL, HIGH, INFORMATIONAL, LOW, MEDIUM | A comma-separated list to filter issues based on severity. Leave the value blank to indicate all severities. | Key: severity Value: LOW, MEDIUM .This key and value combination only retrieves issues of low or medium severity. |
Issue, Issue Definition | stackLayer | APPLICATION_AND_DATA, CI_CD, CLOUD_ENTITLEMENTS, CODE, COMPUTE_PLATFORMS, DATA_STORES, SECURITY_AND_IDENTITY | A comma-separated list to filter issues from a specified stack layer. Leave the value blank to indicate all stack layers. | Key: stackLayer Value: ``. This key and value combination retrieves issues from all stack layers. |
Issue, Issue Definition | status | IN_PROGRESS, OPEN, REJECTED, RESOLVED | A comma-separated list to filter issues by their status. Leave the value blank to indicate all statuses. | Key: status Value: OPEN .This key and value combination only retrieves open issues. |
Issue | type | CLOUD_CONFIGURATION, THREAT_DETECTION, TOXIC_COMBINATION | A comma-separated list of issue types. You can use this option to filter issues by their issue type, as determined by Wiz. | Key: type Value: THREAT_DETECTION ,TOXIC_COMBINATION .This key and value combination only retrieves issues with the specified type. |
Vulnerability
Table 17: Vulnerability operation options
Connector Object | Option | All Possible Values | Description | Example |
---|---|---|---|---|
Vulnerability | assetHasAdminPrivileges | true or false | Filter vulnerabilities for assets with or without admin privileges. | Key: assetHasAdminPrivileges Value: true . This key and value combination only retrieves vulnerabilities for assets with admin privileges. |
assetHasHighPrivileges | true or false | Filter vulnerabilities for assets with or without high privileges. | Key: assetHasHighPrivileges ,Value: false .This key and value combination only retrieves vulnerabilities for assets without high privileges. | |
assetId | Any Wiz asset ID(s). | A comma-separated list to filter vulnerabilities by the asset ID. Leave the value blank to indicate all asset IDs. | Key: assetId ,Value: 1234,5678 .This key and value combination only retrieves vulnerabilities for asset IDs 1234 and 5678 . | |
assetStatus | Active, Error, Inactive | A comma-separated list to filter vulnerabilities for assets with the specified status. Leave the value blank to indicate all asset statuses. | Key: assetStatus ,Value: Active,Error .This key and value combination only retrieves vulnerabilities from assets with statuses Active and Error . | |
assetType | CONTAINER, CONTAINER_IMAGE, SERVERLESS, VIRTUAL_MACHINE | A comma-separated list to filter vulnerabilities by the asset type. Leave the value blank to indicate all asset types. | Key: assetType ,Value: CONTAINER,SERVERLESS .This key and value combination only retrieves vulnerabilities for the asset types CONTAINER and SERVERLESS . | |
baseContainerImage | Any string identifying a base container image. | A comma-separated list to filter vulnerabilities by their base container image. | Key: baseContainerImage ,Value: ubuntu:latest,alpine:3.15 .This key and value combination only retrieves vulnerabilities for the base container images ubuntu:latest and alpine:3.15 . | |
cnaScore | Any numeric value from 0.1-10.0 | Retrieve all vulnerabilities with a CVE Numbering Authority (CNA) score of the specified value or higher. | Key: cnaScore ,Value: 7.5 .This key and value combination only retrieves vulnerabilities with a CNA score of 7.5 or higher. | |
cloudPlatforms | Any string identifying a cloud platform. | A comma-separated list to filter vulnerabilities by their associated cloud platform. | Key: cloudPlatforms ,Value: AWS,Azure .This key and value combination only retrieves vulnerabilities for the cloud platforms AWS and Azure . | |
containerRegistry | Any name identifying a container registry. | A comma-separated list to filter vulnerabilities associated with the specified container registry. | Key: containerRegistry ,Value: ECR,GCR .This key and value combination only retrieves vulnerabilities related to the container registries ECR and GCR . | |
containerRepository | Any name identifying a container repository. | A comma-separated list to filter vulnerabilities associated with the specified container repository. | Key: containerRepository ,Value: Azure Container Repository,Docker Hub .This key and value combination only retrieves vulnerabilities in the repositories Azure Container Repository and Docker Hub . | |
containerServiceId | Any string identifying a container service ID. | A comma-separated list to filter vulnerabilities by their associated container service ID. | Key: containerServiceId ,Value: service-123,service-456 .This key and value combination only retrieves vulnerabilities for the container service IDs service-123 and service-456 . | |
detailedName | Any string identifying a detailed name. | A comma-separated list to filter vulnerabilities by their detailed name. | Key: detailedName ,Value: Critical Vulnerability,High Risk .This key and value combination only retrieves vulnerabilities with the detailed names Critical Vulnerability and High Risk . | |
detectionMethod | DEFAULT_PACKAGE, FILE_PATH, INSTALLED_PROGRAM, INSTALLED_PROGRAM_BY_SERVICE, LIBRARY, OS, PACKAGE | A comma-separated list to filter vulnerabilities found by the specified detection method. Leave the value blank to indicate all detection methods. | Key: detectionMethod ,Value: FILE_PATH,PACKAGE .This key and value combination only retrieves vulnerabilities detected through FILE_PATH and PACKAGE . | |
effectiveAttackVector | Any string identifying an attack vector. | A comma-separated list to filter vulnerabilities by their effective attack vector. | Key: effectiveAttackVector ,Value: NETWORK,PHYSICAL .This key and value combination only retrieves vulnerabilities with the effective attack vectors NETWORK and PHYSICAL . | |
hasCisaKevExploit | true or false | Filter vulnerabilities with or without an available Cybersecurity & Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) exploit. | Key: hasCisaKevExploit ,Value: true .This key and value combination only retrieves vulnerabilities with a CISA KEV exploit. | |
hasExploit | true or false | Filter vulnerabilities with or without an available exploit. | Key: hasExploit ,Value: false .This key and value combination only retrieves vulnerabilities without an exploit. | |
hasFix | true or false | Filter vulnerabilities with or without an available fix. | Key: hasFix ,Value: true .This key and value combination only retrieves vulnerabilities with a fix. | |
hasTriggerableRemediation | true or false | Filter vulnerabilities by whether they have triggerable remediation. | Key: hasTriggerableRemediation ,Value: true .This key and value combination only retrieves vulnerabilities with triggerable remediation. | |
isAssetAccessibleFromInternet | true or false | Filter vulnerabilities for assets by whether the associated asset is accessible from the internet, as determined by Wiz. | Key: isAssetAccessibleFromInternet ,Value: true .This key and value combination only retrieves vulnerabilities for assets accessible from the internet. | |
isAssetOpenToAllInternet | true or false | Filter vulnerabilities for assets by whether they are publicly accessible over the internet. | Key: isAssetOpenToAllInternet ,Value: true .This key and value combination only retrieves vulnerabilities for assets publicly accessible over the internet. | |
isBaseLayer | true or false | Filter vulnerabilities for container images by whether they are attributed to a base image. | Key: isBaseLayer ,Value: false .This key and value combination only retrieves vulnerabilities for container images not attributed to a base image. | |
isEndOfLife | true or false | Filter vulnerabilities by whether the associated asset is end-of-life. | Key: isEndOfLife ,Value: true .This key and value combination only retrieves vulnerabilities for end-of-life assets. | |
isOperatingSystemEndOfLife | true or false | Filter vulnerabilities by whether the associated operating system is end-of-life. | Key: isOperatingSystemEndOfLife ,Value: true .This key and value combination only retrieves vulnerabilities for end-of-life operating systems. | |
isScannedFromRegistry | true or false | Filter vulnerabilities by whether they are scanned from a container registry. | Key: isScannedFromRegistry ,Value: true .This key and value combination only retrieves vulnerabilities scanned from a container registry. | |
isScannedFromWorkload | true or false | Filter vulnerabilities by whether they are scanned from a workload. | Key: isScannedFromWorkload ,Value: true .This key and value combination only retrieves vulnerabilities scanned from a workload. | |
nvdSeverity | NONE, LOW, MEDIUM, HIGH, CRITICAL | A comma-separated list to filter vulnerabilities by their NVD severity. | Key: nvdSeverity ,Value: HIGH,CRITICAL .This key and value combination only retrieves vulnerabilities with NVD severities HIGH and CRITICAL . | |
projectId | Any Wiz project ID(s). | A comma-separated list to filter vulnerabilities associated with the specified project ID(s). Leave the value blank to indicate all project IDs. | Key: projectId ,Value: 1234,5678 .This key and value combination only retrieves vulnerabilities for project IDs 1234 and 5678 . | |
relatedIssueSeverity | NONE, LOW, MEDIUM, HIGH, CRITICAL | A comma-separated list to filter vulnerabilities by the severity of related issues. | Key: relatedIssueSeverity ,Value: CRITICAL,HIGH .This key and value combination only retrieves vulnerabilities with related issues of severities CRITICAL and HIGH . | |
reportName | Any name identifying a report. | Filter vulnerabilities matching the specified report name. | Key: reportName ,Value: Report A,Report B .This key and value combination only retrieves vulnerabilities from the reports Report A and Report B . | |
score | Any numeric value from 0.1-10.0 | Retrieve all vulnerabilities with a CVSS3 (Common Vulnerability Scoring System) score of the specified value or higher. | Key: score ,Value: 8.0 .This key and value combination only retrieves vulnerabilities with a CVSS3 score of 8.0 or higher. | |
severity | NONE, LOW, MEDIUM, HIGH, CRITICAL | A comma-separated list to filter vulnerabilities by their severity. | Key: severity ,Value: HIGH,CRITICAL .This key and value combination only retrieves vulnerabilities with severities HIGH and CRITICAL . | |
status | OPEN, REJECTED, RESOLVED | A comma-separated list to filter vulnerabilities by their status. | Key: status ,Value: OPEN,RESOLVED .This key and value combination only retrieves vulnerabilities with statuses OPEN and RESOLVED . | |
subscriptionExternalId | AWS Account, Azure Subscription, GCP Project, OCI Compartment | A comma-separated list to filter vulnerabilities by their associated external subscription ID. | Key: subscriptionExternalId ,Value: AWS Account,Azure Subscription .This key and value combination only retrieves vulnerabilities associated with the external subscription IDs AWS Account and Azure Subscription . | |
validatedInRuntime | true or false | Filter vulnerabilities by whether they have been validated in runtime. | Key: validatedInRuntime ,Value: true .This key and value combination only retrieves vulnerabilities validated in runtime. | |
vcsRepositoryId | Any string identifying a VCS repository ID. | A comma-separated list to filter vulnerabilities by their associated VCS repository ID. | Key: vcsRepositoryId ,Value: repo-123,repo-456 .This key and value combination only retrieves vulnerabilities for the VCS repository IDs repo-123 and repo-456 . | |
vendorScore | Any numeric value from 0.1-10.0 | Retrieve all vulnerabilities with a vendor score of the specified value or higher. | Key: vendorScore ,Value: 8.0 .This key and value combination only retrieves vulnerabilities with a vendor score of 8.0 or higher. | |
vendorSeverity | NONE, LOW, MEDIUM, HIGH, CRITICAL | A comma-separated list to filter vulnerabilities by their vendor severity. | Key: vendorSeverity ,Value: HIGH,CRITICAL .This key and value combination only retrieves vulnerabilities with vendor severities HIGH and CRITICAL . | |
vulnerabilityExternalId | Any CVE ID(s) | A comma-separated list of CVE IDs to filter vulnerabilities by their associated CVE ID. | Key: vulnerabilityExternalId ,Value: CVE-2023-12345,CVE-2023-44487 .This key and value combination only retrieves vulnerabilities with the CVE IDs CVE-2023-12345 and CVE-2023-44487 . | |
vulnerabilityId | Any Wiz vulnerability ID(s). | A comma-separated list to filter vulnerabilities by their vulnerability ID. | Key: vulnerabilityId ,Value: vuln-123,vuln-456 .This key and value combination only retrieves vulnerabilities with the vulnerability IDs vuln-123 and vuln-456 . | |
weightedSeverity | NONE, LOW, MEDIUM, HIGH, CRITICAL | A comma-separated list to filter vulnerabilities by their weighted severity. | Key: weightedSeverity ,Value: MEDIUM,HIGH .This key and value combination only retrieves vulnerabilities with weighted severities |
Vulnerability Definition
Table 18: Vulnerability Definition operation options
Connector Object | Option | All Possible Values | Description | Example |
---|---|---|---|---|
Vulnerability Definition | assetHasAdminPrivileges | true or false | Filter vulnerability definitions for assets with or without admin privileges. | Key: assetHasAdminPrivileges ,Value: true .This key and value combination only retrieves vulnerability definitions for assets with admin privileges. |
assetHasHighPrivileges | true or false | Filter vulnerability definitions for assets with or without high privileges. | Key: assetHasHighPrivileges ,Value: false .This key and value combination only retrieves vulnerability definitions for assets without high privileges. | |
assetId | Any Wiz asset ID(s). | A comma-separated list of asset ID(s) to filter vulnerability definitions by the asset ID(s). Leave the value blank to indicate all asset IDs. | Key: assetId ,Value: 1234 .This key and value combination only retrieves vulnerability definitions for asset ID 1234 . | |
assetStatus | Active, Error, Inactive | A comma-separated list to filter vulnerability definitions for assets with the specified status. Leave the value blank to indicate all asset statuses. | Key: assetStatus ,Value: Active .This key and value combination only retrieves vulnerability definitions from active assets. | |
assetType | CONTAINER, CONTAINER_IMAGE, SERVERLESS, VIRTUAL_MACHINE | A comma-separated list to filter vulnerability definitions by the asset type. Leave the value blank to indicate all asset types. | Key: assetType ,Value: CONTAINER, SERVERLESS .This key and value combination only retrieves vulnerability definitions for the CONTAINER and SERVERLESS asset type. | |
containerRegistry | Any name identifying a container registry. | Filter vulnerability definitions associated with the specified container registry. | Key: containerRegistry ,Value: ECR .This key and value combination only retrieves vulnerability definitions related to the AWS Elastic Container Registry (ECR). | |
containerRepository | Any name identifying a container repository. | Filter vulnerability definitions associated with the specified container repository. | Key: containerRepository ,Value: Azure Container Repository .This key and value combination only retrieves vulnerability definitions in the Azure Container Repository. | |
detectionMethod | DEFAULT_PACKAGE, FILE_PATH, INSTALLED_PROGRAM, INSTALLED_PROGRAM_BY_SERVICE, LIBRARY, OS, PACKAGE | A comma-separated list to filter vulnerability definitions found by the specified detection method. Leave the value blank to indicate all detection methods. | Key: detectionMethod ,Value: FILE_PATH .This key and value combination only retrieves vulnerability definitions detected through file paths. | |
hasCisaKevExploit | true or false | Filter vulnerability definitions with or without an available Cybersecurity & Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) exploit. | Key: hasCisaKevExploit ,Value: true .This key and value combination only retrieves vulnerability definitions with a CISA KEV exploit. | |
hasExploit | true or false | Filter vulnerability definitions with or without an available exploit. | Key: hasExploit ,Value: false .This key and value combination only retrieves vulnerability definitions without an exploit. | |
hasFix | true or false | Filter vulnerability definitions with or without an available fix. | Key: hasFix ,Value: true .This key and value combination only retrieves vulnerability definitions with a fix. | |
isAssetAccessibleFromInternet | true or false | Filter vulnerability definitions for assets by whether the associated asset is accessible from the internet, as determined by Wiz. | Key: isAssetAccessibleFromInternet Value: true . This key and value combination only retrieves vulnerability definitions for assets that are accessible from the internet. | |
isAssetOpenToAllInternet | true or false | Filter vulnerability definitions for assets by whether they are publicly accessible over the internet. | Key: isAssetOpenToAllInternet ,Value: true .This key and value combination only retrieves vulnerability definitions for assets that are accessible over the internet. | |
isBaseLayer | true or false | Filter vulnerability definitions for container images by whether they are attributed to a base image. | Key: isBaseLayer ,Value: false .This key and value combination only retrieves vulnerability definitions for container images that aren't attributed to a base image. | |
isScannedFromRegistry | true or false | Filter vulnerability definitions by whether they are scanned from a container registry. | Key: isScannedFromRegistry ,Value: true .This key and value combination only retrieves vulnerability definitions scanned from a container registry. | |
projectId | Any Wiz project ID(s). | Filter vulnerability definitions associated with the specified project ID. Leave the value blank to indicate all project IDs. | Key: projectId ,Value: 1234 .This key and value combination only retrieves vulnerability definitions for project ID 1234 . | |
reportName | Any name identifying a report. | Filter vulnerability definitions matching the specified report name. | Key: reportName ,Value: Report A .This key and value combination only retrieves vulnerability definitions from Report A . | |
status | OPEN, REJECTED, RESOLVED | A comma-separated list to filter vulnerability definitions by their status. Leave the value blank to indicate all statuses. | Key: status ,Value: RESOLVED .This key and value combination only retrieves resolved vulnerability definitions. | |
subscriptionExternalId | AWS Account, Azure Subscription, GCP Project, OCI Compartment | A comma-separated list to filter vulnerability definitions by their associated external subscription ID. Leave the value blank to indicate all external subscription IDs. | Key: subscriptionExternalId ,Value: AWS Account .This key and value combination only retrieves vulnerability definitions associated with the AWS Account. | |
validatedInRuntime | true or false | Filter vulnerability definitions by whether they have been validated in runtime. | Key: validatedInRuntime ,Value: true .This key and value combination only retrieves vulnerability definitions that have been validated in runtime. | |
vendorSeverity | NONE, LOW, MEDIUM, HIGH, CRITICAL | A comma-separated list to filter vulnerability definitions by their vendor severity. Leave the value blank to indicate all vendor severities. | Key: vendorSeverity ,Value: HIGH .This key and value combination only retrieves vulnerability definitions deemed high severity by the vendor. |
The Wiz connector operation options were developed in collaboration with Wiz and adheres to their supported API filters. If you require an operation option that isn’t listed in the above tables, please refer to the Wiz API documentation, or contact your Wiz Support team. They can coordinate with Brinqa Support to determine whether the Wiz API supports the request and whether it can be added to the connector.
The option keys and possible values are case-sensitive as they are shown in this documentation.
APIs
The Wiz connector uses the Wiz API. Specifically, it executes the following GraphQL queries to retrieve data:
Table 19: Wiz API GraphQL queries
Cloud Configuration Finding queries
Click to expand
The following query retrieves information about cloud configuration findings:
query CloudConfigurationFindingsPage($filterBy: ConfigurationFindingFilters, $first: Int, $after: String, $orderBy: ConfigurationFindingOrder) {
page: configurationFindings(filterBy: $filterBy, first: $first, after: $after, orderBy: $orderBy) {
nodes {
id
targetExternalId
deleted
targetObjectProviderUniqueId
firstSeenAt
severity
result
status
remediation
resource {
id
providerId
name
nativeType
type
region
subscription {
id
name
externalId
cloudProvider
}
projects {
id
name
riskProfile {
businessImpact
}
}
tags {
key
value
}
}
rule {
id
graphId
name
description
remediationInstructions
functionAsControl
}
securitySubCategories {
id
title
category {
id
name
framework {
id
name
}
}
}
ignoreRules {
id
name
enabled
expiredAt
}
}
pageInfo {
hasNextPage
endCursor
}
}
}
Issue GraphQL queries
Click to expand
The following query retrieves information about issue and issue definition:
query issueFindings($filterBy: IssueFilters, $first: Int, $after: String $orderBy: IssueOrder) {
page: issuesV2(filterBy: $filterBy, first: $first, after: $after, orderBy: $orderBy) {
nodes {
id
status
severity
type
openReason
resolutionReason
suggestions
resolvedAt
createdAt
updatedAt
dueAt
statusChangedAt
rejectionExpiredAt
sourceRule {
__typename
... on Control {
id
name
description
severity
resolutionRecommendation
securitySubCategories {
id
title
category {
id
name
framework {
id
name
}
}
}
}
... on CloudEventRule {
id
name
description
sourceType
type
cloudEventRuleSeverity: severity
securitySubCategories {
id
title
category {
id
name
framework {
id
name
}
}
}
}
... on CloudConfigurationRule {
id
name
description
remediationInstructions
serviceType
severity
securitySubCategories {
id
title
category {
id
name
framework {
id
name
}
}
}
}
}
entity: entitySnapshot {
id
type
nativeType
name
status
cloudPlatform
cloudProviderURL
providerId
region
resourceGroupExternalId
subscriptionExternalId
subscriptionName
subscriptionTags
tags
externalId
}
projects {
id
name
description
slug
businessUnit
riskProfile {
businessImpact
}
}
serviceTickets {
id
externalId
name
url
}
notes {
id
createdAt
updatedAt
text
user {
id
name
email
}
serviceAccount {
id
name
type
}
}
}
pageInfo {
hasNextPage
endCursor
}
}
}
Reports GraphQL queries
Click to expand
The first query retrieves data for the Backup Service, Bucket, CI/CD Service, Compute Instance Group, Container, ContainerImage, Container Registry, Container Service, Daemon Set, Database Server, Deployment, Encryption Key, File System Service, Firewall, Kubernetes Cluster, Raw Access Policy, Resource Group, Serverless, Storage Account, Subscription, Virtual Machine Image, Virtual Network, Vulnerability, Vulnerability Definition, or Web Service connector objects from the reports
endpoint. The rest of the queries create a report and generates the URL to download the report:
query ReportsSearch($filterBy: ReportFilters, $first: Int, $after: String) {
page: reports(first: $first, after: $after, filterBy: $filterBy) {
nodes {
id
name
createdBy {
id
email
}
lastRun {
id
runAt
}
lastSuccessfulRun {
id
runAt
}
type {
id
name
}
}
pageInfo {
hasNextPage
endCursor
}
}
}
mutation CreateReport($input: CreateReportInput!) {
operation: createReport(input: $input) {
node: report {
id
}
}
}
mutation RerunReport($reportId: ID!) {
operation: rerunReport(input: {id: $reportId}) {
node: report {
id
}
}
}
query ReportDownloadUrl($reportId: ID!) {
node: report(id: $reportId) {
id
name
lastRun {
id
url
status
}
}
}
Vulnerability GraphQL query
Click to expand
The following query retrieves information about vulnerabilities:
query vulnerabilityFindings($filterBy: VulnerabilityFindingFilters, $first: Int, $after: String) {
page: vulnerabilityFindings(filterBy: $filterBy, first: $first, after: $after) {
nodes {
id
name
detailedName
CVEDescription
CVSSSeverity
vendorSeverity
score
exploitabilityScore
impactScore
description
remediation
link
locationPath
detectionMethod
version
fixedVersion
portalUrl
firstDetectedAt
lastDetectedAt
vulnerableAsset {
... on VulnerableAssetBase {
id
providerUniqueId
type
name
}
}
}
pageInfo {
hasNextPage
endCursor
}
totalCount
}
}
Vulnerability Definition GraphQL query
Click to expand
The following query retrieves information about vulnerability definition:
query VulnerabilityDefinitions($filterBy: VulnerabilityFilters, $first: Int, $after: String) {
page: vulnerabilities(filterBy: $filterBy, first: $first, after: $after) {
nodes {
affectedTechnologies {
id
name
}
baseScore
cisaKevDueDate
cisaKevReleaseDate
cvssv2 {
attackComplexity
attackVector
confidentialityImpact
integrityImpact
privilegesRequired
userInteractionRequired
}
cvssv3 {
attackComplexity
attackVector
confidentialityImpact
integrityImpact
privilegesRequired
userInteractionRequired
}
description
exploitabilityScore
exploitable
externalId
hasCisaKevExploit
id
name
publishedAt
severity
sourceFeeds {
id
name
url
}
sourceUrl
}
pageInfo {
endCursor
hasNextPage
}
totalCount
}
}
Changelog
The Wiz connector has undergone the following changes:
Table 20: Wiz connector changelog
Version | Description | Date Published |
---|---|---|
3.3.14 | Added a new additional setting to make the report timeout configurable: Report timeout | July 31st, 2025 |
3.3.13 | Added the ENTITY_EXTERNAL_ID, ENTITY_ID, ENTITY_NAME, ENTITY_STATUS, ENTITY_TYPE, SUBSCRIPTION_EXTERNAL_ID, and SUBSCRIPTION_ID attributes to the Issue object. | July 30th, 2025 |
3.3.12 | Added the ASSET_HAS_LIMITED_INTERNET_EXPOSURE and ASSET_HAS_WIDE_INTERNET_EXPOSURE attributes to the Vulnerability object. | June 11th, 2025 |
3.3.11 | - Fixed an issue where dates were appearing in the future due to the date parser not handling nanoseconds correctly. As a result, the date parser has been updated to accurately reflect the source data from Wiz. - Added the NAMESPACE_EXTERNAL_ID attribute to the Container object. - Code cleanup and general maintenance. | May 20th, 2025 |
3.3.8 | Updated the schema to include the CLUSTER_EXTERNAL_ID and CLUSTER_NAME attributes on the Container object. This change ensures that the attributes are recognized by the Brinqa Platform and properly ingested. | April 29th, 2025 |
3.3.7 | - Added the ADDITIONAL_IDS attribute to the API Gateway object. - Added the CLUSTER_EXTERNAL_ID and CLUSTER_NAME attributes to the Container object to support Kubernetes context. | April 16th, 2025 |
3.3.6 | - Added a new operation option for the Issue object to filter by issue type: type . - Added the CATEGORIES attribute to the Issue object. - Added support for ticketing information from Wiz to help prevent duplicate ticket creation and improve issue tracking. As a result, the following attributes were added to the Issue object:
| March 11th, 2025 |
3.3.5 | Fixed an issue where the TARGETS attribute on the Vulnerability object included empty string values. The connector now prevents empty values from being added to the targets list. | February 19th, 2025 |
3.3.4 | Fixed an issue where configuration findings were not correctly associating with assets. The connector now imports RESOURCE_EXTERNAL_ID and RESOURCE_PROVIDER_ID on the Configuration Finding object to establish proper relationships between findings and their associated assets. | February 12th, 2025 |
3.3.3 | Fixed an issue where the connector was incorrectly mapping IP addresses and private DNS names to both the IP_ADDRESSES and PRIVATE_IP_ADDRESSES attributes on the Virtual Machine object. The connector now properly distinguishes between these attributes. | February 6th, 2025 |
3.3.2 | - The Configuration Finding object is no longer required and now maps to Violation. - Added the RECOMMENDATION, TARGETS, and TYPE attributes to the Configuration Finding object. | January 15th, 2025 |
3.3.1 | The connector now retrieves the Configuration Finding object from Wiz. | January 7th, 2025 |
3.3.0 | Replaced the deprecated vulnerabilityParams.type attribute on the Vulnerability object with columnSelection to support Wiz's updated export behavior. This improves CSV parsing by no longer relying on the Content-Length header, which may be 0 even when data is present. | December 24th, 2024 |
3.2.6 | The connector now retrieves the Secret Container object from Wiz. | December 6th, 2024 |
3.2.5 | Fixed an issue where attributes from Wiz were not being mapped correctly to the Host data model. To support out-of-the-box relationships between Hosts and Container Images, the connector now maps the EXTERNAL_ID attribute to the SOURCE_UIDS attribute. | December 3rd, 2024 |
3.2.4 | Added the NAME attribute to the Vulnerability Definition object. | November 14th, 2024 |
3.2.3 | Code cleanup and general maintenance to help improve error handling. | November 13th, 2024 |
3.2.2 | Fixed an issue where the Issue and Issue Definition object syncs were failing. | November 13th, 2024 |
3.2.1 | Fixed an issue where the Resource Group and Storage Account object syncs were failing due to an "Empty header line: cannot bind data" error. | November 11th, 2024 |
3.2.0 | Enhanced the Vulnerability object sync process to improve efficiency by using regular reports with the updateAt date filter, as recommended by Wiz. The Wiz connector now retrieves all vulnerabilities with detection support via the GraphQL API, rather than creating vulnerability definitions from vulnerability data. | November 1st, 2024 |
3.1.18 | Code cleanup and maintenance. | October 2nd, 2024 |
3.1.17 | - Fixed an issue where the Issue and Issue Definition object syncs were failing. - Added the SOURCE_SEVERITY_SCORE attribute to the Vulnerability object. - Code cleanup and maintenance. | October 2nd, 2024 |
3.1.16 | - Added remediation instructions to the Issue Definition object. - Addressed a potential NullPointerException (NPE) on the Issue object. | September 25th, 2024 |
3.1.15 | Enhanced the method for retrieving vulnerability status by splitting "New" from "Active" status. The Wiz connector now uses the FIRST_SEEN_AT filter for "New" vulnerabilities and the UPDATED_AT filter for "Active" vulnerabilities to ensure more accurate reporting. | July 22nd, 2024 |
3.1.14 | Added the IS_CONTAINER_HOST attribute to the Virtual Machine object. | June 14th, 2024 |
3.1.13 | Code cleanup and general maintenance. | May 21st, 2024 |
3.1.12 | Fixed an issue where the CVSS_V2_BASE_SCORE and CVSS_V3_BASE_SCORE attributes on the Vulnerability Definition object were not populating. | April 11th, 2024 |
3.1.11 | Revised the logic of getting asset type information from the source data. | February 22nd, 2024 |
3.1.10 | - Updated to fetch vmId as the Instance ID for Azure assets. - Switched the order of adding attributes to allow native or specific attributes to take higher precedence. - Updated dependencies. | February 5th, 2024 |
3.1.9 | - Fixed an issue where an Empty header line error occurred when reports returned by Wiz were empty. - Fixed an issue related to the Missing 1 header column: ["uid"] error. | January 30th, 2024 |
3.1.8 | Added a new additional setting to help manage API throttling: Maximum retries | October 28th, 2023 |
3.1.7 | - Updated to the new Wiz logo. - Enhanced handling for missing UID in objects retrieved from Wiz. | September 19th, 2023 |
3.1.6 | Code cleanup and general maintenance. | September 14th, 2023 |
3.1.5 | Code cleanup and general maintenance. | September 7th, 2023 |
3.1.4 | - The connector now retrieves the image name for Container Image objects. - The connector now maps the provider ID to the TARGETS attribute on the Issue object. | July 26th, 2023 |
3.1.3 | Code cleanup and general maintenance. | July 21st, 2023 |
3.1.2 | Fixed an issue where Targets were not being received for Vulnerabilities with Container Image assets. | July 10th, 2023 |
3.1.1 | The connector now retrieves the Database Server, Issue, and Issue Definition objects from Wiz. | June 15th, 2023 |
3.1.0 | Initial Integration+ release. | June 14th, 2023 |