Wiz
About
Wiz provides direct visibility, risk prioritization, and remediation guidance for development teams to address risks in their own infrastructure and applications
Why You Should Integrate
Integrating with Wiz allows inspection of coverage in relation to the Sevco asset inventory.
How Does the Integration Work
This integration pulls all cloud resources that have type=VIRTUAL_MACHINE in Wiz.
This data is only used internally; we do not share it with any parties outside of Sevco. Refer to our privacy policy for details.
Configuration
-
Choose a Schema: A schema is a configuration template that defines a specific way to connect, authenticate, and interact with a source. The following are the available schemas
- Wiz API Key: Uses API Key to connect and pull devices from Wiz.
- Wiz API Key (Cognito): Uses API Key that utilizes Wiz's Amazon Congnito to connect and pull devices from Wiz.
-
Configure plugin: Configure the plugin with the required fields.
Wiz API Key
| Field | Description | Example |
|---|---|---|
URL* | The Wiz GraphQL API has a single endpoint https://api.region.app.wiz.io/graphql, where region is the AWS region your tenant resides, e.g., us1, us2, eu1 or eu2. URL is found in your user profile. | https://api.us1.app.wiz.io/graphql |
| Skip TLS Certification Validation | Skip certificates validation when using a certificate that is self-signed or unable to be validated through a proper certificate authority. | |
Client ID* | Your application's Client ID | 1234567890abcdefghijklmnopqrstuvwxyz0987654321zyxvut |
Client Secret* | Your application's Client Secret | *********************** |
Wiz API Key (Cognito)
| Field | Description | Example |
|---|---|---|
URL* | The Wiz GraphQL API has a single endpoint https://api.region.app.wiz.io/graphql, where region is the AWS region your tenant resides, e.g., us1, us2, eu1 or eu2. URL is found in your user profile. | https://api.us1.app.wiz.io/graphql |
| Skip TLS Certification Validation | Skip certificates validation when using a certificate that is self-signed or unable to be validated through a proper certificate authority. | |
Client ID* | Your application's Client ID | 1234567890abcdefghijklmnopqrstuvwxyz0987654321zyxvut |
Client Secret* | Your application's Client Secret | *********************** |
-
Configure Name: OPTIONAL: You can give the configuration a name to provide an identifiable attribute of the configuration to delineate other similar configurations.
-
Activate Config: To enable this configuration and begin pulling data select "Activate". If you wish to save the configuration to come back later to finish, select "Save Draft". This will save the configuration, but keep it disabled until Activated.
Source Documentation
Creating credentials
You'll be asked to provide source credentials in the form of a Client ID/Secret that Sevco will use to connect to Wiz. The client ID/Secret are associated with a service account that will be used and can be created by following the steps in Using the Wiz API - Authentication.
Note: To create a Service Account, you must be logged in as a Wiz user with Write (W) permission on service accounts. Project-scoped roles can create Service Accounts only on their own Projects.
Required Permissions
The following permissions are required for the Service Account:
- Resource - read:resources
API Documentation
https://docs.wiz.io/wiz-docs/docs/wiz-api-introduction
Contact Us
If you're having problems integrating a source, or if you've found something wrong in this document, please email us at [email protected].
Tags: cloud
Updated 8 months ago