Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
To integrate with Wiz, you need to provide an authentication endpoint URL, and a valid Client ID and Client Secret generated using a Wiz service account.
Note
We recommend creating a dedicated user for use with data connectors in Exposure Management.
Wiz configuration
First, you need to create a service account with the required permissions to get the authentication endpoint URL, Client ID, and Client Secret.
Note
To create a Service Account, you must be logged in as a Wiz user with Write (W) permission on service accounts. Project-scoped roles can create Service Accounts only on their own Projects.
Add a service account
Go to the Settings > Access Management > Service Accounts page, then select Add Service Account.
Enter a meaningful Name for the account.
Choose the Type of service account to add. It should be Custom Integration (GraphQL API)
You can select to limit access to specific projects only by choosing up to 50 projects from the drop-down list. If you aren't sure which project to choose, it's better to leave it empty.
You can set an Expiration date for the service account although the recommendation is to leave it empty.
Set the API Scopes to Read graph resource and Read vulnerabilities
Note
At minimum, the Service Account should have permissions of Read graph resources and Read vulnerabilities, though we recommend Read:all permissions as we may retrieve additional data as we further develop connector.
Select Add Service Account. The secret credentials dialog shows the newly created Client ID and Client Secret for the service account.
Copy the Client ID and Client Secret to a secure place, such as a password management tool.
Select Finish.
Getting the Authentication Endpoint URL
- At the top right of the Wiz portal, click Profile > Tenant Info Direct link
API Endpoint URL- Copy the endpoint in the following form:https://api.<TENANT_DATA_CENTER>.app.wiz.io/
Establish Wiz connection in Exposure Management
To establish a connection with Wiz in Exposure Management, follow these steps:
- Open the Data Connectors from the Exposure Management navigation and select Connect in the Wiz tile.
- Enter your Wiz authentication data and select Connect.
Retrieved data
Wiz connector retrieves data on compute devices. This includes virtual machines and cloud resources, along with vulnerability findings and configuration data from Wiz on those assets. It also retrieves network and configuration information to identify those devices.
| Category | Properties |
|---|---|
| Assets/devices | - Cloud provider information - Network Interfaces - IP addresses - Virtual Machine Properties (Device name, Cloud provider ID) - Operating system details - Has high or Admin Privileges - Open to Internet or Internet facing - Contains sensitive data - Instance type - Is Container Host - Is Ephemeral - isManaged - Tags - Wiz projects - First seen - Last seen - Wiz Criticality |
| Vulnerability findings | Wiz retrieves CVE findings on the assets that it ingests. |
Troubleshooting the Wiz data connector
Here are some common issues that might arise when configuring the Wiz Connector, and suggestions for how to resolve them.
| Error Type | Troubleshooting Action |
|---|---|
| Error code 401: Authorization failure | An authorization failure indicates that credentials might not be correct, or there might not be sufficient permissions to access the Wiz data. Check your credentials and make sure they're correct and valid. Also check that your credentials have the required permissions. See the Wiz configuration section for details on how to assign the appropriate scopes. You can validate your credentials by testing the authentication endpoint with your Client ID and Client Secret. |
| Error code 403: Access forbidden error | This error indicates that the provided credentials lack the necessary permissions to run the requested APIs. Update your credentials with the proper permissions as described in the configuration section. Make sure they have at minimum the "Read graph resources" and "Read vulnerabilities" permissions. |
| Error code 404: Not found error | This error indicates that the requested endpoint wasn't found to be reachable. Verify that your Wiz authentication endpoint URL is correct, see the configuration section for details. |
| Error code 429 'Too many requests" | The system periodically pulls data from the configured external providers, which might have a limit on the number of concurrent requests. We recommend creating a dedicated service account for the connector to avoid reaching this limit. |
| 'Temporary disconnected' or 'Temporary failure' error message | In the case where this error message appears without any additional information, verify the connector configuration (authentication endpoint URL and credentials). If the configuration is valid and the issue doesn't resolve on its own, contact Support. |
| Not seeing my assets or the vulnerabilities reported by Wiz in the ingested data | See Retrieved data for a description of the expected retrieved data by the Wiz connector. If there's still missing data, contact Support. |
| Wiz allowed IPs need to be configured to enable Exposure Management connectors to access Wiz | Read how to add the set of IPs to add to your allowlist here: Allowlist IP addresses. |
Next steps
After configuring the Wiz data connector:
- Review your attack surface map to see Wiz data
- Explore security recommendations
- Set up security initiatives to track remediation progress