About

Wiz provides direct visibility, risk prioritization, and remediation guidance for development teams to address risks in their own infrastructure and applications

Why You Should Integrate

Integrating with Wiz allows inspection of coverage in relation to the Sevco asset inventory.

How Does the Integration Work

This integration pulls information about Wiz devices that meet the following criteria:

  • Type = Virtual Machine
  • Detection Method = DetectionMethodOS
  • Hostname is_set = True

This data is only used internally; we do not share it with any parties outside of Sevco. Refer to our privacy policy for details.

Configuration

  1. Choose a Schema: A schema is a configuration template that defines a specific way to connect, authenticate, and interact with a source. The following are the available schemas

    • Wiz API Key: Uses API Key to connect and pull devices from Wiz.
    • Wiz API Key (Cognito): Uses API Key that utilizes Wiz's Amazon Congnito to connect and pull devices from Wiz.
  2. Configure plugin: Configure the plugin with the required fields.

Wiz API Key

FieldDescriptionExample
URL*The Wiz GraphQL API has a single endpoint https://api.region.app.wiz.io/graphql, where region is the AWS region your tenant resides, e.g., us1, us2, eu1 or eu2. URL is found in your user profile.https://api.us1.app.wiz.io/graphql
Skip TLS Certification ValidationSkip certificates validation when using a certificate that is self-signed or unable to be validated through a proper certificate authority.
Client ID*Your application's Client ID1234567890abcdefghijklmnopqrstuvwxyz0987654321zyxvut
Client Secret*Your application's Client Secret***********************

Wiz API Key (Cognito)

FieldDescriptionExample
URL*The Wiz GraphQL API has a single endpoint https://api.region.app.wiz.io/graphql, where region is the AWS region your tenant resides, e.g., us1, us2, eu1 or eu2. URL is found in your user profile.https://api.us1.app.wiz.io/graphql
Skip TLS Certification ValidationSkip certificates validation when using a certificate that is self-signed or unable to be validated through a proper certificate authority.
Client ID*Your application's Client ID1234567890abcdefghijklmnopqrstuvwxyz0987654321zyxvut
Client Secret*Your application's Client Secret***********************
  1. Configure Name: OPTIONAL: You can give the configuration a name to provide an identifiable attribute of the configuration to delineate other similar configurations.

  2. Activate Config: To enable this configuration and begin pulling data select "Activate". If you wish to save the configuration to come back later to finish, select "Save Draft". This will save the configuration, but keep it disabled until Activated.

Source Documentation

Creating credentials

You'll be asked to provide source credentials in the form of a Client ID/Secret that Sevco will use to connect to Wiz. The client ID/Secret are associated with a service account that will be used and can be created by following the steps in Using the Wiz API - Authentication.

Note: To create a Service Account, you must be logged in as a Wiz user with Write (W) permission on service accounts. Project-scoped roles can create Service Accounts only on their own Projects.

Required Permissions

The following permissions are required for the Service Account:

  • All - Read:all
  • Resource - read:resources

API Documentation

https://docs.wiz.io/wiz-docs/docs/wiz-api-introduction

Contact Us

If you're having problems integrating a source, or if you've found something wrong in this document, please email us at [email protected].

Tags: cloud