Wiz

Visualize Wiz Vulnerability Findings and monitor changes through queries and alerts.

Installation
Data Model
Types

Installation

info

You will need the following parameters:

Active service account
- A Wiz service account serves as a machine-to-machine interface to authenticate with the Wiz API. Permissions must be explicitly assigned to a service account by a Wiz user, typically requiring a user with elevated privileges, such as a Global Admin, to configure these settings correctly. See their documentation for more information.
- Required scopes:
  - read:users
  - read:projects
  - read:reports
  - create:reports
  - read:vulnerabilities
  - read:resources
  - read:host_configuration
Client ID and Client Secret
Token URL. Example: https://auth.app.wiz.io/oauth/token
API Endpoint URL
- Example: https://api.<TENANT_DATA_CENTER>.<ENVIRONMENT>/graphql
- Where <TENANT_DATA_CENTER> is your Wiz regional data center (e.g., us1, us2, eu1 or eu2)
- And <ENVIRONMENT> is one of app.wiz.io, app.wiz.us, or gov.wiz.io

To install the Wiz integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Wiz. Click New Instance to begin configuring your integration.

Creating an Wiz instance requires the following:

The Account Name used to identify the Wiz account in JupiterOne. Ingested entities will have this value stored in tag.AccountName when the AccountName toggle is enabled.
Description to assist in identifying the integration instance, if desired.
Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as DISABLED and manually execute the integration.
Your Wiz Access Token API URL.
Your Wiz GraphQL API URL.
Your Wiz Client ID and Client Secret.

Click Create once all values are provided to finalize the integration.

Next steps

Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.

Entities

The following entities are created:

Resources	Entity `_type`	Entity `_class`
Account	`wiz_account`	Account
Host	`wiz_host`	Host
Host Configuration Finding	`wiz_host_configuration_finding`	Finding
Project	`wiz_project`	Project
User	`wiz_user`	User
Vulnerability Finding	`wiz_vulnerability_finding`	Vulnerability, Finding

Relationships

The following relationships are created:

Source Entity `_type`	Relationship `_class`	Target Entity `_type`
`wiz_account`	MANAGES	`wiz_project`
`wiz_account`	MANAGES	`wiz_user`
`wiz_host_configuration_finding`	EXPLOITS	`wiz_host`
`wiz_project`	HAS	`wiz_host`
`wiz_vulnerability_finding`	EXPLOITS	`wiz_host`

Wiz Account

wiz_account inherits from Account

Wiz Host

wiz_host inherits from Host

Property	Type	Description	Specifications
`cloudPlatform`	`string`
`cloudProviderId`	`string`
`cloudProviderUrl`	`string`
`providerUniqueId`	`string`
`subscriptionExternalId`	`string`
`subscriptionId`	`string`

Wiz Host Configuration Finding

wiz_host_configuration_finding inherits from Finding

Property	Type	Description	Specifications
`analyzedOn` *	`null` \| `number`
`assessmentError` *	`null` \| `string`
`assessmentErrorMessage` *	`null` \| `string`
`detectedBy` *	`null` \| `array`
`firstSeenOn` *	`null` \| `number`
`hasGraphObject` *	`null` \| `boolean`
`matcherResultDynamicScanner` *	`null` \| `string`
`matcherResultWorkloadScanner` *	`null` \| `string`
`nucleiDescription` *	`null` \| `string`
`ovalDescription` *	`null` \| `string`
`resolutionReason` *	`null` \| `string`
`resourceCloudPlatform` *	`null` \| `string`
`resourceName` *	`null` \| `string`
`resourceNativeType` *	`null` \| `string`
`resourceProviderUniqueId` *	`null` \| `string`
`resourceRegion` *	`null` \| `string`
`resourceStatus` *	`null` \| `string`
`resourceType` *	`null` \| `string`
`result` *	`null` \| `string`
`ruleDescription` *	`null` \| `string`
`ruleExcludedTechnologies` *	`null` \| `array`
`ruleExternalId` *	`null` \| `string`
`ruleIsBuiltin` *	`null` \| `boolean`
`ruleIsEnabled` *	`null` \| `boolean`
`ruleIsMissingPrerequisite` *	`null` \| `boolean`
`ruleName` *	`null` \| `string`
`ruleRemediationInstructions` *	`null` \| `string`
`ruleShortName` *	`null` \| `string`
`ruleTargetOperatingSystems` *	`null` \| `array`
`ruleTargetPlatforms` *	`null` \| `array`
`ruleTargetTechnologies` *	`null` \| `array`
`securityFrameworkSubCategoryIds` *	`null` \| `array`
`securityRisks` *	`null` \| `array`
`securityThreats` *	`null` \| `array`
`targetObjectCloudPlatform` *	`null` \| `string`
`targetObjectName` *	`null` \| `string`
`targetObjectNativeType` *	`null` \| `string`
`targetObjectProviderUniqueId` *	`null` \| `string`
`targetObjectRegion` *	`null` \| `string`
`targetObjectStatus` *	`null` \| `string`
`updatedOn` *	`null` \| `number`

Wiz Project

wiz_project inherits from Project

Property	Type	Description	Specifications
`archived` *	`boolean`
`businessUnit`	`string`
`isFolder` *	`boolean`
`slug` *	`string`

Wiz User

wiz_user inherits from User

Property	Type	Specifications
`authenticationSource` *	`string`	Any of: `LEGACY` `MODERN`
`isSuspended` *	`boolean`
`lastLoginOn`	`number`

Wiz Vulnerability Finding

wiz_vulnerability_finding inherits from Vulnerability, Finding

Property	Type	Description	Specifications
`cveDescription` *	`string` \| `null`
`cvssSeverity` *	`string` \| `null`
`detailedName` *	`string` \| `null`
`detectionMethod` *	`string` \| `null`
`firstDetectedOn`	`number`
`fixedVersion` *	`string` \| `null`
`hasCisaKevExploit` *	`boolean` \| `null`
`hasExploit` *	`boolean` \| `null`
`impactScore` *	`number` \| `null`
`lastDetectedOn`	`number`
`remediation` *	`string` \| `null`
`remediationActions` *	`string` \| `null`
`resolvedOn`	`number`
`vendorSeverity` *	`string` \| `null`
`version` *	`string` \| `null`

Installation​

Next steps​

Entities​

Relationships​

Wiz Account​

Wiz Host​

Wiz Host Configuration Finding​

Wiz Project​

Wiz User​

Wiz Vulnerability Finding​