Wiz
Wiz Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.0.0 and later.
Agentless, context-aware and full-stack security and compliance for AWS, Azure and GCP. This integration was integrated and tested with Wiz
#
Configure Wiz in CortexParameter | Description | Required |
---|---|---|
name | Integration Name. Default: Wiz_instance_1 | True |
said | Service Account ID | True |
sasecret | Service Account Secret | True |
auth_endpoint | Wiz Authentication Endpoint, e.g., https://auth.app.wiz.io/oauth/token | True |
api_endpoint | Wiz API Endpoint. Default: https://api.us1.app.wiz.io/graphql To find your API endpoint URL: 1. Log in to Wiz, then open your user profile 2. Copy the API Endpoint URL to use here. | True |
first_fetch | First fetch timestamp (<number> <time unit> , e.g., 12 hours, 7 days) | False |
Fetch incidents | Issue Streaming type. Either Fetch incidents (to constantly pull Issues) or Do not fetch (to push live Issues) | False |
max_fetch | Max Issues to fetch | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook or War Room. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
wiz-get-issueGet the details for a Wiz Issue ID.
Base Command
wiz-get-issue
Input
Argument Name | Description | Required |
---|---|---|
issue_id | Issue id | Required |
#
Command Example#
wiz-get-issuesGet the issues on cloud resources.
Base Command
wiz-get-issues
Input
Argument Name | Description | Required |
---|---|---|
issue_type | The type of Issue to get Expected input: TOXIC_COMBINATION , THREAT_DETECTION , CLOUD_CONFIGURATION .The chosen type will be fetched . | Optional |
entity_type | The type of entity to get issues for. | Optional |
resource_id | Get Issues of a specific resource_id. Expected input: providerId | Optional |
severity | Get Issues of a specific severuty. Expected input: CRITICAL , HIGH , MEDIUM , LOW or INFORMATIONAL .The chosen severity and above will be fetched | Optional |
entity_type
and resource_id
are mutually exclusive.
Context Output
Path | Type | Description |
---|---|---|
Wiz.Manager.Issues | String | All Issues |
#
Command Example#
wiz-get-resourceGet Details of a resource. You should pass exactly one of resource_id
, resource_name
.
When searching by name, results are limited to 500 records.
Base Command
wiz-get-resource
Input
Argument Name | Description | Required |
---|---|---|
resource_id | Resource provider id | optional |
resource_name | search by name or external ID | optional |
Context Output
Path | Type | Description |
---|---|---|
Wiz.Manager.Resource | String | Resource details |
#
Command Example#
wiz-issue-in-progressRe-open an Issue.
Base Command
wiz-issue-in-progress
Input
Argument Name | Description | Required |
---|---|---|
issue_id | Issue id | Required |
Context Output
Path | Type | Description |
---|---|---|
Wiz.Manager.Issue | String | Issue details |
#
Command Example#
wiz-reopen-issueRe-open an Issue.
Base Command
wiz-reopen-issue
Input
Argument Name | Description | Required |
---|---|---|
issue_id | Issue id | Required |
reopen_note | Note for re-opening Issue | Optional |
Context Output
Path | Type | Description |
---|---|---|
Wiz.Manager.Issue | String | Issue details |
#
Command Example#
wiz-reject-issueRe-open an Issue.
Base Command
wiz-reject-issue
Input
Argument Name | Description | Required |
---|---|---|
issue_id | Issue id | Required |
reject_reason | Note for re-opening Issue Accepted values: WONT_FIX , FALSE_POSITIVE and REJECTED . | Required |
reject_note | Note for re-opening Issue | Required |
Context Output
Path | Type | Description |
---|---|---|
Wiz.Manager.Issue | String | Issue details |
#
Command Example#
wiz-resolve-issueResolve a Threat Detection Issue.
Base Command
wiz-resolve-issue
Input
Argument Name | Description | Required |
---|---|---|
issue_id | Issue id | Required |
resolution_reason | Issue resolution reason | Required |
resolution_note | Note to explain why the Issue has been resolved | Required |
Context Output
Path | Type | Description |
---|---|---|
Wiz.Manager.Issue | String | Issue details |
#
Command Example#
wiz-set-issue-noteSet (append) a note to an Issue.
Base Command
wiz-set-issue-note
Input
Argument Name | Description | Required |
---|---|---|
issue_id | Issue id | Required |
reject_note | Note for the Issue. Will be appeneded to existing one. | Required |
#
Command Example#
wiz-clear-issue-noteClears a note from an Issue.
Base Command
wiz-clear-issue-note
Input
Argument Name | Description | Required |
---|---|---|
issue_id | Issue id | Required |
#
Command Example#
wiz-get-issue-evidenceGet the evidence from an Issue.
Base Command
wiz-get-issue-evidence
Input
Argument Name | Description | Required |
---|---|---|
issue_id | Issue id | Required |
#
Command Example#
wiz-rescan-machine-diskDeprecated
#
wiz-set-issue-due-dateSet a due date for an Issue.
Base Command
wiz-set-issue-due-date
Input
Argument Name | Description | Required |
---|---|---|
issue_id | Issue id | Required |
due_at | Due At Date | Required |
#
Command Example#
wiz-clear-issue-due-dateClear a due date for an Issue.
Base Command
wiz-clear-issue-due-date
Input
Argument Name | Description | Required |
---|---|---|
issue_id | Issue id | Required |
#
Command Example#
wiz-get-project-teamClear a due date for an Issue.
Base Command
wiz-get-project-team
Input
Argument Name | Description | Required |
---|---|---|
project_name | Project Name | Required |
#
Command Example#
wiz-copy-to-forensics-accountCopy VM's Volumes to a Forensics Account
Base Command
wiz-copy-to-forensics-account
Input
Argument Name | Description | Required |
---|---|---|
resource_id | Resource Id | Required |