Skip to main content

Wiz

Wiz is a cloud security tool that scans your cloud environments to provide complete visibility into every technology running in your cloud. You can bring virtual network, virtual machine, vulnerability and more data from Wiz into Brinqa to construct a unified view of your attack surface and strengthen your cybersecurity posture.

This document details the information you must provide for the connector to authenticate with Wiz when the data integration runs, and how to obtain that information from Wiz. See create a data integration for step-by-step instructions on setting up the integration.

Required connection settings

When setting up a data integration, select Wiz from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate Wiz with Brinqa:

  • API URL: The Wiz API endpoint URL. The default URL is https://api.<region>.app.wiz.io.

  • Token URL: The Wiz API authentication token URL. The URL is specific to the identity provider (IdP) for the Wiz service account. See Table 1 for more information.

  • OAuth audience: The audience of your OAuth token. The audience is specific to your IdP. See Table 1 for more information.

  • Client ID and Client secret: The credentials associated with the Wiz service account, which must have permissions to log in to the API server and return data.

The Token URL and OAuth audience values depend on the IdP you use for the Wiz service account. The following table summarizes the different values:

Table 1. Wiz token URL and audience values

IdPToken URLAudience
Amazon Cognitohttps://auth.app.wiz.io/oauth/tokenwiz-api
Auth0https://auth.wiz.io/oauth/tokenbeyond-api

Obtain the client ID and client secret from Wiz

For the Wiz connector to use the Wiz API, you must provide the client ID and client secret from an active Wiz service account.

To obtain these credentials, please follow the steps in the official Wiz documentation for Brinqa integration. This guide is maintained by Wiz and outlines the process for creating the required service account and assigning appropriate permissions.

note

If you do not have the permissions to create a service account or assign permissions, contact your Wiz administrator.

The Wiz connector was developed in collaboration with Wiz and adheres to their recommended solutions. It has been certified by Wiz to ensure optimal functionality and security.

  • Due to limitations with GraphQL in exporting large datasets, the connector generates reports in CSV format.
  • The Wiz connector generates one report per asset type for Vulnerabilities, with each report prefixed by BRINQA-VULNERABILITIES-REPORT_.
  • It also generates one report per inventory type for Inventory, with each report prefixed by BRINQA-INVENTORY-REPORT_. This lets you easily identify and monitor said reports.
  • These reports are automatically deleted from Wiz based on your specified data cleanup frequency.

Additional settings

The Wiz connector contains additional options for specific configuration:

  • Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.

  • Maximum retries: The maximum number of times that the integration attempts to connect to the Wiz API before giving up and reporting a failure. The default setting is 5.

Types of data to retrieve

The Wiz connector can retrieve the following types of data from the Wiz API:

Table 2: Data retrieved from Wiz

Connector ObjectRequiredMaps to Data Model
API GatewayNoNot mapped
Backup ServiceNoNot mapped
BucketNoNot mapped
CI/CD ServiceNoNot mapped
Compute Instance GroupNoNot mapped
Configuration FindingYesViolation
ContainerYesContainer
Container ImageYesContainer Image
Container RegistryNoNot mapped
Container ServiceNoNot mapped
ControlYesViolation Definition
Daemon SetNoNot mapped
Database ServerYesDatabase Instance
DeploymentNoNot mapped
Encryption KeyNoNot mapped
File System ServiceNoNot mapped
FirewallNoNot mapped
IssueYesViolation
Issue DefinitionYesViolation Definition
Kubernetes ClusterNoNot mapped
Raw Access PolicyNoNot mapped
Resource GroupNoNot mapped
Secret ContainerNoNot mapped
ServerlessYesServerless
Storage AccountNoNot mapped
SubnetNoNot mapped
SubscriptionNoNot mapped
Virtual MachineYesHost
Virtual Machine ImageYesHost Image
Virtual NetworkYesNetwork Segment
VolumeNoNot mapped
VulnerabilityYesVulnerability
Vulnerability DefinitionYesVulnerability Definition
Web ServiceNoNot mapped
info

For detailed steps on how to view the data retrieved from Wiz in the Brinqa Platform, see How to view your data.

Attribute mappings

Expand the sections below to view the mappings between the source and the Brinqa data model attributes.

Configuration Finding

Table 3: Configuration Finding attribute mappings

Source Field NameMaps to Attribute
firstSeenAtfirstSeen
iduid
remediationrecommendation
resource.idtargets
resource.nameLocal variable
resource.typeLocal variable
resultresults
ruletype
severityseverity
statusstatus
Container

Table 4: Container attribute mappings

Source Field NameMaps to Attribute
Cloud Native JSON.tagstags
Cloud PlatformLocal variable
Descriptiondescription
External IDLocal variable
Last SeenlastSeen
NameLocal variable
Native TypeLocal variable
ProjectsLocal variable
Provider IDLocal variable
Provider ID/External IDuid
namename
categoriescategories
Regionregion
Resource TypeLocal variable
SubscriptionLocal variable
Subscription IDLocal variable
Wiz JSON Object.RuntimeLocal variable
Wiz JSON Object.applicationEndpoint.openToAllInternetLocal variable
Wiz JSON Object.applicationEndpoint.validatedOpenPortsLocal variable
Wiz JSON Object.common.creationDatesourceCreatedDate
Wiz JSON Object.common.statusproviderStatus
Wiz JSON Object.common.statusstatus
Wiz JSON Object.imageExternalIdimage
Wiz JSON Object.kubernetes.baseExtraData.clusterExternalIdLocal variable
Wiz JSON Object.kubernetes.baseExtraData.clusterNameLocal variable
Wiz JSON Object.virtualMachineExternalIdhost
Container Image

Table 5: Container Image attribute mappings

Source Field NameMaps to Attribute
Categoriescategories
Cloud Native JSON.tagstags
Cloud PlatformLocal variable
Descriptiondescription
External IDLocal variable
Last SeenLocal variable
Namename
Native TypeLocal variable
ProjectsLocal variable
Provider IDLocal variable
Provider ID/External IDuid
Regionregion
Resource TypeLocal variable
SubscriptionLocal variable
Subscription IDLocal variable
Wiz JSON Object.applicationEndpoint.openToAllInternetLocal variable
Wiz JSON Object.applicationEndpoint.validatedOpenPortsLocal variable
Wiz JSON Object.common.creationDatesourceCreatedDate
Wiz JSON Object.common.statusproviderStatus
Wiz JSON Object.common.status (normalized)status
Wiz JSON Object.digestdigest
Wiz JSON Object.encryptedLocal variable
Wiz JSON Object.repoExternalIdLocal variable
Control

Table 6: Control attribute mappings

Source Field NameMaps to Attribute
descriptiondescription
iduid
namename
remediationInstructionsrecommendation
Issue

Table 7: Issue attribute mappings

Source Field NameMaps to Attribute
CREATED_ATfirstFound
CREATED_ATsourceCreatedDate
DUE_ATLocal variable
ENTITY.UIDtargets
IDuid
NOTES.TEXTLocal variable
RESOLVED_ATlastFixed
RESOLUTION_REASONLocal variable
SEVERITYseverity, severityScore, sourceSeverity
SEVERITYseverityScore
SEVERITYsourceSeverity
SERVICE_TICKETS.EXTERNAL_IDLocal variable
SERVICE_TICKETS.IDLocal variable
SERVICE_TICKETS.NAMELocal variable
SERVICE_TICKETS.URLLocal variable
SOURCE_RULES.IDtype
STATUSproviderStatus, sourceStatus, status, statusCategory
TYPEcategories
UPDATED_ATsourceLastModified
Issue Definition

Table 8: Issue Definition attribute mappings

Source Field NameMaps to Attribute
ISSUE.SOURCERULE.DESCRIPTIONdescription
ISSUE.SOURCERULE.IDuid
ISSUE.SOURCERULE.NAMEname
ISSUE.SOURCERULE.NAMEsummary
ISSUE.SOURCERULE.REMEDIATIONINSTRUCTIONSrecommendation
ISSUE.SOURCERULE.RESOLUTIONRECOMMENDATIONrecommendation
ISSUE.SOURCERULE.RESOLUTIONRECOMMENDATIONPLAINTEXTrecommendation
ISSUE.SOURCERULE.RISKSLocal variable
ISSUE.SOURCERULE.SECURITYSUBCATEGORIES.DISPLAYNAMEcategories
ISSUE.SOURCERULE.SEVERITYseverity, severityScore, sourceSeverity
ISSUE.SOURCERULE.THREATSLocal variable
ISSUE.SOURCERULE.TYPELocal variable
Virtual Machine

Table 9: Virtual Machine attribute mappings

Source Field NameMaps to Attribute
Categoriescategories
Cloud Native JSON.ArchitectureLocal variable
Cloud Native JSON.ImageIdimage
Cloud Native JSON.InstanceIdinstanceId
Cloud Native JSON.InstanceTypeLocal variable
Cloud Native JSON.Monitoring.StateLocal variable
Cloud Native JSON.NetworkInterfaces.MacAddressmacAddresses
Cloud Native JSON.PrivateDnsNamednsNames
Cloud Native JSON.PrivateDnsNameprivateDnsNames
Cloud Native JSON.PrivateIpAddressipAddresses
Cloud Native JSON.PrivateIpAddressprivateIpAddresses
Cloud Native JSON.PublicDnsNamehostnames
Cloud Native JSON.PublicDnsNamepublicDnsNames
Cloud Native JSON.PublicIpAddressipAddresses
Cloud Native JSON.PublicIpAddresspublicIpAddresses
Cloud Native JSON.StateReasonLocal variable
Cloud Native JSON.SubscriptionLocal variable
Cloud Native JSON.Subscription IDLocal variable
Cloud Native JSON.lastStartTimestamplastStarted
Cloud Native JSON.lastStopTimestamplastStopped
Cloud Native JSON.nameLocal variable
Cloud Native JSON.networkInterfaces.networkLocal variable
Cloud Native JSON.networkInterfaces.subnetworkLocal variable
Cloud Native JSON.projectLocal variable
Cloud Native JSON.providerIdLocal variable
Cloud Native JSON.tagstags
Cloud PlatformLocal variable
Descriptiondescription
External IDLocal variable
Last SeenLocal variable
Namename
Native TypeLocal variable
ProjectsLocal variable
Provider IDLocal variable
Provider ID/External IDuid
Regionregion
Resource TypeLocal variable
SubscriptionLocal variable
Subscription IDLocal variable
Wiz JSON Object.RuntimeLocal variable
Wiz JSON Object.applicationEndpoint.openToAllInternetLocal variable
Wiz JSON Object.applicationEndpoint.validatedOpenPortsLocal variable
Wiz JSON Object.common.creationDatefirstSeen
Wiz JSON Object.common.creationDatesourceCreatedDate
Wiz JSON Object.common.statusproviderStatus
Wiz JSON Object.common.statusstatus
Wiz JSON Object.imageExternalIdimage
Wiz JSON Object.isContainerHostLocal variable
Wiz JSON Object.operatingSystemoperatingSystem
Virtual Machine Image

Table 10: Virtual Machine Image attribute mappings

Source Field NameMaps to Attribute
Categoriescategories
Cloud Native JSON.tagstags
Cloud PlatformLocal variable
Descriptiondescription
External IDLocal variable
Last SeenLocal variable
Namename
Native TypeLocal variable
ProjectsLocal variable
Provider IDLocal variable
Provider ID/External IDuid
Regionregion
Resource TypeLocal variable
SubscriptionLocal variable
Subscription IDLocal variable
Wiz JSON Object.ImageLocationLocal variable
Wiz JSON Object.ImageOwnerAliasLocal variable
Wiz JSON Object.PlatformDetailsLocal variable
Wiz JSON Object.applicationEndpoint.openToAllInternetLocal variable
Wiz JSON Object.applicationEndpoint.validatedOpenPortsLocal variable
Wiz JSON Object.common.creationDatesourceCreatedDate
Wiz JSON Object.common.statusproviderStatus
Wiz JSON Object.common.statusstatus
Wiz JSON Object.familyLocal variable
Wiz JSON Object.is_publicLocal variable
Virtual Network

Table 11: Virtual Network attribute mappings

Source Field NameMaps to Attribute
Categoriescategories
Cloud Native JSON.addressSpace.addressPrefixesLocal variable
Cloud Native JSON.enableDdosProtectionLocal variable
Cloud Native JSON.tagstags
Cloud PlatformLocal variable
Descriptiondescription
External IDLocal variable
Last SeenLocal variable
Namename
Native TypeLocal variable
ProjectsLocal variable
Provider IDLocal variable
Provider ID/External IDuid
Regionregion
Resource TypeLocal variable
SubscriptionLocal variable
Subscription IDLocal variable
Wiz JSON Object.addressRangeEdgesLocal variable
Wiz JSON Object.addressRangesipv4Ranges
Wiz JSON Object.applicationEndpoint.openToAllInternetLocal variable
Wiz JSON Object.applicationEndpoint.validatedOpenPortsLocal variable
Wiz JSON Object.common.creationDatesourceCreatedDate
Wiz JSON Object.common.statusproviderStatus
Wiz JSON Object.common.statusstatus
Wiz JSON Object.flowLogsEnabledLocal variable
Wiz JSON Object.hasDeployedInstancesLocal variable
Wiz JSON Object.isDefaultLocal variable
Vulnerability

Table 12: Vulnerability attribute mappings

Source Field NameMaps to Attribute
ASSETIDtargets
ASSETNAMELocal variable
CRITICALRELATEDISSUESCOUNTLocal variable
CVSSSEVERITYLocal variable
DETAILEDNAMEresults
DETECTIONMETHODLocal variable
DESCRIPTIONdescription
EXPLOITABILITYSCORELocal variable
FINDINGSTATUSproviderStatus, sourceStatus, status, statusCategory
FIRSTDETECTEDfirstFound
FIXEDVERSIONLocal variable
HIGHRELATEDISSUESCOUNTLocal variable
IDuid
IMPACTSCORELocal variable
INFORELATEDISSUESCOUNTLocal variable
LASTDETECTEDlastFound
LOCATIONPATHlocationPath
LOWRELATEDISSUESCOUNTLocal variable
MEDIUMRELATEDISSUESCOUNTLocal variable
NAMEname
NAMEtype
NVDSEVERITYLocal variable
PROVIDERUNIQUEIDLocal variable
REMEDIATIONrecommendation
RESOLUTIONREASONLocal variable
RESOLVEDATlastFixed
SCOREsourceSeverityScore
SEVERITYseverity, severityScore, sourceSeverity
TYPEcategories
VERSIONLocal variable
VENDORSEVERITYLocal variable
WIZURLLocal variable
Vulnerability Definition

Table 13: Vulnerability Definition attribute mappings

Source Field NameMaps to Attribute
AFFECTEDSOFTWAREaffected
CATEGORIEScategories
CISAKEVDUEDATEcisaDueDate
CISAKEVRELEASEDATEcisaAddedDate
CVSSV2.ATTACKCOMPLEXITYcvssV2AccessComplexity
CVSSV2.ATTACKVECTORcvssV2AttackVector
CVSSV2.BASESCOREcvssV2BaseScore
CVSSV2.CONFIDENTIALITYIMPACTcvssV2ConfidentialityImpact
CVSSV2.INTEGRITYIMPACTcvssV2IntegrityImpact
CVSSV2.PRIVILEGESREQUIREDcvssV2Authentication
CVSSV3.ATTACKCOMPLEXITYcvssV3AttackComplexity
CVSSV3.ATTACKVECTORcvssV3AttackVector
CVSSV3.CONFIDENTIALITYIMPACTcvssV3ConfidentialityImpact
CVSSV3.INTEGRITYIMPACTcvssV3IntegrityImpact
CVSSV3.PRIVILEGESREQUIREDcvssV3PrivilegesRequired
CVSSV3.USERINTERACTIONREQUIREDcvssV3UserInteraction
DESCRIPTIONdescription
EPSSPERCENTILEepssPercentile
EPSSSEVERITYLocal variable
EPSSSCOREepssScore
EXPLOITABILITY/HASCISAKEVEXPLOITexploitability
EXPLOITABILITYSCORELocal variable
EXTERNALIDexternalUids
HASHCISAKEVEXPLOITcisaExploited
HIGHPROFILETHREATLocal variable
ISHIGHPROFILETHREATLocal variable
NAMEcveIds, cveRecords, name, uid
NVDSEVERITYLocal variable
PUBLISHEDATpublishedDate
RECOMMENDATIONrecommendation
REFERENCESreferences
SEVERITYseverity, severityScore, sourceSeverity
SOURCEURLreferences
VENDORSEVERITYLocal variable
note

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.

Operation options

The Wiz connector supports the following operation options. See connector operation options for information about how to apply them.

Click the tabs below to view the supported operation options per connector object.

Table 14: Operation options

Connector ObjectOptionAll Possible ValuesDescriptionExample
Backup Service,
Bucket,
CI/CD Service,
Compute Instance Group,
Container,
Container Image,
Container Registry,
Container Service,
Daemon Set,
Database Server,
Deployment,
Encryption Key,
File System Service,
Firewall,
Kubernetes Cluster,
Raw Access Policy,
Resource Group,
Serverless,
Storage Account,
Subscription,
Virtual Machine,
Virtual Machine Image,
Virtual Network,
Web Service
projectIdAny number identifying a project.Filter reports associated with the specified project ID.Key: projectId,
Value: 1234.
This key and value combination only retrieves data from project ID 1234.
reportNameAny name identifying a report.Filter reports matching the specified name.Key: reportName,
Value: Report A.
This key and value combination only retrieves data from Report A.
note

The option keys and possible values are case-sensitive as they are shown in this documentation.

APIs

The Wiz connector uses the Wiz API. Specifically, it executes the following GraphQL queries to retrieve data:

Table 18: Wiz API GraphQL queries

Connector ObjectGraphQL Query
Backup ServiceReports GraphQL queries
BucketReports GraphQL queries
CI/CD ServiceReports GraphQL queries
Compute Instance GroupReports GraphQL queries
Configuration FindingCloud Configuration Findings GraphQL queries
ContainerReports GraphQL queries
Container ImageReports GraphQL queries
Container RegistryReports GraphQL queries
Container ServiceReports GraphQL queries
ControlCloud Configuration Findings GraphQL queries
Daemon SetReports GraphQL queries
Database ServerReports GraphQL queries
DeploymentReports GraphQL queries
Encryption KeyReports GraphQL queries
File System ServiceReports GraphQL queries
FirewallReports GraphQL queries
IssueIssue GraphQL queries
Issue DefinitionIssue GraphQL queries
Kubernetes ClusterReports GraphQL queries
Raw Access PolicyReports GraphQL queries
Resource GroupReports GraphQL queries
ServerlessReports GraphQL queries
Storage AccountReports GraphQL queries
SubscriptionReports GraphQL queries
Virtual MachineReports GraphQL queries
Virtual Machine ImageReports GraphQL queries
Virtual NetworkReports GraphQL queries
VulnerabilityReports GraphQL queries
Vulnerability GraphQL query
Vulnerability DefinitionReports GraphQL queries
Vulnerability GraphQL query
Vulnerability Definition GraphQL query
Web ServiceReports GraphQL queries

Cloud Configuration Finding queries

Click to expand

The following query retrieves information about cloud configuration findings:

query CloudConfigurationFindingsPage($filterBy: ConfigurationFindingFilters, $first: Int, $after: String, $orderBy: ConfigurationFindingOrder) {  
page: configurationFindings(filterBy: $filterBy, first: $first, after: $after, orderBy: $orderBy) {
nodes {
id
targetExternalId
deleted
targetObjectProviderUniqueId
firstSeenAt
severity
result
status
remediation
resource {
id
providerId
name
nativeType
type
region
subscription {
id
name
externalId
cloudProvider
}
projects {
id
name
riskProfile {
businessImpact
}
}
tags {
key
value
}
}
rule {
id
graphId
name
description
remediationInstructions
functionAsControl
}
securitySubCategories {
id
title
category {
id
name
framework {
id
name
}
}
}
ignoreRules {
id
name
enabled
expiredAt
}
}
pageInfo {
hasNextPage
endCursor
}
}
}

Issue GraphQL queries

Click to expand

The following query retrieves information about issue and issue definition:

query issueFindings($filterBy: IssueFilters, $first: Int, $after: String $orderBy: IssueOrder) {  
page: issuesV2(filterBy: $filterBy, first: $first, after: $after, orderBy: $orderBy) {
nodes {
id
status
severity
type
openReason
resolutionReason
suggestions
resolvedAt
createdAt
updatedAt
dueAt
statusChangedAt
rejectionExpiredAt
sourceRule {
__typename
... on Control {
id
name
description
severity
resolutionRecommendation
securitySubCategories {
id
title
category {
id
name
framework {
id
name
}
}
}
}
... on CloudEventRule {
id
name
description
sourceType
type
cloudEventRuleSeverity: severity
securitySubCategories {
id
title
category {
id
name
framework {
id
name
}
}
}
}
... on CloudConfigurationRule {
id
name
description
remediationInstructions
serviceType
severity
securitySubCategories {
id
title
category {
id
name
framework {
id
name
}
}
}
}
}
entity: entitySnapshot {
id
type
nativeType
name
status
cloudPlatform
cloudProviderURL
providerId
region
resourceGroupExternalId
subscriptionExternalId
subscriptionName
subscriptionTags
tags
externalId
}
projects {
id
name
description
slug
businessUnit
riskProfile {
businessImpact
}
}
serviceTickets {
id
externalId
name
url
}
notes {
id
createdAt
updatedAt
text
user {
id
name
email
}
serviceAccount {
id
name
type
}
}
}
pageInfo {
hasNextPage
endCursor
}
}
}

Reports GraphQL queries

Click to expand

The first query retrieves data for the Backup Service, Bucket, CI/CD Service, Compute Instance Group, Container, ContainerImage, Container Registry, Container Service, Daemon Set, Database Server, Deployment, Encryption Key, File System Service, Firewall, Kubernetes Cluster, Raw Access Policy, Resource Group, Serverless, Storage Account, Subscription, Virtual Machine Image, Virtual Network, Vulnerability, Vulnerability Definition, or Web Service connector objects from the reports endpoint. The rest of the queries create a report and generates the URL to download the report:

query ReportsSearch($filterBy: ReportFilters, $first: Int, $after: String) {
page: reports(first: $first, after: $after, filterBy: $filterBy) {
nodes {
id
name
createdBy {
id
email
}
lastRun {
id
runAt
}
lastSuccessfulRun {
id
runAt
}
type {
id
name
}
}
pageInfo {
hasNextPage
endCursor
}
}
}

mutation CreateReport($input: CreateReportInput!) {
operation: createReport(input: $input) {
node: report {
id
}
}
}

mutation RerunReport($reportId: ID!) {
operation: rerunReport(input: {id: $reportId}) {
node: report {
id
}
}
}

query ReportDownloadUrl($reportId: ID!) {
node: report(id: $reportId) {
id
name
lastRun {
id
url
status
}
}
}

Vulnerability GraphQL query

Click to expand

The following query retrieves information about vulnerabilities:

query vulnerabilityFindings($filterBy: VulnerabilityFindingFilters, $first: Int, $after: String) {  
page: vulnerabilityFindings(filterBy: $filterBy, first: $first, after: $after) {
nodes {
id
name
detailedName
CVEDescription
CVSSSeverity
vendorSeverity
score
exploitabilityScore
impactScore
description
remediation
link
locationPath
detectionMethod
version
fixedVersion
portalUrl
firstDetectedAt
lastDetectedAt
vulnerableAsset {
... on VulnerableAssetBase {
id
providerUniqueId
type
name
}
}
}
pageInfo {
hasNextPage
endCursor
}
totalCount
}
}

Vulnerability Definition GraphQL query

Click to expand

The following query retrieves information about vulnerability definition:

query VulnerabilityDefinitions($filterBy: VulnerabilityFilters, $first: Int, $after: String) { 
page: vulnerabilities(filterBy: $filterBy, first: $first, after: $after) {
nodes {
affectedTechnologies {
id
name
}
baseScore
cisaKevDueDate
cisaKevReleaseDate
cvssv2 {
attackComplexity
attackVector
confidentialityImpact
integrityImpact
privilegesRequired
userInteractionRequired
}
cvssv3 {
attackComplexity
attackVector
confidentialityImpact
integrityImpact
privilegesRequired
userInteractionRequired
}
description
exploitabilityScore
exploitable
externalId
hasCisaKevExploit
id
name
publishedAt
severity
sourceFeeds {
id
name
url
}
sourceUrl
}
pageInfo {
endCursor
hasNextPage
}
totalCount
}
}

Changelog

The Wiz connector has undergone the following changes:

Table 19: Wiz connector changelog

VersionDescription
3.3.7- Added the ADDITIONAL_IDS attribute to the API Gateway object.
- Added the CLUSTER_EXTERNAL_ID and CLUSTER_NAME attributes to the Container object to support Kubernetes context.
3.3.6- Added a new operation option for the Issue object to filter by issue type: type.
- Added the CATEGORIES attribute to the Issue object.
- Added support for ticketing information from Wiz to help prevent duplicate ticket creation and improve issue tracking. As a result, the following attributes were added to the Issue object:
  • TICKET_EXTERNAL_ID
  • TICKET_ID
  • TICKET_NAME
  • TICKET_URL
3.3.5Fixed an issue where the TARGETS attribute on the Vulnerability object included empty string values. The connector now prevents empty values from being added to the targets list.
3.3.4Fixed an issue where configuration findings were not correctly associating with assets. The connector now imports RESOURCE_EXTERNAL_ID and RESOURCE_PROVIDER_ID on the Configuration Finding object to establish proper relationships between findings and their associated assets.
3.3.3Fixed an issue where the connector was incorrectly mapping IP addresses and private DNS names to both the IP_ADDRESSES and PRIVATE_IP_ADDRESSES attributes on the Virtual Machine object. The connector now properly distinguishes between these attributes.
3.3.2- The Configuration Finding object is no longer required and now maps to Violation.
- Added the RECOMMENDATION, TARGETS, and TYPE attributes to the Configuration Finding object.
3.3.1The connector now retrieves the Configuration Finding object from Wiz.
3.3.0- The connector now retrieves the Control object from Wiz.
- Replaced the deprecated vulnerabilityParams.type attribute on the Vulnerability object with columnSelection for Vulnerability reports.
3.2.6The connector now retrieves the Secret Container object from Wiz.
3.2.5Fixed an issue where attributes from Wiz were not being mapped correctly to the Host data model.
3.2.4Added the NAME attribute to the Vulnerability Definition object.
3.2.3Code clean up and general maintenance to help improve error handling.
3.2.2Fixed an issue where the Issue and Issue Definition object syncs were failing.
3.2.1Fixed an issue where the Resource Group and Storage Account object syncs were failing due to an "Empty header line: cannot bind data" error.
3.2.0Enhanced the Vulnerability object sync process to improve efficiency by using regular reports with the updateAt date filter, as recommended by Wiz. The Wiz connector now retrieves all vulnerabilities with detection support via the GraphQL API, rather than creating vulnerability definitions from vulnerability data.
3.1.18Code clean up and maintenance.
3.1.17- Fixed an issue where the Issue and Issue Definition object syncs were failing.
- Added the SOURCE_SEVERITY_SCORE attribute to the Vulnerability object.
- Code clean up and maintenance.
3.1.16- Added remediation instructions to the Issue Definition object.
- Addressed a potential NullPointerException (NPE) on the Issue object.
3.1.15Enhanced the method for retrieving vulnerability status by splitting "New" from "Active" status. The Wiz connector now uses the FIRST_SEEN_AT filter for "New" vulnerabilities and the UPDATED_AT filter for "Active" vulnerabilities to ensure more accurate reporting.
3.1.14Added the IS_CONTAINER_HOST attribute to the Virtual Machine object.
3.1.13No change.
3.1.12Fixed an issue where the CVSS_V2_BASE_SCORE and CVSS_V3_BASE_SCORE attributes on the Vulnerability Definition object were not populating.
3.1.11Revised the logic of getting asset type information from the source data.
3.1.10- Updated to fetch vmId as the Instance ID for Azure assets.
- Switched the order of adding attributes to allow native or specific attributes to take higher precedence.
- Updated dependencies.
3.1.9- Fixed an issue where an Empty header line error occurred when reports returned by Wiz were empty.
- Fixed an issue related to the Missing 1 header column: ["uid"] error.
3.1.8Added a new setting to configure maximum retries.
3.1.7- Updated to the new Wiz logo.
- Enhanced handling for missing UID in objects retrieved from Wiz.
3.1.4- Started retrieving the image name for Container Image objects.
- Started mapping provider ID to the TARGETS attribute on the Issue object.
3.1.1Added more connector objects, such as Database Server, Issue, and Issue Definition.
3.1.0Initial Integration+ release.