Wiz
This Integration is part of the Wiz Pack.#
Supported versions
Supported Cortex XSOAR versions: 6.0.0 and later.
Agentless, context-aware and full-stack security and compliance for AWS, Azure and GCP. This integration was integrated and tested with Wiz
Configure Wiz on Cortex XSOAR#
Navigate to Settings > Integrations > Servers & Services.
Search for Wiz. Click Add instance to create and configure a new integration instance.
Parameter Description Required name Integration Name. Default: Wiz_instance_1True said Service Account ID True sasecret Service Account Secret True auth_endpoint Wiz Authentication Endpoint, e.g., https://auth.app.wiz.io/oauth/tokenTrue api_endpoint Wiz API Endpoint. Default: https://api.us1.app.wiz.io/graphql
To find your API endpoint URL:
1. Log in to Wiz, then open your user profile
2. Copy the API Endpoint URL to use here.True first_fetch First fetch timestamp ( <number><time unit>, e.g., 12 hours, 7 days)False Fetch incidents Issue Streaming type.
EitherFetch incidents(to constantly pull Issues) orDo not fetch(to push live Issues)False max_fetch Max Issues to fetch False Click Test to validate the API Endpoint, Service Account and connection.
Commands#
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook or War Room. After you successfully execute a command, a DBot message appears in the War Room with the command details.
wiz-get-issue#
Get the details for a Wiz Issue ID.
Base Command
wiz-get-issue
Input
| Argument Name | Description | Required |
|---|---|---|
| issue_id | Issue id | Required |
Command Example#
wiz-get-issues#
Get the issues on cloud resources.
Base Command
wiz-get-issues
Input
| Argument Name | Description | Required |
|---|---|---|
| issue_type | The type of Issue to get Expected input: TOXIC_COMBINATION, THREAT_DETECTION, CLOUD_CONFIGURATION.The chosen type will be fetched . | Optional |
| entity_type | The type of entity to get issues for. | Optional |
| resource_id | Get Issues of a specific resource_id. Expected input: providerId | Optional |
| severity | Get Issues of a specific severuty. Expected input: CRITICAL, HIGH, MEDIUM, LOW or INFORMATIONAL.The chosen severity and above will be fetched | Optional |
entity_type and resource_id are mutually exclusive.
Context Output
| Path | Type | Description |
|---|---|---|
| Wiz.Manager.Issues | String | All Issues |
Command Example#
wiz-get-resource#
Get Details of a resource. You should pass exactly one of resource_id, resource_name.
When searching by name, results are limited to 500 records.
Base Command
wiz-get-resource
Input
| Argument Name | Description | Required |
|---|---|---|
| resource_id | Resource provider id | optional |
| resource_name | search by name or external ID | optional |
Context Output
| Path | Type | Description |
|---|---|---|
| Wiz.Manager.Resource | String | Resource details |
Command Example#
wiz-issue-in-progress#
Re-open an Issue.
Base Command
wiz-issue-in-progress
Input
| Argument Name | Description | Required |
|---|---|---|
| issue_id | Issue id | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| Wiz.Manager.Issue | String | Issue details |
Command Example#
wiz-reopen-issue#
Re-open an Issue.
Base Command
wiz-reopen-issue
Input
| Argument Name | Description | Required |
|---|---|---|
| issue_id | Issue id | Required |
| reopen_note | Note for re-opening Issue | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| Wiz.Manager.Issue | String | Issue details |
Command Example#
wiz-reject-issue#
Re-open an Issue.
Base Command
wiz-reject-issue
Input
| Argument Name | Description | Required |
|---|---|---|
| issue_id | Issue id | Required |
| reject_reason | Note for re-opening Issue Accepted values: WONT_FIX, FALSE_POSITIVE and REJECTED. | Required |
| reject_note | Note for re-opening Issue | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| Wiz.Manager.Issue | String | Issue details |
Command Example#
wiz-resolve-issue#
Resolve a Threat Detection Issue.
Base Command
wiz-resolve-issue
Input
| Argument Name | Description | Required |
|---|---|---|
| issue_id | Issue id | Required |
| resolution_reason | Issue resolution reason | Required |
| resolution_note | Note to explain why the Issue has been resolved | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| Wiz.Manager.Issue | String | Issue details |
Command Example#
wiz-set-issue-note#
Set (append) a note to an Issue.
Base Command
wiz-set-issue-note
Input
| Argument Name | Description | Required |
|---|---|---|
| issue_id | Issue id | Required |
| reject_note | Note for the Issue. Will be appeneded to existing one. | Required |
Command Example#
wiz-clear-issue-note#
Clears a note from an Issue.
Base Command
wiz-clear-issue-note
Input
| Argument Name | Description | Required |
|---|---|---|
| issue_id | Issue id | Required |
Command Example#
wiz-get-issue-evidence#
Get the evidence from an Issue.
Base Command
wiz-get-issue-evidence
Input
| Argument Name | Description | Required |
|---|---|---|
| issue_id | Issue id | Required |
Command Example#
wiz-rescan-machine-disk#
Deprecated
wiz-set-issue-due-date#
Set a due date for an Issue.
Base Command
wiz-set-issue-due-date
Input
| Argument Name | Description | Required |
|---|---|---|
| issue_id | Issue id | Required |
| due_at | Due At Date | Required |
Command Example#
wiz-clear-issue-due-date#
Clear a due date for an Issue.
Base Command
wiz-clear-issue-due-date
Input
| Argument Name | Description | Required |
|---|---|---|
| issue_id | Issue id | Required |
Command Example#
wiz-get-project-team#
Clear a due date for an Issue.
Base Command
wiz-get-project-team
Input
| Argument Name | Description | Required |
|---|---|---|
| project_name | Project Name | Required |
Command Example#
wiz-copy-to-forensics-account#
Copy VM's Volumes to a Forensics Account
Base Command
wiz-copy-to-forensics-account
Input
| Argument Name | Description | Required |
|---|---|---|
| resource_id | Resource Id | Required |