Wiz

Wiz is a cloud security tool that scans your cloud environments to provide complete visibility into every technology running in your cloud. You can bring virtual network, virtual machine, vulnerability and more data from Wiz into Brinqa to construct a unified view of your attack surface and strengthen your cybersecurity posture.

This document details the information you must provide for the connector to authenticate with Wiz when the data integration runs, and how to obtain that information from Wiz. See create a data integration for step-by-step instructions on setting up the integration.

Required connection settings

When setting up a data integration, select Wiz from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate Wiz with Brinqa:

API URL: The Wiz API endpoint URL. The default URL is https://api.<region>.app.wiz.io.
Token URL: The Wiz API authentication token URL. The URL is specific to the identity provider (IdP) for the Wiz service account. See Table 1 for more information.
OAuth audience: The audience of your OAuth token. The audience is specific to your IdP. See Table 1 for more information.
Client ID and Client secret: The credentials associated with the Wiz service account, which must have permissions to log in to the API server and return data.

The Token URL and OAuth audience values depend on the IdP you use for the Wiz service account. The following table summarizes the different values:

Table 1. Wiz token URL and audience values

IdP	Token URL	Audience
Amazon Cognito	`https://auth.app.wiz.io/oauth/token`	`wiz-api`
Auth0	`https://auth.wiz.io/oauth/token`	`beyond-api`

Obtain the client ID and client secret from Wiz

For the Wiz connector to use the Wiz API, you must provide the client ID and client secret from an active Wiz service account.

To obtain these credentials, please follow the steps in the official Wiz documentation for Brinqa integration. This guide is maintained by Wiz and outlines the process for creating the required service account and assigning appropriate permissions.

note

If you do not have the permissions to create a service account or assign permissions, contact your Wiz administrator.

The Wiz connector was developed in collaboration with Wiz and adheres to their recommended solutions. It has been certified by Wiz to ensure optimal functionality and security.

Due to limitations with GraphQL in exporting large datasets, the connector generates reports in CSV format.
The Wiz connector generates one report per asset type for Vulnerabilities, with each report prefixed by BRINQA-VULNERABILITIES-REPORT_.
It also generates one report per inventory type for Inventory, with each report prefixed by BRINQA-INVENTORY-REPORT_. This lets you easily identify and monitor said reports.
These reports are automatically deleted from Wiz based on your specified data cleanup frequency.

Additional settings

The Wiz connector contains additional options for specific configuration:

Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.
Maximum retries: The maximum number of times that the integration attempts to connect to the Wiz API before giving up and reporting a failure. The default setting is 5.
Report timeout (hours): The maximum number of hours to wait for a report to be generated before giving up and reporting a failure. The default setting is 4 hours.

Types of data to retrieve

The Wiz connector can retrieve the following types of data from the Wiz API:

Table 2: Data retrieved from Wiz

Connector Object	Required	Maps to Data Model
API Gateway	No	Not mapped
Backup Service	No	Not mapped
Bucket	No	Not mapped
CI/CD Service	No	Not mapped
Compute Instance Group	No	Not mapped
Configuration Finding	No	Violation
Container	Yes	Container
Container Image	Yes	Container Image
Container Registry	No	Not mapped
Container Service	No	Not mapped
Control	Yes	Violation Definition
Daemon Set	No	Not mapped
Database Server	Yes	Database Instance
Deployment	No	Not mapped
Encryption Key	No	Not mapped
File System Service	No	Not mapped
Firewall	No	Not mapped
Issue	Yes	Violation
Issue Definition	Yes	Violation Definition
Kubernetes Cluster	No	Not mapped
Raw Access Policy	No	Not mapped
Resource Group	No	Not mapped
Secret Container	No	Not mapped
Serverless	Yes	Serverless
Storage Account	No	Not mapped
Subnet	No	Not mapped
Subscription	No	Not mapped
Virtual Machine	Yes	Host
Virtual Machine Image	Yes	Host Image
Virtual Network	Yes	Network Segment
Volume	No	Not mapped
Vulnerability	Yes	Vulnerability
Vulnerability Definition	Yes	Vulnerability Definition
Web Service	No	Not mapped

info

For detailed steps on how to view the data retrieved from Wiz in the Brinqa Platform, see How to view your data.

Attribute mappings

Expand the sections below to view the mappings between the source and the Brinqa data model attributes.

Configuration Finding

Table 3: Configuration Finding attribute mappings

Source Field Name	Maps to Attribute
firstSeenAt	firstSeen
id	uid
remediation	recommendation
resource.id	targets
resource.name	Local variable
resource.type	Local variable
result	results
rule	type
severity	severity
status	status

Container

Table 4: Container attribute mappings

Source Field Name	Maps to Attribute
Cloud Native JSON.tags	tags
Cloud Platform	Local variable
Description	description
External ID	Local variable
Last Seen	lastSeen
Name	Local variable
Native Type	Local variable
Projects	Local variable
Provider ID	Local variable
Provider ID/External ID	uid
name	name
categories	categories
Region	region
Resource Type	Local variable
Subscription	Local variable
Subscription ID	Local variable
Wiz JSON Object.Runtime	Local variable
Wiz JSON Object.applicationEndpoint.openToAllInternet	Local variable
Wiz JSON Object.applicationEndpoint.validatedOpenPorts	Local variable
Wiz JSON Object.common.creationDate	sourceCreatedDate
Wiz JSON Object.common.status	providerStatus
Wiz JSON Object.common.status	status
Wiz JSON Object.imageExternalId	image
Wiz JSON Object.kubernetes.baseExtraData.clusterExternalId	Local variable
Wiz JSON Object.kubernetes.baseExtraData.clusterName	Local variable
Wiz JSON Object.virtualMachineExternalId	host

Container Image

Table 5: Container Image attribute mappings

Source Field Name	Maps to Attribute
Categories	categories
Cloud Native JSON.tags	tags
Cloud Platform	Local variable
Description	description
External ID	Local variable
Last Seen	Local variable
Name	name
Native Type	Local variable
Projects	Local variable
Provider ID	Local variable
Provider ID/External ID	uid
Region	region
Resource Type	Local variable
Subscription	Local variable
Subscription ID	Local variable
Wiz JSON Object.applicationEndpoint.openToAllInternet	Local variable
Wiz JSON Object.applicationEndpoint.validatedOpenPorts	Local variable
Wiz JSON Object.common.creationDate	sourceCreatedDate
Wiz JSON Object.common.status	providerStatus
Wiz JSON Object.common.status (normalized)	status
Wiz JSON Object.digest	digest
Wiz JSON Object.encrypted	Local variable
Wiz JSON Object.repoExternalId	Local variable

Control

Table 6: Control attribute mappings

Source Field Name	Maps to Attribute
description	description
id	uid
name	name
remediationInstructions	recommendation

Issue

Table 7: Issue attribute mappings

Source Field Name	Maps to Attribute
CREATED_AT	firstFound
CREATED_AT	sourceCreatedDate
DUE_AT	Local variable
ENTITY.EXTERNAL_ID	Local variable
ENTITY.ID	Local variable
ENTITY.NAME	Local variable
ENTITY.STATUS	Local variable
ENTITY.TYPE	Local variable
ENTITY.UID	targets
ID	uid
NOTES.TEXT	Local variable
RESOLVED_AT	lastFixed
RESOLUTION_REASON	Local variable
SEVERITY	severity, severityScore, sourceSeverity
SEVERITY	severityScore
SEVERITY	sourceSeverity
SERVICE_TICKETS.EXTERNAL_ID	Local variable
SERVICE_TICKETS.ID	Local variable
SERVICE_TICKETS.NAME	Local variable
SERVICE_TICKETS.URL	Local variable
SOURCE_RULES.ID	type
STATUS	providerStatus, sourceStatus, status, statusCategory
SUBSCRIPTION.EXTERNAL_ID	Local variable
SUBSCRIPTION.ID	Local variable
TYPE	categories
UPDATED_AT	sourceLastModified

Issue Definition

Table 8: Issue Definition attribute mappings

Source Field Name	Maps to Attribute
ISSUE.SOURCERULE.DESCRIPTION	description
ISSUE.SOURCERULE.ID	uid
ISSUE.SOURCERULE.NAME	name
ISSUE.SOURCERULE.NAME	summary
ISSUE.SOURCERULE.REMEDIATIONINSTRUCTIONS	recommendation
ISSUE.SOURCERULE.RESOLUTIONRECOMMENDATION	recommendation
ISSUE.SOURCERULE.RESOLUTIONRECOMMENDATIONPLAINTEXT	recommendation
ISSUE.SOURCERULE.RISKS	Local variable
ISSUE.SOURCERULE.SECURITYSUBCATEGORIES.DISPLAYNAME	categories
ISSUE.SOURCERULE.SEVERITY	severity, severityScore, sourceSeverity
ISSUE.SOURCERULE.THREATS	Local variable
ISSUE.SOURCERULE.TYPE	Local variable

Virtual Machine

Table 9: Virtual Machine attribute mappings

Source Field Name	Maps to Attribute
Categories	categories
Cloud Native JSON.Architecture	Local variable
Cloud Native JSON.ImageId	image
Cloud Native JSON.InstanceId	instanceId
Cloud Native JSON.InstanceType	Local variable
Cloud Native JSON.Monitoring.State	Local variable
Cloud Native JSON.NetworkInterfaces.MacAddress	macAddresses
Cloud Native JSON.PrivateDnsName	dnsNames
Cloud Native JSON.PrivateDnsName	privateDnsNames
Cloud Native JSON.PrivateIpAddress	ipAddresses
Cloud Native JSON.PrivateIpAddress	privateIpAddresses
Cloud Native JSON.PublicDnsName	hostnames
Cloud Native JSON.PublicDnsName	publicDnsNames
Cloud Native JSON.PublicIpAddress	ipAddresses
Cloud Native JSON.PublicIpAddress	publicIpAddresses
Cloud Native JSON.StateReason	Local variable
Cloud Native JSON.Subscription	Local variable
Cloud Native JSON.Subscription ID	Local variable
Cloud Native JSON.lastStartTimestamp	lastStarted
Cloud Native JSON.lastStopTimestamp	lastStopped
Cloud Native JSON.name	Local variable
Cloud Native JSON.networkInterfaces.network	Local variable
Cloud Native JSON.networkInterfaces.subnetwork	Local variable
Cloud Native JSON.project	Local variable
Cloud Native JSON.providerId	Local variable
Cloud Native JSON.tags	tags
Cloud Platform	Local variable
Description	description
External ID	Local variable
Last Seen	Local variable
Name	name
Native Type	Local variable
Projects	Local variable
Provider ID	Local variable
Provider ID/External ID	uid
Region	region
Resource Type	Local variable
Subscription	Local variable
Subscription ID	Local variable
Wiz JSON Object.Runtime	Local variable
Wiz JSON Object.applicationEndpoint.openToAllInternet	Local variable
Wiz JSON Object.applicationEndpoint.validatedOpenPorts	Local variable
Wiz JSON Object.common.creationDate	firstSeen
Wiz JSON Object.common.creationDate	sourceCreatedDate
Wiz JSON Object.common.status	providerStatus
Wiz JSON Object.common.status	status
Wiz JSON Object.imageExternalId	image
Wiz JSON Object.isContainerHost	Local variable
Wiz JSON Object.operatingSystem	operatingSystem

Virtual Machine Image

Table 10: Virtual Machine Image attribute mappings

Source Field Name	Maps to Attribute
Categories	categories
Cloud Native JSON.tags	tags
Cloud Platform	Local variable
Description	description
External ID	Local variable
Last Seen	Local variable
Name	name
Native Type	Local variable
Projects	Local variable
Provider ID	Local variable
Provider ID/External ID	uid
Region	region
Resource Type	Local variable
Subscription	Local variable
Subscription ID	Local variable
Wiz JSON Object.ImageLocation	Local variable
Wiz JSON Object.ImageOwnerAlias	Local variable
Wiz JSON Object.PlatformDetails	Local variable
Wiz JSON Object.applicationEndpoint.openToAllInternet	Local variable
Wiz JSON Object.applicationEndpoint.validatedOpenPorts	Local variable
Wiz JSON Object.common.creationDate	sourceCreatedDate
Wiz JSON Object.common.status	providerStatus
Wiz JSON Object.common.status	status
Wiz JSON Object.family	Local variable
Wiz JSON Object.is_public	Local variable

Virtual Network

Table 11: Virtual Network attribute mappings

Source Field Name	Maps to Attribute
Categories	categories
Cloud Native JSON.addressSpace.addressPrefixes	Local variable
Cloud Native JSON.enableDdosProtection	Local variable
Cloud Native JSON.tags	tags
Cloud Platform	Local variable
Description	description
External ID	Local variable
Last Seen	Local variable
Name	name
Native Type	Local variable
Projects	Local variable
Provider ID	Local variable
Provider ID/External ID	uid
Region	region
Resource Type	Local variable
Subscription	Local variable
Subscription ID	Local variable
Wiz JSON Object.addressRangeEdges	Local variable
Wiz JSON Object.addressRanges	ipv4Ranges
Wiz JSON Object.applicationEndpoint.openToAllInternet	Local variable
Wiz JSON Object.applicationEndpoint.validatedOpenPorts	Local variable
Wiz JSON Object.common.creationDate	sourceCreatedDate
Wiz JSON Object.common.status	providerStatus
Wiz JSON Object.common.status	status
Wiz JSON Object.flowLogsEnabled	Local variable
Wiz JSON Object.hasDeployedInstances	Local variable
Wiz JSON Object.isDefault	Local variable

Vulnerability

Table 12: Vulnerability attribute mappings

Source Field Name	Maps to Attribute
ASSETID	targets
ASSETNAME	Local variable
CRITICALRELATEDISSUESCOUNT	Local variable
CVSSSEVERITY	Local variable
DETAILEDNAME	results
DETECTIONMETHOD	Local variable
DESCRIPTION	description
EXPLOITABILITYSCORE	Local variable
FINDINGSTATUS	providerStatus, sourceStatus, status, statusCategory
FIRSTDETECTED	firstFound
FIXEDVERSION	Local variable
HIGHRELATEDISSUESCOUNT	Local variable
ID	uid
IMPACTSCORE	Local variable
INFORELATEDISSUESCOUNT	Local variable
LASTDETECTED	lastFound
LOCATIONPATH	locationPath
LOWRELATEDISSUESCOUNT	Local variable
MEDIUMRELATEDISSUESCOUNT	Local variable
NAME	name
NAME	type
NVDSEVERITY	Local variable
PROVIDERUNIQUEID	Local variable
REMEDIATION	recommendation
RESOLUTIONREASON	Local variable
RESOLVEDAT	lastFixed
SCORE	sourceSeverityScore
SEVERITY	severity, severityScore, sourceSeverity
TYPE	categories
VERSION	Local variable
VENDORSEVERITY	Local variable
WIZURL	Local variable

Vulnerability Definition

Table 13: Vulnerability Definition attribute mappings

Source Field Name	Maps to Attribute
AFFECTEDSOFTWARE	affected
CATEGORIES	categories
CISAKEVDUEDATE	cisaDueDate
CISAKEVRELEASEDATE	cisaAddedDate
CVSSV2.ATTACKCOMPLEXITY	cvssV2AccessComplexity
CVSSV2.ATTACKVECTOR	cvssV2AttackVector
CVSSV2.BASESCORE	cvssV2BaseScore
CVSSV2.CONFIDENTIALITYIMPACT	cvssV2ConfidentialityImpact
CVSSV2.INTEGRITYIMPACT	cvssV2IntegrityImpact
CVSSV2.PRIVILEGESREQUIRED	cvssV2Authentication
CVSSV3.ATTACKCOMPLEXITY	cvssV3AttackComplexity
CVSSV3.ATTACKVECTOR	cvssV3AttackVector
CVSSV3.CONFIDENTIALITYIMPACT	cvssV3ConfidentialityImpact
CVSSV3.INTEGRITYIMPACT	cvssV3IntegrityImpact
CVSSV3.PRIVILEGESREQUIRED	cvssV3PrivilegesRequired
CVSSV3.USERINTERACTIONREQUIRED	cvssV3UserInteraction
DESCRIPTION	description
EPSSPERCENTILE	epssPercentile
EPSSSEVERITY	Local variable
EPSSSCORE	epssScore
EXPLOITABILITY/HASCISAKEVEXPLOIT	exploitability
EXPLOITABILITYSCORE	Local variable
EXTERNALID	externalUids
HASHCISAKEVEXPLOIT	cisaExploited
HIGHPROFILETHREAT	Local variable
ISHIGHPROFILETHREAT	Local variable
NAME	cveIds, cveRecords, name, uid
NVDSEVERITY	Local variable
PUBLISHEDAT	publishedDate
RECOMMENDATION	recommendation
REFERENCES	references
SEVERITY	severity, severityScore, sourceSeverity
SOURCEURL	references
VENDORSEVERITY	Local variable

note

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.

Operation options

The Wiz connector supports the following operation options. See connector operation options for information about how to apply them.

Expand the sections below to view the supported operation options per connector object.

Configuration Finding

Table 14: Configuration Finding operation options

Connector Object	Option	All Possible Values	Description	Example
Configuration Finding	frameworkCategory	Any Wiz framework category ID(s).	A comma-separated list to filter configuration findings by their associated framework category.	Key: `frameworkCategory`, Value: `wct-id-4,wct-id-7`. This key and value combination only retrieves configuration findings for framework categories `wct-id-4` and `wct-id-7`.
	includeDeleted	true or false	Include or exclude deleted configuration findings in the results. Leave the value blank to indicate all findings.	Key: `includeDeleted`, Value: `false`. This key and value combination excludes deleted configuration findings from the results.
	ruleName	Any string identifying a rule name.	A comma-separated list to filter configuration findings by the specified rule names.	Key: `ruleName`, Value: `ruleName1`,`ruleName2`. This key and value combination only retrieves findings related to the `ruleName1` and `ruleName2` rules.
	resourceType	Any string identifying a resource type.	A comma-separated list to filter configuration findings by the specified resource type.	Key: `resourceType`, Value: `type1`,`type2`. This key and value combination only retrieves configuration findings for resources of type `Server`.
	result	ERROR, FAIL, NOT_ASSESSED, PASSED	A comma-separated list to filter configuration findings based on their result status. Leave the value blank to indicate all result statuses.	Key: `result`, Value: `ERROR`,`FAIL`. This key and value combination only retrieves findings with an `ERROR` or `FAIL` result status.
	severity	NONE, LOW, MEDIUM, HIGH, CRITICAL	A comma-separated list to filter configuration findings based on severity.	Key: `severity`, Value: `HIGH`,`CRITICAL`. This key and value combination only retrieves findings with a severity of `HIGH` or `CRITICAL`.
	status	OPEN, RESOLVED, REJECTED	A comma-separated list to filter configuration findings by their status.	Key: `status`, Value: `OPEN`,`REJECTED`. This key and value combination only retrieves findings that are in the `OPEN` or `REJECTED` status.

Control

Table 15: Control operation options

Connector Object	Option	All Possible Values	Description	Example
Control	frameworkCategory	Any Wiz framework category ID(s).	A comma-separated list to filter controls by their associated framework category.	Key: `frameworkCategory`, Value: `wct-id-4,wct-id-7`. This key and value combination only retrieves controls for framework categories `wct-id-4` and `wct-id-7`.
	includeDeleted	true or false	Include or exclude deleted controls in the results. Leave the value blank to indicate all controls.	Key: `includeDeleted`, Value: `false`. This key and value combination excludes deleted controls from the results.
	resourceType	Any string identifying a resource type.	A comma-separated list to filter controls by the specified resource type.	Key: `resourceType`, Value: `type1`,`type2`. This key and value combination only retrieves controls for resources of type `Server`.
	ruleName	Any string identifying a rule name.	A comma-separated list to filter controls by the specified rule names.	Key: `ruleName`, Value: `ruleName1`,`ruleName2`. This key and value combination only retrieves controls related to the `ruleName1` and `ruleName2` rules.
	result	ERROR, FAIL, NOT_ASSESSED, PASSED	A comma-separated list to filter controls based on their result status. Leave the value blank to indicate all result statuses.	Key: `result`, Value: `ERROR`,`FAIL`. This key and value combination only retrieves controls with an `ERROR` or `FAIL` result status.
	severity	NONE, LOW, MEDIUM, HIGH, CRITICAL	A comma-separated list to filter controls based on severity.	Key: `severity`, Value: `HIGH`,`CRITICAL`. This key and value combination only retrieves controls with a severity of `HIGH` or `CRITICAL`.
	status	OPEN, RESOLVED, REJECTED	A comma-separated list to filter controls by their status.	Key: `status`, Value: `OPEN`,`REJECTED`. This key and value combination only retrieves controls that are in the `OPEN` or `REJECTED` status.

Issue & Issue Definition

Table 16: Issue and Issue Definition operation options

Connector Object	Option	All Possible Values	Description	Example
Issue, Issue Definition	frameworkCategory	Any Wiz framework category ID(s).	A comma-separated list to filter issues by their associated framework category.	Key: `frameworkCategory`, Value: `wct-id-4,wct-id-7`. This key and value combination only retrieves issues for framework categories `wct-id-4` and `wct-id-7`.
Issue, Issue Definition	hasAutoRemediation	true or false	Filter issues with or without auto remediation.	Key: `hasAutoRemediation` Value: `true`. This key and value combination only retrieves issues with auto remediation.
Issue, Issue Definition	hasRemediation	true or false	Filter issues with or without remediation.	Key: `hasRemediation` Value: `false`. This key and value combination only retrieves issues without a remediation.
Issue, Issue Definition	hasServiceTicket	true or false	Filter issues with or without a related service ticket.	Key: `hasServiceTicket` Value: `true`. This key and value combination only retrieves issues with related service tickets.
Issue, Issue Definition	projectId	Any project ID(s).	Filter issues associated with the specified project ID. Leave the value blank to indicate all project IDs.	Key: `projectId` Value: `1234`. This key and value combination only retrieves issues for project ID `1234`.
Issue, Issue Definition	resolutionReason	CONTROL_CHANGED, CONTROL_DISABLED, CONTROL_DELETED, EXCEPTION, FALSE_POSITIVE, ISSUE_FIXED, OBJECT_DELETED, WONT_FIX	A comma-separated list to filter issues by resolution reason. Leave the value blank to indicate all resolution reasons.	Key: `resolutionReason` Value: `FALSE_POSITIVE`. This key and value combination only retrieves issues that are false positives.
Issue, Issue Definition	severity	CRITICAL, HIGH, INFORMATIONAL, LOW, MEDIUM	A comma-separated list to filter issues based on severity. Leave the value blank to indicate all severities.	Key: `severity` Value: `LOW, MEDIUM`. This key and value combination only retrieves issues of low or medium severity.
Issue, Issue Definition	stackLayer	APPLICATION_AND_DATA, CI_CD, CLOUD_ENTITLEMENTS, CODE, COMPUTE_PLATFORMS, DATA_STORES, SECURITY_AND_IDENTITY	A comma-separated list to filter issues from a specified stack layer. Leave the value blank to indicate all stack layers.	Key: `stackLayer` Value: ``. This key and value combination retrieves issues from all stack layers.
Issue, Issue Definition	status	IN_PROGRESS, OPEN, REJECTED, RESOLVED	A comma-separated list to filter issues by their status. Leave the value blank to indicate all statuses.	Key: `status` Value: `OPEN`. This key and value combination only retrieves open issues.
Issue	type	CLOUD_CONFIGURATION, THREAT_DETECTION, TOXIC_COMBINATION	A comma-separated list of issue types. You can use this option to filter issues by their issue type, as determined by Wiz.	Key: `type` Value: `THREAT_DETECTION`,`TOXIC_COMBINATION`. This key and value combination only retrieves issues with the specified type.

Vulnerability

Table 17: Vulnerability operation options

Connector Object	Option	All Possible Values	Description	Example
Vulnerability	assetHasAdminPrivileges	true or false	Filter vulnerabilities for assets with or without admin privileges.	Key: `assetHasAdminPrivileges` Value: `true`. This key and value combination only retrieves vulnerabilities for assets with admin privileges.
	assetHasHighPrivileges	true or false	Filter vulnerabilities for assets with or without high privileges.	Key: `assetHasHighPrivileges`, Value: `false`. This key and value combination only retrieves vulnerabilities for assets without high privileges.
	assetId	Any Wiz asset ID(s).	A comma-separated list to filter vulnerabilities by the asset ID. Leave the value blank to indicate all asset IDs.	Key: `assetId`, Value: `1234,5678`. This key and value combination only retrieves vulnerabilities for asset IDs `1234` and `5678`.
	assetStatus	Active, Error, Inactive	A comma-separated list to filter vulnerabilities for assets with the specified status. Leave the value blank to indicate all asset statuses.	Key: `assetStatus`, Value: `Active,Error`. This key and value combination only retrieves vulnerabilities from assets with statuses `Active` and `Error`.
	assetType	CONTAINER, CONTAINER_IMAGE, SERVERLESS, VIRTUAL_MACHINE	A comma-separated list to filter vulnerabilities by the asset type. Leave the value blank to indicate all asset types.	Key: `assetType`, Value: `CONTAINER,SERVERLESS`. This key and value combination only retrieves vulnerabilities for the asset types `CONTAINER` and `SERVERLESS`.
	baseContainerImage	Any string identifying a base container image.	A comma-separated list to filter vulnerabilities by their base container image.	Key: `baseContainerImage`, Value: `ubuntu:latest,alpine:3.15`. This key and value combination only retrieves vulnerabilities for the base container images `ubuntu:latest` and `alpine:3.15`.
	cnaScore	Any numeric value from 0.1-10.0	Retrieve all vulnerabilities with a CVE Numbering Authority (CNA) score of the specified value or higher.	Key: `cnaScore`, Value: `7.5`. This key and value combination only retrieves vulnerabilities with a CNA score of `7.5` or higher.
	cloudPlatforms	Any string identifying a cloud platform.	A comma-separated list to filter vulnerabilities by their associated cloud platform.	Key: `cloudPlatforms`, Value: `AWS,Azure`. This key and value combination only retrieves vulnerabilities for the cloud platforms `AWS` and `Azure`.
	containerRegistry	Any name identifying a container registry.	A comma-separated list to filter vulnerabilities associated with the specified container registry.	Key: `containerRegistry`, Value: `ECR,GCR`. This key and value combination only retrieves vulnerabilities related to the container registries `ECR` and `GCR`.
	containerRepository	Any name identifying a container repository.	A comma-separated list to filter vulnerabilities associated with the specified container repository.	Key: `containerRepository`, Value: `Azure Container Repository,Docker Hub`. This key and value combination only retrieves vulnerabilities in the repositories `Azure Container Repository` and `Docker Hub`.
	containerServiceId	Any string identifying a container service ID.	A comma-separated list to filter vulnerabilities by their associated container service ID.	Key: `containerServiceId`, Value: `service-123,service-456`. This key and value combination only retrieves vulnerabilities for the container service IDs `service-123` and `service-456`.
	detailedName	Any string identifying a detailed name.	A comma-separated list to filter vulnerabilities by their detailed name.	Key: `detailedName`, Value: `Critical Vulnerability,High Risk`. This key and value combination only retrieves vulnerabilities with the detailed names `Critical Vulnerability` and `High Risk`.
	detectionMethod	DEFAULT_PACKAGE, FILE_PATH, INSTALLED_PROGRAM, INSTALLED_PROGRAM_BY_SERVICE, LIBRARY, OS, PACKAGE	A comma-separated list to filter vulnerabilities found by the specified detection method. Leave the value blank to indicate all detection methods.	Key: `detectionMethod`, Value: `FILE_PATH,PACKAGE`. This key and value combination only retrieves vulnerabilities detected through `FILE_PATH` and `PACKAGE`.
	effectiveAttackVector	Any string identifying an attack vector.	A comma-separated list to filter vulnerabilities by their effective attack vector.	Key: `effectiveAttackVector`, Value: `NETWORK,PHYSICAL`. This key and value combination only retrieves vulnerabilities with the effective attack vectors `NETWORK` and `PHYSICAL`.
	hasCisaKevExploit	true or false	Filter vulnerabilities with or without an available Cybersecurity & Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) exploit.	Key: `hasCisaKevExploit`, Value: `true`. This key and value combination only retrieves vulnerabilities with a CISA KEV exploit.
	hasExploit	true or false	Filter vulnerabilities with or without an available exploit.	Key: `hasExploit`, Value: `false`. This key and value combination only retrieves vulnerabilities without an exploit.
	hasFix	true or false	Filter vulnerabilities with or without an available fix.	Key: `hasFix`, Value: `true`. This key and value combination only retrieves vulnerabilities with a fix.
	hasTriggerableRemediation	true or false	Filter vulnerabilities by whether they have triggerable remediation.	Key: `hasTriggerableRemediation`, Value: `true`. This key and value combination only retrieves vulnerabilities with triggerable remediation.
	isAssetAccessibleFromInternet	true or false	Filter vulnerabilities for assets by whether the associated asset is accessible from the internet, as determined by Wiz.	Key: `isAssetAccessibleFromInternet`, Value: `true`. This key and value combination only retrieves vulnerabilities for assets accessible from the internet.
	isAssetOpenToAllInternet	true or false	Filter vulnerabilities for assets by whether they are publicly accessible over the internet.	Key: `isAssetOpenToAllInternet`, Value: `true`. This key and value combination only retrieves vulnerabilities for assets publicly accessible over the internet.
	isBaseLayer	true or false	Filter vulnerabilities for container images by whether they are attributed to a base image.	Key: `isBaseLayer`, Value: `false`. This key and value combination only retrieves vulnerabilities for container images not attributed to a base image.
	isEndOfLife	true or false	Filter vulnerabilities by whether the associated asset is end-of-life.	Key: `isEndOfLife`, Value: `true`. This key and value combination only retrieves vulnerabilities for end-of-life assets.
	isOperatingSystemEndOfLife	true or false	Filter vulnerabilities by whether the associated operating system is end-of-life.	Key: `isOperatingSystemEndOfLife`, Value: `true`. This key and value combination only retrieves vulnerabilities for end-of-life operating systems.
	isScannedFromRegistry	true or false	Filter vulnerabilities by whether they are scanned from a container registry.	Key: `isScannedFromRegistry`, Value: `true`. This key and value combination only retrieves vulnerabilities scanned from a container registry.
	isScannedFromWorkload	true or false	Filter vulnerabilities by whether they are scanned from a workload.	Key: `isScannedFromWorkload`, Value: `true`. This key and value combination only retrieves vulnerabilities scanned from a workload.
	nvdSeverity	NONE, LOW, MEDIUM, HIGH, CRITICAL	A comma-separated list to filter vulnerabilities by their NVD severity.	Key: `nvdSeverity`, Value: `HIGH,CRITICAL`. This key and value combination only retrieves vulnerabilities with NVD severities `HIGH` and `CRITICAL`.
	projectId	Any Wiz project ID(s).	A comma-separated list to filter vulnerabilities associated with the specified project ID(s). Leave the value blank to indicate all project IDs.	Key: `projectId`, Value: `1234,5678`. This key and value combination only retrieves vulnerabilities for project IDs `1234` and `5678`.
	relatedIssueSeverity	NONE, LOW, MEDIUM, HIGH, CRITICAL	A comma-separated list to filter vulnerabilities by the severity of related issues.	Key: `relatedIssueSeverity`, Value: `CRITICAL,HIGH`. This key and value combination only retrieves vulnerabilities with related issues of severities `CRITICAL` and `HIGH`.
	reportName	Any name identifying a report.	Filter vulnerabilities matching the specified report name.	Key: `reportName`, Value: `Report A,Report B`. This key and value combination only retrieves vulnerabilities from the reports `Report A` and `Report B`.
	score	Any numeric value from 0.1-10.0	Retrieve all vulnerabilities with a CVSS3 (Common Vulnerability Scoring System) score of the specified value or higher.	Key: `score`, Value: `8.0`. This key and value combination only retrieves vulnerabilities with a CVSS3 score of `8.0` or higher.
	severity	NONE, LOW, MEDIUM, HIGH, CRITICAL	A comma-separated list to filter vulnerabilities by their severity.	Key: `severity`, Value: `HIGH,CRITICAL`. This key and value combination only retrieves vulnerabilities with severities `HIGH` and `CRITICAL`.
	status	OPEN, REJECTED, RESOLVED	A comma-separated list to filter vulnerabilities by their status.	Key: `status`, Value: `OPEN,RESOLVED`. This key and value combination only retrieves vulnerabilities with statuses `OPEN` and `RESOLVED`.
	subscriptionExternalId	AWS Account, Azure Subscription, GCP Project, OCI Compartment	A comma-separated list to filter vulnerabilities by their associated external subscription ID.	Key: `subscriptionExternalId`, Value: `AWS Account,Azure Subscription`. This key and value combination only retrieves vulnerabilities associated with the external subscription IDs `AWS Account` and `Azure Subscription`.
	validatedInRuntime	true or false	Filter vulnerabilities by whether they have been validated in runtime.	Key: `validatedInRuntime`, Value: `true`. This key and value combination only retrieves vulnerabilities validated in runtime.
	vcsRepositoryId	Any string identifying a VCS repository ID.	A comma-separated list to filter vulnerabilities by their associated VCS repository ID.	Key: `vcsRepositoryId`, Value: `repo-123,repo-456`. This key and value combination only retrieves vulnerabilities for the VCS repository IDs `repo-123` and `repo-456`.
	vendorScore	Any numeric value from 0.1-10.0	Retrieve all vulnerabilities with a vendor score of the specified value or higher.	Key: `vendorScore`, Value: `8.0`. This key and value combination only retrieves vulnerabilities with a vendor score of `8.0` or higher.
	vendorSeverity	NONE, LOW, MEDIUM, HIGH, CRITICAL	A comma-separated list to filter vulnerabilities by their vendor severity.	Key: `vendorSeverity`, Value: `HIGH,CRITICAL`. This key and value combination only retrieves vulnerabilities with vendor severities `HIGH` and `CRITICAL`.
	vulnerabilityExternalId	Any CVE ID(s)	A comma-separated list of CVE IDs to filter vulnerabilities by their associated CVE ID.	Key: `vulnerabilityExternalId`, Value: `CVE-2023-12345,CVE-2023-44487`. This key and value combination only retrieves vulnerabilities with the CVE IDs `CVE-2023-12345` and `CVE-2023-44487`.
	vulnerabilityId	Any Wiz vulnerability ID(s).	A comma-separated list to filter vulnerabilities by their vulnerability ID.	Key: `vulnerabilityId`, Value: `vuln-123,vuln-456`. This key and value combination only retrieves vulnerabilities with the vulnerability IDs `vuln-123` and `vuln-456`.
	weightedSeverity	NONE, LOW, MEDIUM, HIGH, CRITICAL	A comma-separated list to filter vulnerabilities by their weighted severity.	Key: `weightedSeverity`, Value: `MEDIUM,HIGH`. This key and value combination only retrieves vulnerabilities with weighted severities

Vulnerability Definition

Table 18: Vulnerability Definition operation options

Connector Object	Option	All Possible Values	Description	Example
Vulnerability Definition	assetHasAdminPrivileges	true or false	Filter vulnerability definitions for assets with or without admin privileges.	Key: `assetHasAdminPrivileges`, Value: `true`. This key and value combination only retrieves vulnerability definitions for assets with admin privileges.
	assetHasHighPrivileges	true or false	Filter vulnerability definitions for assets with or without high privileges.	Key: `assetHasHighPrivileges`, Value: `false`. This key and value combination only retrieves vulnerability definitions for assets without high privileges.
	assetId	Any Wiz asset ID(s).	A comma-separated list of asset ID(s) to filter vulnerability definitions by the asset ID(s). Leave the value blank to indicate all asset IDs.	Key: `assetId`, Value: `1234`. This key and value combination only retrieves vulnerability definitions for asset ID `1234`.
	assetStatus	Active, Error, Inactive	A comma-separated list to filter vulnerability definitions for assets with the specified status. Leave the value blank to indicate all asset statuses.	Key: `assetStatus`, Value: `Active`. This key and value combination only retrieves vulnerability definitions from active assets.
	assetType	CONTAINER, CONTAINER_IMAGE, SERVERLESS, VIRTUAL_MACHINE	A comma-separated list to filter vulnerability definitions by the asset type. Leave the value blank to indicate all asset types.	Key: `assetType`, Value: `CONTAINER, SERVERLESS`. This key and value combination only retrieves vulnerability definitions for the `CONTAINER` and `SERVERLESS` asset type.
	containerRegistry	Any name identifying a container registry.	Filter vulnerability definitions associated with the specified container registry.	Key: `containerRegistry`, Value: `ECR`. This key and value combination only retrieves vulnerability definitions related to the AWS Elastic Container Registry (ECR).
	containerRepository	Any name identifying a container repository.	Filter vulnerability definitions associated with the specified container repository.	Key: `containerRepository`, Value: `Azure Container Repository`. This key and value combination only retrieves vulnerability definitions in the Azure Container Repository.
	detectionMethod	DEFAULT_PACKAGE, FILE_PATH, INSTALLED_PROGRAM, INSTALLED_PROGRAM_BY_SERVICE, LIBRARY, OS, PACKAGE	A comma-separated list to filter vulnerability definitions found by the specified detection method. Leave the value blank to indicate all detection methods.	Key: `detectionMethod`, Value: `FILE_PATH`. This key and value combination only retrieves vulnerability definitions detected through file paths.
	hasCisaKevExploit	true or false	Filter vulnerability definitions with or without an available Cybersecurity & Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) exploit.	Key: `hasCisaKevExploit`, Value: `true`. This key and value combination only retrieves vulnerability definitions with a CISA KEV exploit.
	hasExploit	true or false	Filter vulnerability definitions with or without an available exploit.	Key: `hasExploit`, Value: `false`. This key and value combination only retrieves vulnerability definitions without an exploit.
	hasFix	true or false	Filter vulnerability definitions with or without an available fix.	Key: `hasFix`, Value: `true`. This key and value combination only retrieves vulnerability definitions with a fix.
	isAssetAccessibleFromInternet	true or false	Filter vulnerability definitions for assets by whether the associated asset is accessible from the internet, as determined by Wiz.	Key: `isAssetAccessibleFromInternet` Value: `true`. This key and value combination only retrieves vulnerability definitions for assets that are accessible from the internet.
	isAssetOpenToAllInternet	true or false	Filter vulnerability definitions for assets by whether they are publicly accessible over the internet.	Key: `isAssetOpenToAllInternet`, Value: `true`. This key and value combination only retrieves vulnerability definitions for assets that are accessible over the internet.
	isBaseLayer	true or false	Filter vulnerability definitions for container images by whether they are attributed to a base image.	Key: `isBaseLayer`, Value: `false`. This key and value combination only retrieves vulnerability definitions for container images that aren't attributed to a base image.
	isScannedFromRegistry	true or false	Filter vulnerability definitions by whether they are scanned from a container registry.	Key: `isScannedFromRegistry`, Value: `true`. This key and value combination only retrieves vulnerability definitions scanned from a container registry.
	projectId	Any Wiz project ID(s).	Filter vulnerability definitions associated with the specified project ID. Leave the value blank to indicate all project IDs.	Key: `projectId`, Value: `1234`. This key and value combination only retrieves vulnerability definitions for project ID `1234`.
	reportName	Any name identifying a report.	Filter vulnerability definitions matching the specified report name.	Key: `reportName`, Value: `Report A`. This key and value combination only retrieves vulnerability definitions from `Report A`.
	status	OPEN, REJECTED, RESOLVED	A comma-separated list to filter vulnerability definitions by their status. Leave the value blank to indicate all statuses.	Key: `status`, Value: `RESOLVED`. This key and value combination only retrieves resolved vulnerability definitions.
	subscriptionExternalId	AWS Account, Azure Subscription, GCP Project, OCI Compartment	A comma-separated list to filter vulnerability definitions by their associated external subscription ID. Leave the value blank to indicate all external subscription IDs.	Key: `subscriptionExternalId`, Value: `AWS Account`. This key and value combination only retrieves vulnerability definitions associated with the AWS Account.
	validatedInRuntime	true or false	Filter vulnerability definitions by whether they have been validated in runtime.	Key: `validatedInRuntime`, Value: `true`. This key and value combination only retrieves vulnerability definitions that have been validated in runtime.
	vendorSeverity	NONE, LOW, MEDIUM, HIGH, CRITICAL	A comma-separated list to filter vulnerability definitions by their vendor severity. Leave the value blank to indicate all vendor severities.	Key: `vendorSeverity`, Value: `HIGH`. This key and value combination only retrieves vulnerability definitions deemed high severity by the vendor.

Wiz operation options

The Wiz connector operation options were developed in collaboration with Wiz and adheres to their supported API filters. If you require an operation option that isn’t listed in the above tables, please refer to the Wiz API documentation, or contact your Wiz Support team. They can coordinate with Brinqa Support to determine whether the Wiz API supports the request and whether it can be added to the connector.

note

The option keys and possible values are case-sensitive as they are shown in this documentation.

APIs

The Wiz connector uses the Wiz API. Specifically, it executes the following GraphQL queries to retrieve data:

Table 19: Wiz API GraphQL queries

Connector Object	GraphQL Query
Backup Service	Reports GraphQL queries
Bucket	Reports GraphQL queries
CI/CD Service	Reports GraphQL queries
Compute Instance Group	Reports GraphQL queries
Configuration Finding	Cloud Configuration Findings GraphQL queries
Container	Reports GraphQL queries
Container Image	Reports GraphQL queries
Container Registry	Reports GraphQL queries
Container Service	Reports GraphQL queries
Control	Cloud Configuration Findings GraphQL queries
Daemon Set	Reports GraphQL queries
Database Server	Reports GraphQL queries
Deployment	Reports GraphQL queries
Encryption Key	Reports GraphQL queries
File System Service	Reports GraphQL queries
Firewall	Reports GraphQL queries
Issue	Issue GraphQL queries
Issue Definition	Issue GraphQL queries
Kubernetes Cluster	Reports GraphQL queries
Raw Access Policy	Reports GraphQL queries
Resource Group	Reports GraphQL queries
Serverless	Reports GraphQL queries
Storage Account	Reports GraphQL queries
Subscription	Reports GraphQL queries
Virtual Machine	Reports GraphQL queries
Virtual Machine Image	Reports GraphQL queries
Virtual Network	Reports GraphQL queries
Vulnerability	Reports GraphQL queries Vulnerability GraphQL query
Vulnerability Definition	Reports GraphQL queries Vulnerability GraphQL query Vulnerability Definition GraphQL query
Web Service	Reports GraphQL queries

Cloud Configuration Finding queries

Click to expand

The following query retrieves information about cloud configuration findings:

query CloudConfigurationFindingsPage($filterBy: ConfigurationFindingFilters, $first: Int, $after: String, $orderBy: ConfigurationFindingOrder) {  
  page: configurationFindings(filterBy: $filterBy, first: $first, after: $after, orderBy: $orderBy) {  
    nodes {  
      id  
      targetExternalId  
      deleted  
      targetObjectProviderUniqueId  
      firstSeenAt  
      severity  
      result  
      status  
      remediation  
      resource {  
        id  
        providerId  
        name  
        nativeType  
        type  
        region  
        subscription {  
          id  
          name  
          externalId  
          cloudProvider  
        }  
        projects {  
          id  
          name  
          riskProfile {  
            businessImpact  
          }  
        }  
        tags {  
          key  
          value  
        }  
      }  
      rule {  
        id  
        graphId  
        name  
        description  
        remediationInstructions  
        functionAsControl  
      }  
      securitySubCategories {  
        id  
        title  
        category {  
          id  
          name  
          framework {  
            id  
            name  
          }  
        }  
      }  
      ignoreRules {  
        id  
        name  
        enabled  
        expiredAt  
      }  
    }  
    pageInfo {  
      hasNextPage  
      endCursor  
    }  
  }  
}

Issue GraphQL queries

Click to expand

The following query retrieves information about issue and issue definition:

query issueFindings($filterBy: IssueFilters, $first: Int, $after: String $orderBy: IssueOrder) {  
  page: issuesV2(filterBy: $filterBy, first: $first, after: $after, orderBy: $orderBy) {  
    nodes {  
      id  
      status  
      severity  
      type  
      openReason  
      resolutionReason  
      suggestions  
      resolvedAt  
      createdAt  
      updatedAt  
      dueAt  
      statusChangedAt  
      rejectionExpiredAt  
      sourceRule {  
        __typename  
        ... on Control {  
          id  
          name  
          description  
          severity  
          resolutionRecommendation  
          securitySubCategories {  
            id  
            title  
            category {  
              id  
              name  
              framework {  
                id  
                name  
              }  
            }  
          }  
        }  
        ... on CloudEventRule {  
          id  
          name  
          description  
          sourceType  
          type  
          cloudEventRuleSeverity: severity  
          securitySubCategories {  
            id  
            title  
            category {  
              id  
              name  
              framework {  
                id  
                name  
              }  
            }  
          }  
        }  
        ... on CloudConfigurationRule {  
          id  
          name  
          description  
          remediationInstructions  
          serviceType  
          severity  
          securitySubCategories {  
            id  
            title  
            category {  
              id  
              name  
              framework {  
                id  
                name  
              }  
            }  
          }  
        }  
      }  
      entity: entitySnapshot {  
        id  
        type  
        nativeType  
        name  
        status  
        cloudPlatform  
        cloudProviderURL  
        providerId  
        region  
        resourceGroupExternalId  
        subscriptionExternalId  
        subscriptionName  
        subscriptionTags  
        tags  
        externalId  
      }  
      projects {  
        id  
        name  
        description  
        slug  
        businessUnit  
        riskProfile {  
          businessImpact  
        }  
      }  
      serviceTickets {  
        id  
        externalId  
        name  
        url  
      }  
      notes {  
        id  
        createdAt  
        updatedAt  
        text  
        user {  
          id  
          name  
          email  
        }  
        serviceAccount {  
          id  
          name  
          type  
        }  
      }  
    }  
    pageInfo {  
      hasNextPage  
      endCursor  
    }  
  }  
}

Reports GraphQL queries

Click to expand

The first query retrieves data for the Backup Service, Bucket, CI/CD Service, Compute Instance Group, Container, ContainerImage, Container Registry, Container Service, Daemon Set, Database Server, Deployment, Encryption Key, File System Service, Firewall, Kubernetes Cluster, Raw Access Policy, Resource Group, Serverless, Storage Account, Subscription, Virtual Machine Image, Virtual Network, Vulnerability, Vulnerability Definition, or Web Service connector objects from the reports endpoint. The rest of the queries create a report and generates the URL to download the report:

query ReportsSearch($filterBy: ReportFilters, $first: Int, $after: String) {
  page: reports(first: $first, after: $after, filterBy: $filterBy) {
    nodes {
      id
      name
      createdBy {
        id
        email
      }
      lastRun {
        id
        runAt
      }
      lastSuccessfulRun {
        id
        runAt
      }
      type {
        id
        name
      }
    }
    pageInfo {
      hasNextPage
      endCursor
    }
  }
}

mutation CreateReport($input: CreateReportInput!) { 
  operation: createReport(input: $input) { 
    node: report { 
      id 
    } 
  } 
} 

mutation RerunReport($reportId: ID!) { 
  operation: rerunReport(input: {id: $reportId}) { 
    node: report { 
      id 
    } 
  } 
}

query ReportDownloadUrl($reportId: ID!) { 
  node: report(id: $reportId) { 
    id
    name 
    lastRun { 
      id 
      url 
      status 
    } 
  } 
}

Vulnerability GraphQL query

Click to expand

The following query retrieves information about vulnerabilities:

query vulnerabilityFindings($filterBy: VulnerabilityFindingFilters, $first: Int, $after: String) {  
  page: vulnerabilityFindings(filterBy: $filterBy, first: $first, after: $after) {  
    nodes {  
      id  
      name  
      detailedName  
      CVEDescription  
      CVSSSeverity  
      vendorSeverity  
      score  
      exploitabilityScore  
      impactScore  
      description  
      remediation  
      link  
      locationPath  
      detectionMethod  
      version  
      fixedVersion  
      portalUrl  
      firstDetectedAt  
      lastDetectedAt    
      vulnerableAsset {  
        ... on VulnerableAssetBase {  
          id
          providerUniqueId
          type
          name  
        }
      }  
    }  
    pageInfo {  
      hasNextPage  
      endCursor  
    }  
    totalCount  
  }  
}

Vulnerability Definition GraphQL query

Click to expand

The following query retrieves information about vulnerability definition:

query VulnerabilityDefinitions($filterBy: VulnerabilityFilters, $first: Int, $after: String) { 
  page: vulnerabilities(filterBy: $filterBy, first: $first, after: $after) { 
    nodes { 
      affectedTechnologies { 
        id 
        name 
      } 
      baseScore 
      cisaKevDueDate 
      cisaKevReleaseDate 
      cvssv2 { 
        attackComplexity 
        attackVector 
        confidentialityImpact 
        integrityImpact 
        privilegesRequired 
        userInteractionRequired 
      } 
      cvssv3 { 
        attackComplexity 
        attackVector 
        confidentialityImpact 
        integrityImpact 
        privilegesRequired 
        userInteractionRequired 
      } 
      description 
      exploitabilityScore 
      exploitable 
      externalId 
      hasCisaKevExploit 
      id 
      name 
      publishedAt 
      severity 
      sourceFeeds { 
        id 
        name 
        url 
      } 
      sourceUrl    
    }
    pageInfo { 
      endCursor 
      hasNextPage 
    } 
    totalCount 
  } 
} 

Changelog

The Wiz connector has undergone the following changes:

Table 20: Wiz connector changelog

Version	Description	Date Published
3.3.14	Added a new additional setting to make the report timeout configurable: Report timeout	July 31st, 2025
3.3.13	Added the ENTITY_EXTERNAL_ID, ENTITY_ID, ENTITY_NAME, ENTITY_STATUS, ENTITY_TYPE, SUBSCRIPTION_EXTERNAL_ID, and SUBSCRIPTION_ID attributes to the Issue object.	July 30th, 2025
3.3.12	Added the ASSET_HAS_LIMITED_INTERNET_EXPOSURE and ASSET_HAS_WIDE_INTERNET_EXPOSURE attributes to the Vulnerability object.	June 11th, 2025
3.3.11	- Fixed an issue where dates were appearing in the future due to the date parser not handling nanoseconds correctly. As a result, the date parser has been updated to accurately reflect the source data from Wiz. - Added the NAMESPACE_EXTERNAL_ID attribute to the Container object. - Code cleanup and general maintenance.	May 20th, 2025
3.3.8	Updated the schema to include the CLUSTER_EXTERNAL_ID and CLUSTER_NAME attributes on the Container object. This change ensures that the attributes are recognized by the Brinqa Platform and properly ingested.	April 29th, 2025
3.3.7	- Added the ADDITIONAL_IDS attribute to the API Gateway object. - Added the CLUSTER_EXTERNAL_ID and CLUSTER_NAME attributes to the Container object to support Kubernetes context.	April 16th, 2025
3.3.6	- Added a new operation option for the Issue object to filter by issue type: `type`. - Added the CATEGORIES attribute to the Issue object. - Added support for ticketing information from Wiz to help prevent duplicate ticket creation and improve issue tracking. As a result, the following attributes were added to the Issue object: TICKET_EXTERNAL_ID TICKET_ID TICKET_NAME TICKET_URL	March 11th, 2025
3.3.5	Fixed an issue where the TARGETS attribute on the Vulnerability object included empty string values. The connector now prevents empty values from being added to the targets list.	February 19th, 2025
3.3.4	Fixed an issue where configuration findings were not correctly associating with assets. The connector now imports RESOURCE_EXTERNAL_ID and RESOURCE_PROVIDER_ID on the Configuration Finding object to establish proper relationships between findings and their associated assets.	February 12th, 2025
3.3.3	Fixed an issue where the connector was incorrectly mapping IP addresses and private DNS names to both the IP_ADDRESSES and PRIVATE_IP_ADDRESSES attributes on the Virtual Machine object. The connector now properly distinguishes between these attributes.	February 6th, 2025
3.3.2	- The Configuration Finding object is no longer required and now maps to Violation. - Added the RECOMMENDATION, TARGETS, and TYPE attributes to the Configuration Finding object.	January 15th, 2025
3.3.1	The connector now retrieves the Configuration Finding object from Wiz.	January 7th, 2025
3.3.0	Replaced the deprecated `vulnerabilityParams.type` attribute on the Vulnerability object with `columnSelection` to support Wiz's updated export behavior. This improves CSV parsing by no longer relying on the `Content-Length` header, which may be `0` even when data is present.	December 24th, 2024
3.2.6	The connector now retrieves the Secret Container object from Wiz.	December 6th, 2024
3.2.5	Fixed an issue where attributes from Wiz were not being mapped correctly to the Host data model. To support out-of-the-box relationships between Hosts and Container Images, the connector now maps the EXTERNAL_ID attribute to the SOURCE_UIDS attribute.	December 3rd, 2024
3.2.4	Added the NAME attribute to the Vulnerability Definition object.	November 14th, 2024
3.2.3	Code cleanup and general maintenance to help improve error handling.	November 13th, 2024
3.2.2	Fixed an issue where the Issue and Issue Definition object syncs were failing.	November 13th, 2024
3.2.1	Fixed an issue where the Resource Group and Storage Account object syncs were failing due to an "Empty header line: cannot bind data" error.	November 11th, 2024
3.2.0	Enhanced the Vulnerability object sync process to improve efficiency by using regular reports with the `updateAt` date filter, as recommended by Wiz. The Wiz connector now retrieves all vulnerabilities with detection support via the GraphQL API, rather than creating vulnerability definitions from vulnerability data.	November 1st, 2024
3.1.18	Code cleanup and maintenance.	October 2nd, 2024
3.1.17	- Fixed an issue where the Issue and Issue Definition object syncs were failing. - Added the SOURCE_SEVERITY_SCORE attribute to the Vulnerability object. - Code cleanup and maintenance.	October 2nd, 2024
3.1.16	- Added remediation instructions to the Issue Definition object. - Addressed a potential NullPointerException (NPE) on the Issue object.	September 25th, 2024
3.1.15	Enhanced the method for retrieving vulnerability status by splitting "New" from "Active" status. The Wiz connector now uses the FIRST_SEEN_AT filter for "New" vulnerabilities and the UPDATED_AT filter for "Active" vulnerabilities to ensure more accurate reporting.	July 22nd, 2024
3.1.14	Added the IS_CONTAINER_HOST attribute to the Virtual Machine object.	June 14th, 2024
3.1.13	Code cleanup and general maintenance.	May 21st, 2024
3.1.12	Fixed an issue where the CVSS_V2_BASE_SCORE and CVSS_V3_BASE_SCORE attributes on the Vulnerability Definition object were not populating.	April 11th, 2024
3.1.11	Revised the logic of getting asset type information from the source data.	February 22nd, 2024
3.1.10	- Updated to fetch `vmId` as the Instance ID for Azure assets. - Switched the order of adding attributes to allow native or specific attributes to take higher precedence. - Updated dependencies.	February 5th, 2024
3.1.9	- Fixed an issue where an `Empty header line` error occurred when reports returned by Wiz were empty. - Fixed an issue related to the `Missing 1 header column: ["uid"]` error.	January 30th, 2024
3.1.8	Added a new additional setting to help manage API throttling: Maximum retries	October 28th, 2023
3.1.7	- Updated to the new Wiz logo. - Enhanced handling for missing UID in objects retrieved from Wiz.	September 19th, 2023
3.1.6	Code cleanup and general maintenance.	September 14th, 2023
3.1.5	Code cleanup and general maintenance.	September 7th, 2023
3.1.4	- The connector now retrieves the image name for Container Image objects. - The connector now maps the provider ID to the TARGETS attribute on the Issue object.	July 26th, 2023
3.1.3	Code cleanup and general maintenance.	July 21st, 2023
3.1.2	Fixed an issue where Targets were not being received for Vulnerabilities with Container Image assets.	July 10th, 2023
3.1.1	The connector now retrieves the Database Server, Issue, and Issue Definition objects from Wiz.	June 15th, 2023
3.1.0	Initial Integration+ release.	June 14th, 2023

Required connection settings​

Obtain the client ID and client secret from Wiz​

Additional settings​

Types of data to retrieve​

Attribute mappings​

Operation options​

APIs​

Cloud Configuration Finding queries​

Issue GraphQL queries​

Reports GraphQL queries​

Vulnerability GraphQL query​

Vulnerability Definition GraphQL query​

Changelog​

Required connection settings

Obtain the client ID and client secret from Wiz

Additional settings

Types of data to retrieve

Attribute mappings

Operation options

APIs

Cloud Configuration Finding queries

Issue GraphQL queries

Reports GraphQL queries

Vulnerability GraphQL query

Vulnerability Definition GraphQL query

Changelog