Skip to main content

Wiz

This Integration is part of the Wiz Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Agentless, context-aware and full-stack security and compliance for AWS, Azure and GCP. This integration was integrated and tested with Wiz

Configure Wiz on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Wiz. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    nameIntegration Name. Default: Wiz_instance_1True
    saidService Account IDTrue
    sasecretService Account SecretTrue
    auth_endpointWiz Authentication Endpoint, e.g., https://auth.app.wiz.io/oauth/tokenTrue
    api_endpointWiz API Endpoint. Default: https://api.us1.app.wiz.io/graphql
    To find your API endpoint URL:
    1. Log in to Wiz, then open your user profile
    2. Copy the API Endpoint URL to use here.    		True
    first_fetchFirst fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)False
    Fetch incidentsIssue Streaming type.
    Either Fetch incidents (to constantly pull Issues) or Do not fetch (to push live Issues)    		False
    max_fetchMax Issues to fetchFalse

  3. Click Test to validate the API Endpoint, Service Account and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook or War Room. After you successfully execute a command, a DBot message appears in the War Room with the command details.

wiz-get-issues#

Get the issues on cloud resources

Base Command

wiz-get-issues

Input

Argument NameDescriptionRequired
issue_typeThe type of Issue to get.Optional
resource_idGet Issues of a specific resource_id.
Expected input: providerId		Optional
severityGet Issues of a specific severuty.
Expected input: CRITICAL, HIGH, MEDIUM, LOW or INFORMATIONAL.
The chosen severity and above will be fetched		Optional

Either issue_type or resource_id are required.

Context Output

PathTypeDescription
Wiz.Manager.IssuesStringAll Issues

Command Example#

!wiz-get-issues issue_type="VIRTUAL_MACHINE"
!wiz-get-issues resource_id="arn:aws:ec2:us-east-2:123456789098:instance/i-0g03j4h5gd123d456"
!wiz-get-issues resource_id="arn:aws:ec2:us-east-2:123456789098:instance/i-0g03j4h5gd123d456" severity=HIGH

wiz-get-resource#

Get Details of a resource.

Base Command

wiz-get-resource

Input

Argument NameDescriptionRequired
resource_idResource provider idRequired

Context Output

PathTypeDescription
Wiz.Manager.ResourceStringResource details

Command Example#

!wiz-get-resource resource_id="arn:aws:ec2:us-east-2:123456789098:instance/i-0g03j4h5gd123d456"

wiz-issue-in-progress#

Re-open an Issue.

Base Command

wiz-issue-in-progress

Input

Argument NameDescriptionRequired
issue_idIssue idRequired

Context Output

PathTypeDescription
Wiz.Manager.IssueStringIssue details

Command Example#

!wiz-issue-in-progress issue_id="12345678-1234-1234-1234-cc0a24716e0b"

wiz-reopen-issue#

Re-open an Issue.

Base Command

wiz-reopen-issue

Input

Argument NameDescriptionRequired
issue_idIssue idRequired
reopen_noteNote for re-opening IssueOptional

Context Output

PathTypeDescription
Wiz.Manager.IssueStringIssue details

Command Example#

!wiz-reopen-issue issue_id="12345678-1234-1234-1234-cc0a24716e0b" reopen-note="still an issue"

wiz-reject-issue#

Re-open an Issue.

Base Command

wiz-reject-issue

Input

Argument NameDescriptionRequired
issue_idIssue idRequired
reject_reasonNote for re-opening Issue
Accepted values: WONT_FIX, FALSE_POSITIVE and REJECTED.		Required
reject_noteNote for re-opening IssueRequired

Context Output

PathTypeDescription
Wiz.Manager.IssueStringIssue details

Command Example#

!wiz-reject-issue issue_id="12345678-1234-1234-1234-cc0a24716e0b" reject_reason="WONT_FIX" reject_note="this is by design"

wiz-set-issue-note#

Set (append) a note to an Issue.

Base Command

wiz-set-issue-note

Input

Argument NameDescriptionRequired
issue_idIssue idRequired
reject_noteNote for the Issue. Will be appeneded to existing one.Required

Command Example#

!wiz-set-issue-note issue_id="12345678-1234-1234-1234-cc0a24716e0b" note="Checking with owner"

wiz-clear-issue-note#

Clears a note from an Issue.

Base Command

wiz-clear-issue-note

Input

Argument NameDescriptionRequired
issue_idIssue idRequired

Command Example#

!wiz-clear-issue-note issue_id="12345678-1234-1234-1234-cc0a24716e0b"

wiz-get-issue-evidence#

Get the evidence from an Issue.

Base Command

wiz-get-issue-evidence

Input

Argument NameDescriptionRequired
issue_idIssue idRequired

Command Example#

!wiz-get-issue-evidence issue_id="12345678-1234-1234-1234-cc0a24716e0b"

wiz-rescan-machine-disk#

Rescan a VM disk in Wiz.

Base Command

wiz-rescan-machine-disk

Input

Argument NameDescriptionRequired
vm_idVM Cloud Provider idRequired

Command Example#

!wiz-rescan-machine-disk vm_id="arn:aws:ec2:us-east-2:123456789098:instance/i-1234abcd123456789"

wiz-set-issue-due-date#

Set a due date for an Issue.

Base Command

wiz-set-issue-due-date

Input

Argument NameDescriptionRequired
issue_idIssue idRequired
due_atDue At DateRequired

Command Example#

!wiz-set-issue-due-date issue_id="12345678-1234-1234-1234-cc0a24716e0b" due_at="2022-01-20"

wiz-clear-issue-due-date#

Clear a due date for an Issue.

Base Command

wiz-clear-issue-due-date

Input

Argument NameDescriptionRequired
issue_idIssue idRequired

Command Example#

!wiz-clear-issue-due-date issue_id="12345678-1234-1234-1234-cc0a24716e0b"

wiz-get-project-team#

Clear a due date for an Issue.

Base Command

wiz-get-project-team

Input

Argument NameDescriptionRequired
project_nameProject NameRequired

Command Example#

!wiz-get-project-team project_name="project1"
Edit this page
Report an Issue