Wiz

View vulnerabilities of your cloud resources

Summary - Creating a Wiz Credential

  1. Hit Save. The credentials will be checked and a discovery job will start. Done!

Wiz is a cloud-native vulnerability management platform that helps you secure your cloud workloads without deploying agents or configuring external scans. It uses a single cloud-native API connector to continuously assess your VMs, serverless functions, containers, and more, across multiple cloud providers like AWS, GCP, and Azure.

Creating Service Account in Wiz

A Wiz Service Account is used to authenticate with Wiz.

Type

Create a Custom Integration (GraphQL API).

Scopes

The service account for configure8 requires at least this role:

read:vulnerabilities

Creating a Wiz Credential

To connect your Wiz Service Account to configure8, perform the following steps.

Get started by navigating to the Credentials page by clicking on the "Settings" icon on the menu bar. Then in the Credentials tab hit "+ Add Credential".

From the Add Credential pop-up, select Wiz from the list of available providers.

Next, enter the information required for your credential:

  • Name: a recognizable alias for the new credential.

  • Client ID: this is the client ID obtained within Wiz after creating a service account

  • Client Secret: this is the client secret obtained within Wiz after creating a service account

  • Region: this is obtained via the user profile in Wiz and should be the region section of the url, like https://api.us1.app.wiz.io where us1 is the region. If your URL does not contain the region, you can look for the "tenant datacenter" info.

Select Save to create your Wiz credential in configure8. The configure8 app will automatically validate the credentials to make sure they work. If they do not, the credentials will not be saved and you will be prompted to fix them.

How it works

Vulnerabilities menu

All vulnerabilities will be grouped under the Vulnerabilities tab in your catalog. configure8 automatically maps vulnerabilities pulled from Wiz or AWS Security Hub to cloud resources. You can also push custom vulnerabilities from any source through configure8 public API. Those cloud resources are related to Services, and with this we can provide vulnerabilities view from multiple perspectives.

In the vulnerabilities menu and can explore and manage the vulnerabilities:

  • Sorting by any column.

  • Filtering by any field.

  • Group by resources.

  • Manually add new vulnerabilities in + Add New Entity.

  • Delete vulnerabilities individually or in bulk by selecting multiple.

Resources menu

You can use the resources table to "filter" and "Group by" for Vulnerabilities related to the discovered resources.

Inside any resources you can also see a Vulnerabilities tab. If the resource have related vulnerabilities we will show it here.

Scorecards

You can Scorecard your services against Wiz vulnerabilities by using the Custom Data Check for Scorecards.

Selecting "Custom calculated property" you can specify in JSON format the data from vulnerabilities you want to check.

Here's a sample on how to count all CRITICAL severity vulnerabilities.

{
  "type": "FUNCTION",
  "aggregation": "COUNT",
  "path": "resources.vulnerabilities.id",
  "filter": [
    {
      "type": "compare",
      "field": "resources.vulnerabilities.severity",
      "value": "CRITICAL",
      "compare": "eq"
    }
  ]
}

Then you just need to define what's the threshold you want to compare to. For instance the full config for having 0 Critical vulnerabilities below:

Extending Vulnerabilities Schema

If you want to add more fields or different relations (for instance to services or repositories) to the Base Vulnerability schema you can extend it.

To do that go Settings -> Schema -> Add Schema and select the vulnerability. This schema will inheritt the base data already existing on our system Vulnerability schema.

For instance:

Form JSON Schema

{
  "properties": {
    "c8Description": {
      "type": "string"
    },
    "c8Code": {
      "type": "number"
    },
    "FixedTime": {
      "type": "number"
    }
  }
}

Data Model JSON

[
  {
    "hidden": false,
    "name": "c8Description",
    "columnName": "c8Description",
    "calc": "details.c8Description"
  },
  {
    "hidden": false,
    "name": "c8Code",
    "columnName": "c8Code",
    "calc": "details.c8Code"
  },
  {
    "hidden": false,
    "name": "FixedTime",
    "columnName": "FixedTime",
    "calc": "details.FixedTime"
  }
]

This will create a new item in the catalog menu for that type of vulnerability, and the new fields will be received when creating and shown on the table as configured above:

Last updated

Copyright © 2023 configure8, Inc. All rights reserved.