Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
This feature is in Beta. Workspace admins can control access to this feature from the Previews page. See Manage Azure Databricks previews.
This page has reference information for the managed Wiz Audit Logs connector, including supported source tables and destination table schemas.
Supported source tables
The Wiz Audit Logs connector supports the following source tables, all under the default source schema. Every table supports incremental ingestion.
| Source table | Description | Incremental ingestion |
|---|---|---|
audit_log_entries |
Audit log entries for your Wiz tenant, such as user actions, service account activity, and configuration changes. |  Supported |
issues |
Wiz issues representing risks detected in your cloud environment, including status, severity, and affected resources. | Supported |
vulnerability_findings |
Vulnerability findings detected across your cloud assets, including severity, CVE details, and remediation guidance. | Supported |
Destination table schemas
All tables use lw_id as the primary key and use liquid clustering on the time column.
audit_log_entries
| Field | Data type |
|---|---|
lw_id |
string |
time |
timestamp |
id |
string |
action |
string |
requestId |
string |
status |
string |
timestamp |
timestamp |
actionParameters |
string |
userAgent |
string |
sourceIP |
string |
serviceAccount |
struct<id: string, name: string> |
user |
struct<id: string, name: string> |
issues
| Field | Data type |
|---|---|
lw_id |
string |
time |
timestamp |
id |
string |
sourceRule |
string |
createdAt |
timestamp |
updatedAt |
timestamp |
dueAt |
timestamp |
type |
string |
resolvedAt |
timestamp |
statusChangedAt |
timestamp |
projects |
array<struct<id: string, name: string, slug: string, businessUnit: string, riskProfile: string>> |
status |
string |
severity |
string |
entitySnapshot |
string |
serviceTickets |
string |
notes |
string |
vulnerability_findings
| Field | Data type |
|---|---|
lw_id |
string |
time |
timestamp |
id |
string |
portalUrl |
string |
name |
string |
CVEDescription |
string |
CVSSSeverity |
string |
score |
double |
exploitabilityScore |
double |
impactScore |
double |
dataSourceName |
string |
hasExploit |
boolean |
hasCisaKevExploit |
boolean |
status |
string |
vendorSeverity |
string |
firstDetectedAt |
timestamp |
lastDetectedAt |
timestamp |
updatedAt |
timestamp |
resolvedAt |
timestamp |
description |
string |
remediation |
string |
detailedName |
string |
version |
string |
fixedVersion |
string |
detectionMethod |
string |
link |
string |
locationPath |
string |
resolutionReason |
string |
epssSeverity |
string |
epssPercentile |
double |
epssProbability |
double |
validatedInRuntime |
string |
layerMetadata |
string |
projects |
array<struct<id: string, name: string, slug: string, businessUnit: string>> |
ignoreRules |
array<struct<id: string, name: string, enabled: boolean>> |
vulnerableAsset |
string |
Required Wiz service account permissions
The Wiz service account must have read access to the audit log entries, issues, and vulnerability findings you want to ingest. For details, see Configure authentication to Wiz.