Skip to main content

Wiz

This Integration is part of the Wiz Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Agentless, context-aware and full-stack security and compliance for AWS, Azure and GCP. This integration was integrated and tested with Wiz

Configure Wiz in Cortex#

ParameterDescriptionRequired
nameIntegration Name. Default: Wiz_instance_1True
saidService Account IDTrue
sasecretService Account SecretTrue
auth_endpointWiz Authentication Endpoint, e.g., https://auth.app.wiz.io/oauth/tokenTrue
api_endpointWiz API Endpoint. Default: https://api.us1.app.wiz.io/graphql
To find your API endpoint URL:
1. Log in to Wiz, then open your user profile
2. Copy the API Endpoint URL to use here.
True
first_fetchFirst fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)False
Fetch incidentsIssue Streaming type.
Either Fetch incidents (to constantly pull Issues) or Do not fetch (to push live Issues)
False
max_fetchMax Issues to fetchFalse

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook or War Room. After you successfully execute a command, a DBot message appears in the War Room with the command details.

wiz-get-issue#


Get the details for a Wiz Issue ID.

Base Command

wiz-get-issue

Input

Argument NameDescriptionRequired
issue_idIssue idRequired

Command Example#

!wiz-get-issue issue_id="12345678-1234-1234-1234-cc0a24716e0b"

wiz-get-issues#


Get the issues on cloud resources.

Base Command

wiz-get-issues

Input

Argument NameDescriptionRequired
issue_typeThe type of Issue to get
Expected input: TOXIC_COMBINATION, THREAT_DETECTION, CLOUD_CONFIGURATION.
The chosen type will be fetched .
Optional
entity_typeThe type of entity to get issues for.Optional
resource_idGet Issues of a specific resource_id.
Expected input: providerId
Optional
severityGet Issues of a specific severuty.
Expected input: CRITICAL, HIGH, MEDIUM, LOW or INFORMATIONAL.
The chosen severity and above will be fetched
Optional

entity_type and resource_id are mutually exclusive.

Context Output

PathTypeDescription
Wiz.Manager.IssuesStringAll Issues

Command Example#

!wiz-get-issues entity_type="VIRTUAL_MACHINE"
!wiz-get-issues issue_type="THREAT_DETECTION"
!wiz-get-issues resource_id="arn:aws:ec2:us-east-2:123456789098:instance/i-0g03j4h5gd123d456"
!wiz-get-issues resource_id="arn:aws:ec2:us-east-2:123456789098:instance/i-0g03j4h5gd123d456" severity=HIGH

wiz-get-resource#


Get Details of a resource. You should pass exactly one of resource_id, resource_name. When searching by name, results are limited to 500 records.

Base Command

wiz-get-resource

Input

Argument NameDescriptionRequired
resource_idResource provider idoptional
resource_namesearch by name or external IDoptional

Context Output

PathTypeDescription
Wiz.Manager.ResourceStringResource details

Command Example#

!wiz-get-resource resource_id="arn:aws:ec2:us-east-2:123456789098:instance/i-0g03j4h5gd123d456"
!wiz-get-resource resource_name="i-0g03j4h5gd123d456"
!wiz-get-resource resource_name="test_vm"

wiz-issue-in-progress#


Re-open an Issue.

Base Command

wiz-issue-in-progress

Input

Argument NameDescriptionRequired
issue_idIssue idRequired

Context Output

PathTypeDescription
Wiz.Manager.IssueStringIssue details

Command Example#

!wiz-issue-in-progress issue_id="12345678-1234-1234-1234-cc0a24716e0b"

wiz-reopen-issue#


Re-open an Issue.

Base Command

wiz-reopen-issue

Input

Argument NameDescriptionRequired
issue_idIssue idRequired
reopen_noteNote for re-opening IssueOptional

Context Output

PathTypeDescription
Wiz.Manager.IssueStringIssue details

Command Example#

!wiz-reopen-issue issue_id="12345678-1234-1234-1234-cc0a24716e0b" reopen-note="still an issue"

wiz-reject-issue#


Re-open an Issue.

Base Command

wiz-reject-issue

Input

Argument NameDescriptionRequired
issue_idIssue idRequired
reject_reasonNote for re-opening Issue
Accepted values: WONT_FIX, FALSE_POSITIVE and REJECTED.
Required
reject_noteNote for re-opening IssueRequired

Context Output

PathTypeDescription
Wiz.Manager.IssueStringIssue details

Command Example#

!wiz-reject-issue issue_id="12345678-1234-1234-1234-cc0a24716e0b" reject_reason="WONT_FIX" reject_note="this is by design"

wiz-resolve-issue#


Resolve a Threat Detection Issue.

Base Command

wiz-resolve-issue

Input

Argument NameDescriptionRequired
issue_idIssue idRequired
resolution_reasonIssue resolution reasonRequired
resolution_noteNote to explain why the Issue has been resolvedRequired

Context Output

PathTypeDescription
Wiz.Manager.IssueStringIssue details

Command Example#

!wiz-resolve-issue issue_id="12345678-1234-1234-1234-cc0a24716e0b" resolution_note="won't fix this issue as this is low priority" resolution_reason="WONT_FIX"

wiz-set-issue-note#


Set (append) a note to an Issue.

Base Command

wiz-set-issue-note

Input

Argument NameDescriptionRequired
issue_idIssue idRequired
reject_noteNote for the Issue. Will be appeneded to existing one.Required

Command Example#

!wiz-set-issue-note issue_id="12345678-1234-1234-1234-cc0a24716e0b" note="Checking with owner"

wiz-clear-issue-note#


Clears a note from an Issue.

Base Command

wiz-clear-issue-note

Input

Argument NameDescriptionRequired
issue_idIssue idRequired

Command Example#

!wiz-clear-issue-note issue_id="12345678-1234-1234-1234-cc0a24716e0b"

wiz-get-issue-evidence#


Get the evidence from an Issue.

Base Command

wiz-get-issue-evidence

Input

Argument NameDescriptionRequired
issue_idIssue idRequired

Command Example#

!wiz-get-issue-evidence issue_id="12345678-1234-1234-1234-cc0a24716e0b"

wiz-rescan-machine-disk#


Deprecated

wiz-set-issue-due-date#


Set a due date for an Issue.

Base Command

wiz-set-issue-due-date

Input

Argument NameDescriptionRequired
issue_idIssue idRequired
due_atDue At DateRequired

Command Example#

!wiz-set-issue-due-date issue_id="12345678-1234-1234-1234-cc0a24716e0b" due_at="2022-01-20"

wiz-clear-issue-due-date#


Clear a due date for an Issue.

Base Command

wiz-clear-issue-due-date

Input

Argument NameDescriptionRequired
issue_idIssue idRequired

Command Example#

!wiz-clear-issue-due-date issue_id="12345678-1234-1234-1234-cc0a24716e0b"

wiz-get-project-team#


Clear a due date for an Issue.

Base Command

wiz-get-project-team

Input

Argument NameDescriptionRequired
project_nameProject NameRequired

Command Example#

!wiz-get-project-team project_name="project1"

wiz-copy-to-forensics-account#


Copy VM's Volumes to a Forensics Account

Base Command

wiz-copy-to-forensics-account

Input

Argument NameDescriptionRequired
resource_idResource IdRequired

Command Example#

!wiz-copy-to-forensics-account resource_id="12345678-1234-1234-1234-cc0a24716e0b"
!wiz-copy-to-forensics-account resource_id="arn:aws:ec2:us-east-1:123455563321:instance/i-05r662bfb9708a4e8"