Wiz
- 12 Mar 2025
- 2 Minutes to read
- Print
- DarkLight
Wiz
- Updated on 12 Mar 2025
- 2 Minutes to read
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Wiz is a unified cloud security that enables prevention, active detection and response. Wiz is used by security and development teams to reduce risk, gain unmatched visibility, prioritize risk and enabling business agility.
Integration Method: API
Tables: Assessment Finding (99402001), Data Security Finding (2006), Detection Finding (2004), Device Inventory (5001), Scan Activity (6007), Vulnerability Finding (2002)
The integration supports the following events.
Event | Description |
|---|---|
Vulnerability Finding | Reads all the vulnerabilities generated in instance. |
Cloud Configuration | Reads all the cloud configuration rules. |
Network Exposure | Reads the network exposure report. |
Issue | Reads an issue, lists issues. |
System Activity | Reads all the system activities generated. |
Host Configuration | Reads host configuration rules and findings. |
Endpoint Attack Surface | Reads all the endpoint attack surfaces. |
Data Finding | Reads all the data findings generated. |
This integration supports the following versions.
Wiz API version | GraphQL API v1.0 |
Note:
Wiz doesn’t follow a traditional versioning system. As of this document preparation, the latest release was on February 24, 2025.
Prerequisites
The user should have access to Wiz portal with an account that has Admin privilege.
The user should have access to the DataBee console.
Configuration Overview
Generate an API Key and Client Secret with the required scopes.
Add the Wiz data feed in the DataBee console with the below parameters.
DataBee Parameters | Wiz Parameters |
|---|---|
Key ID | Client ID |
Secret Key | Client Secret |
Token URL | Authentication URL |
API URL | API Endpoint URL |
Wiz Configuration
Login to Wiz platform.
Navigate to Settings > Access Management > Service Accounts.
Click Add Service Account.
Enter ‘Name’ and ‘Description’ of service account and select the ‘Type’ as Custom Integration (GraphQL API).
Under API Scopes, the following permissions need to be granted to fetch all the events. DataBee requires read permissions.
Event Type
Permission
Vulnerability Finding
read:vulnerabilities
Cloud Configuration
read:cloud_configuration
Network Exposure
read:network_exposure
Issues
read:issues
System Activity
read:system_activities
Host Configuration Finding
read:host_configuration
External Attack Surface
read:endpoint_attack_surfaces
Data Finding
read:data_findings
Click on Save.
Copy the secret credentials as they will only be shown once.
Wiz API URL
To get the API tenant, go to Tenant Info.
Copy the API Endpoint URL (without /graphql) and Authentication URL info. This will be used when configuring DataBee data feed.
Note:
Do not copy /graphql from the API Endpoint URL.
DataBee Configuration
To configure the data feed,
Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
Search for the Wiz data feed and click it as shown below.
Click on the API Ingest option for collection method.
Enter feed contact information and click Next.
In the configuration page, confirm the following:
API Base URL: paste the API Endpoint URL from the Wiz console.
Authorization Method: TokenURLAuth
Key Id: paste the Client ID generated earlier in the instance.
Secret Key: paste the Client Secret generated earlier in the instance.
Token URL: paste the Authentication URL from the Wiz console.
Event Types: preselected for all the event types that integration pulls.
Click Submit.
Troubleshooting Tips
Ensure the Client ID and Client Secret are pasted correctly. Since you cannot view the secrets after the 1st time, re-create the secret, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.
Ensure the Wiz scopes/permissions are correct.
Was this article helpful?