Wiz collector

[ 1 Overview ] [ 2 Data sources ] [ 3 Devo collector features ] [ 4 Flattening preprocessing ] [ 5 How to enable the collection in the vendor ] [ 6 Minimum configuration required for basic pulling ] [ 7 Accepted authentication methods ] [ 8 Run the collector ] [ 9 Collector service details ] [ 10 Collector operations ] [ 11 Change log for 1.x.x ]

Overview

Wiz is a cloud infrastructure security tool that provides organizations with an in-depth contextual risk assessment. Wiz’s agentless solution builds inventory, and scans for varied risk factors such as vulnerabilities, excessive permissions, malware, exposed secrets, practical exposure, and more, and prioritizes the alerts for the security teams based on the likelihood to be exploited and potential business impact.

The Devo Wiz collector allows customers to retrieve Wiz cloud security issues into Devo to query, correlate, analyze, and visualize to enable Enterprise IT and Cybersecurity teams to take the most impactful decisions at the petabyte scale. The collector processes the Wiz API responses and sends them to the Devo platform, which then categorizes all data received on tables along rows and columns in your Devo domain.

Data sources

Data source	Description	API endpoint	Collector service name	Devo table	Available from release

Data source	Description	API endpoint	Collector service name	Devo table	Available from release
Issues	An issue in Wiz is a vulnerability that is detected in the cloud infrastructure	`/graphql`	`issues`	`cspm.wiz.issues.default`	`v1.0.0`

Devo collector features

Feature	Details

Feature	Details
Allow parallel downloading (`multipod`)	`Not allowed`
Running environments	`Collector Server`, `On Premise`
Populated Devo events	`Table`
Flattening preprocessing	`Yes`

Flattening preprocessing

In order to improve the data exploitation and enrichment, this collector applies some flattening actions to the collected data before delivering it to Devo:

Data source	Collector service	Optional	Flattening details

Data source	Collector service	Optional	Flattening details
Issues	`issues`	`No`	The `control` key content is transferred to the first JSON level with the prefix `control_`. The `entity` key content is transferred to the first JSON level with the prefix `entity_`. The `entitySnapshot` key content is transferred to the first JSON level with the prefix `entitySnapshot_`.

How to enable the collection in the vendor

Minimal requirements to follow this guide

In order to retrieve the data, the following details will be required from your Wiz instance.

Instance domain	Wiz domain of your cloud instance where the collector will make the requests.
Client ID	Wiz user ID.
Client secret	Wiz user passwords.

Minimum configuration required for basic pulling

Although this collector supports advanced configuration, the fields required to download data with basic configuration are defined below.

This minimum configuration refers exclusively to the specific parameters of this integration. There are more required parameters related to the generic behavior of the collector. Check setting sections for details.

Setting	Details

Setting	Details
`override_api_base_url`	By default, the base URLis `https://api.us1.app.wiz.io`. This parameter allows you to customize the base URL and is mandatory when the customer ULR is different than the given default value.
`client_id`	User Client ID to authenticate to the service.
`client_secret`	User Secret Key to authenticate to the service.

Accepted authentication methods

The following are the accepted authentication methods for this collector.

Authentication method	Client ID	Client secret

Authentication method	Client ID	Client secret
Basic authentication	REQUIRED	REQUIRED

Run the collector

Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).

Collector service details

All events of this service are ingested into the table cspm.wiz.issues.default

Issue service is based on the following GraphQL command:

query IssuesTable(
  $filterBy: IssueFilters
  $first: Int
  $after: String
  $orderBy: IssueOrder
) {
  issues(
    filterBy: $filterBy
    first: $first
    after: $after
    orderBy: $orderBy
  ) {
    nodes {
      ...IssueDetails
    }
    pageInfo {
      hasNextPage
      endCursor
    }
    totalCount
    informationalSeverityCount
    lowSeverityCount
    mediumSeverityCount
    highSeverityCount
    criticalSeverityCount
    uniqueEntityCount
  }
}

fragment IssueDetails on Issue {
  id
  control {
    id
    name
    query
    securitySubCategories {
      id
      title
      category {
        id
        name
        framework {
          id
          name
        }
      }
    }
  }
  createdAt
  updatedAt
  projects {
    id
    name
    slug
    businessUnit
    riskProfile {
      businessImpact
    }
  }
  status
  severity
  entity {
    id
    name
    type
  }
  entitySnapshot {
    id
    type
    nativeType
    name
    subscriptionId
    subscriptionExternalId
    subscriptionName
    resourceGroupId
    resourceGroupExternalId
    region
    cloudPlatform
    cloudProviderURL
    providerId
    status
    tags
    subscriptionTags
  }
  note
  serviceTicket {
    externalId
    name
    url
  }
  serviceTickets {
    externalId
    name
    url
    action {
      id
      type
    }
  }
}

Once the collector has been launched, it is important to check if the ingestion is performed in a proper way. To do so, go to the collector’s logs console.

This service has the following components:

Component	Description

Component	Description
Setup	The setup module is in charge of authenticating the service and managing the token expiration when needed.
Puller	The setup module is in charge of pulling the data in a organized way and delivering the events via SDK.

Setup output

A successful run has the following output messages for the setup module:

INFO InputProcess::WizDataPullerSetup(wiz_collector,wiz_data_puller#111,issues#predefined) -> Puller Setup Started
INFO InputProcess::WizDataPullerSetup(wiz_collector,wiz_data_puller#111,issues#predefined) -> successfully generated new access token
INFO InputProcess::WizDataPullerSetup(wiz_collector,wiz_data_puller#111,issues#predefined) -> The credentials provided in the configuration have required permissions to request issues from Wiz server
INFO InputProcess::WizDataPullerSetup(wiz_collector,wiz_data_puller#111,issues#predefined) -> Puller Setup Terminated
INFO InputProcess::WizDataPullerSetup(wiz_collector,wiz_data_puller#111,issues#predefined) -> Setup for module <WizDataPuller> has been successfully executed

Puller output

A successful initial run has the following output messages for the puller module:

Note that the PrePull action is executed only one time before the first run of the Pull action.

INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> PrePull Started.
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> User has specified 2022-01-01 00:00:00 as the datetime. Historical polling will consider this datetime for creating the default values.
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> No saved state found, initializing with state: {'historic_date_utc': datetime.datetime(2022, 1, 1, 0, 0), 'last_polled_timestamp': datetime.datetime(2022, 1, 1, 0, 0), 'ids_with_same_timestamp': [], 'buffer_timestamp_with_duplication_risk': datetime.datetime(1970, 1, 1, 0, 0), 'buffer_ids_with_duplication_risk': []}
WARNING InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> Saved state loaded: {'historic_date_utc': datetime.datetime(2022, 1, 1, 0, 0), 'last_polled_timestamp': datetime.datetime(2022, 1, 1, 0, 0), 'ids_with_same_timestamp': [], 'buffer_timestamp_with_duplication_risk': datetime.datetime(1970, 1, 1, 0, 0), 'buffer_ids_with_duplication_risk': []}
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> PrePull Terminated
2INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> Starting data collection every 60 seconds
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> Pull Started
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> Fetching for issues from 2022-01-01T00:00:00
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> Requesting Wiz API for issues
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> successfully retried issues from Wiz
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> Total number of issues in this poll: 45
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> Removing the duplicate issues if present
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> Flatten data is set to True. Flattening the data and adding 'devo_pulling_id' to events
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> Delivering issues to the SDK
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> 20 issues delivered
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> State has been updated during pagination: {'historic_date_utc': datetime.datetime(2022, 1, 1, 0, 0), 'last_polled_timestamp': datetime.datetime(2022, 1, 1, 0, 0), 'ids_with_same_timestamp': [], 'buffer_timestamp_with_duplication_risk': datetime.datetime(2022, 5, 12, 19, 13, 20, 193191), 'buffer_ids_with_duplication_risk': ['09992ee4-1450-44fa-951c-d5fc4815473a']}.
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> (Partial) Statistics for this pull cycle (@devo_pulling_id=1656602793.044179) so far: Number of requests made: 1; Number of events received: 45; Number of duplicated events filtered out: 0; Number of events generated and sent: 20.
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> Requesting Wiz API for issues
INFO OutputProcess::SyslogSender(standard_senders,syslog_sender_0) -> syslog_sender_0 -> Created sender: {"client_name": "collector-4ac42f93cffaa59c-9dc9f67c9-cgm84", "url": "sidecar-service-default.integrations-factory-collectors:601", "object_id": "140446617222352"}
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> successfully retried issues from Wiz
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> Removing the duplicate issues if present
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> Flatten data is set to True. Flattening the data and adding 'devo_pulling_id' to events
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> Delivering issues to the SDK
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> 20 issues delivered
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> State has been updated during pagination: {'historic_date_utc': datetime.datetime(2022, 1, 1, 0, 0), 'last_polled_timestamp': datetime.datetime(2022, 1, 1, 0, 0), 'ids_with_same_timestamp': [], 'buffer_timestamp_with_duplication_risk': datetime.datetime(2022, 6, 30, 9, 0, 1, 927011), 'buffer_ids_with_duplication_risk': ['87e301c5-d3b7-4c2b-9495-9163772b3517', '7c95e45f-694e-4843-8aa7-d697a66fb14a', '5f3daede-c375-424f-9034-d9f423310b4a', '584ac078-87f2-45a5-b2eb-6e72e0594bd7', '5057cb24-ce5b-405d-bd5d-fd7b3ba70fc0', '22933fcb-ebb0-4a03-bb00-c1cba0b5abca', '1bed50e0-7825-41c9-a9de-8d32e0a35de8', '03a303c8-000c-4544-8f2c-65486a225e15']}.
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> (Partial) Statistics for this pull cycle (@devo_pulling_id=1656602793.044179) so far: Number of requests made: 2; Number of events received: 45; Number of duplicated events filtered out: 0; Number of events generated and sent: 40.
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> Requesting Wiz API for issues
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> successfully retried issues from Wiz
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> Removing the duplicate issues if present
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> Flatten data is set to True. Flattening the data and adding 'devo_pulling_id' to events
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> Delivering issues to the SDK
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> 5 issues delivered
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> State has been updated during pagination: {'historic_date_utc': datetime.datetime(2022, 1, 1, 0, 0), 'last_polled_timestamp': datetime.datetime(2022, 1, 1, 0, 0), 'ids_with_same_timestamp': [], 'buffer_timestamp_with_duplication_risk': datetime.datetime(2022, 6, 30, 13, 14, 40, 673424), 'buffer_ids_with_duplication_risk': ['4d819843-61ef-4e70-a2b6-5834a3f96403']}.
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> Updating deduplication buffers content
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> Statistics for this pull cycle (@devo_pulling_id=1656602793.044179):Number of requests made: 3; Number of events received: 45; Number of duplicated events filtered out: 0; Number of events generated and sent: 45; Average of events per second: 33.797.
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> Pull Terminated
INFO InputProcess::WizDataPuller(wiz_data_puller,00011,issues,predefined) -> Data collection completed. Elapsed time: 1.334 seconds. Waiting for 58.666 second(s)

After a successful collector’s execution (that is, no error logs found), you will see the following log message:

The value @devo_pulling_id is injected in each event to group all events ingested by the same pull action. You can use it to get the exact events downloaded in that Pull action in Devo’s search window.

This collector uses persistent storage to download events in an orderly fashion and avoid duplicates. In case you want to re-ingest historical data or recreate the persistence, you can restart the persistence of this collector by following these steps:

Edit the configuration file.
Change the value of the historical_date_utc parameter to a different one.
Save the changes.
Restart the collector.

The collector will detect this change and will restart the persistence using the parameters of the configuration file or the default configuration in case it has not been provided.

Error type	Error ID	Error message	Cause	Solution

Error type	Error ID	Error message	Cause	Solution
`InitVariablesError`	`1`	`Devo tag is the required field for sending events to Devo. Specify it in collector definitions`	This error is raised when `devo_tag` property is not found in `collector_definitions.yaml`.	This is an internal issue. Contact with Devo Support team.
`InitVariablesError`	`2`	`Required setting. devo_tag is not of expected type: str`	This error is raised when `devo_tag` is defined in `collector_definitions.yaml` but the format is not `str`.	This is an internal issue. Contact with Devo Support team.
`InitVariablesError`	`3`	`Optional setting, override_devo_tag not of expected type: str`	This error is raised when optional value `override_devo_tag` added in `config.json` is not of type `str`.	Edit the value of `override_devo_tag` in `config.json` so it is of type `str`. Or leave it empty so it takes the default value.
`InitVariablesError`	`4`	`GraphQL query is the required field for querying issues from Wiz. Specify it in collector definitions`	This error is raised when `graphql_query` is not found in `collector_definitions.yaml`.	This is an internal issue. Contact with Devo Support team.
`InitVariablesError`	`5`	`Required setting. graphql_query is not of expected type: str`	This error is raised when `graphql_query` defined in `collector_definitions.yaml` is not of type `str`.	This is an internal issue. Contact with Devo Support team.
`InitVariablesError`	`6`	`user_agent is the required field for passing in headers of Wiz API calls. Specify it in collector definitions`	This error is raised when `user_agent` is not found in `collector_definitions.yaml`.	This is an internal issue. Contact with Devo Support team.
`InitVariablesError`	`7`	`Required setting. user_agent is not of expected type: str`	This error is raised when `user_agent` defined in `collector_definitions.yaml` is not of type `str`.	This is an internal issue. Contact with Devo Support team.
`InitVariablesError`	`8`	`Optional setting, flatten_data not of expected type: bool`	This error is raised when the optional value `flatten_data` defined in `config.json` is not of type `bool`.	Edit the value of `flatten_data` in `config.json` so it is of type `bool`. You can also remove `override_flatten_data` parameter from `config.json` so it takes the default value.
`InitVariablesError`	`9`	`Optional setting, requests_per_second not of expected type: int`	This error is raised when the optional value `requests_per_second` defined in `config.json` is not of type `int`.	Edit the value of `requests_per_second` in `config.json` so it is of type `int`. Or leave it empty so it takes the default value.
`InitVariablesError`	`10`	`Required setting. requested_page_size_in_items is not of expected type: int`	This error is raised when `requested_page_size_in_items` defined in `collector_definitions.yaml` is not of type `int`.	This is an internal issue. Contact with Devo Support team.
`InitVariablesError`	`11`	`access_token_timeout is the required field for checking if the token is expired. Specify it in collector definitions`	This error is raised when `access_token_timeout` is not found in `collector_definitions.yaml`.	This is an internal issue. Contact with Devo Support team.
`InitVariablesError`	`12`	`Required setting. access_token_timeout is not of expected type: int`	This error is raised when `access_token_timeout` defined in `collector_definitions.yaml` is not of type `int`.	This is an internal issue. Contact with Devo Support team.
`InitVariablesError`	`13`	`default_historic_days is the required field in case historic_date_utc is not specified. Specify it in collector definitions`	This error is raised when `default_historic_days` is not found in `collector_definitions.yaml`.	This is an internal issue. Contact with Devo Support team.
`InitVariablesError`	`14`	`Required setting. default_historic_days is not of expected type: int`	This error is raised when `default_historic_days` defined in `collector_definitions.yaml` is not of type `int`.	This is an internal issue. Contact with Devo Support team.
`InitVariablesError`	`15`	`api_url_regex is the required field for validating the base url. Specify it in collector definitions`	This error is raised when `api_url_regex` is not found in `collector_definitions.yaml`.	This is an internal issue. Contact with Devo Support team.
`InitVariablesError`	`16`	`Required setting. api_url_regex is not of expected type: str`	This error is raised when `api_url_regex` defined in `collector_definitions.yaml` is not of type `str`.	This is an internal issue. Contact with Devo Support team.
`InitVariablesError`	`17`	`historic_date_time_format is the required field for validating datetime format. Specify it in collector definitions`	This error is raised when `api_url_regex` is not found in `collector_definitions.yaml`.	This is an internal issue. Contact with Devo Support team.
`InitVariablesError`	`18`	`Required setting. historic_date_time_format is not of expected type: str`	This error is raised when `api_url_regex` defined in `collector_definitions.yaml` is not of type `str`.	This is an internal issue. Contact with Devo Support team.
`InitVariablesError`	`19`	`api_base_url not of expected type: str`	This error could be raised for two reasons: `api_base_url` defined in `collector_definitions.yaml` is not of type `str`. `override_api_base_url` defined in `config.json` is not of type `str`.	Solutions for both cases, respectively: This is an internal issue. Contact with Devo Support team. Edit the value of `override_api_base_url` in `config.json` so it is of type `str`. Or remove the parameter definition, so it takes the default value.
`InitVariablesError`	`20`	`api_base_url must match regex: <regex>`	This error could be raised for two reasons: `api_base_url` defined in `collector_definitions.yaml` does not match the required regex. `override_api_base_url` defined in `config.json` does not match the required regex.	Solutions for both cases, respectively: This is an internal issue. Contact with Devo Support team. Edit the value of `override_api_base_url` in `config.json` so it matches the indicated regex. Or remove the parameter definition so it takes the default value. If default value was used it is an internal issue, so contact with Devo Support team.
`InitVariablesError`	`21`	`Required setting, credentials not found in user configuration`	This error is raised when the required property `credentials` is not found in `config.json`.	Add `credentials` dictionary in `config.json`, including `client_id` and `client_secret` fields.
`InitVariablesError`	`22`	`Required setting, credentials not of expected type: dict`	This error is raised when `credentials` is defined in `config.json` but the format is not `dict`.	Edit the value of `credentials` in `config.json` so it is of type `dict`.
`InitVariablesError`	`23`	`Required setting, client_id not found in user configuration`	This error is raised when the required property `client_id` is not found in `config.json`, into `credentials` dictionary.	Add `client_id` property in `config.json`, into `credentials` dictionary.
`InitVariablesError`	`24`	`Required setting, client_id not of expected type: str`	This error is raised when `client_id` is defined in `config.json` but the format is not `str`.	Edit the value of `client_id` in `config.json`, into `credentials` dictionary, so it is of type `str`.
`InitVariablesError`	`25`	`Required setting, client_secret not found in user configuration`	This error is raised when the required property `client_secret` is not found in `config.json`, into `credentials` dictionary.	Add `client_secret` property in `config.json`, into `credentials` dictionary.
`InitVariablesError`	`26`	`Required setting, client_secret not of expected type: str`	This error is raised when `client_secret` is defined in `config.json` but the format is not `str`.	Edit the value of `client_secret` in `config.json`, into `credentials` dictionary, so it is of type `str`.
`InitVariablesError`	`27`	`Required setting, historic_date_utc not of expected type: str`	This error is raised when the optional value `historic_date_utc` defined in `config.json` is not of type `str`.	Edit the value of `historic_date_utc` in `config.json` so it is of type `str`. Or leave it empty so the collector starts pulling data N days ago at the current time.
`InitVariablesError`	`28`	`Time format for historic date must be <time_format>. e.g. 2022-02-15T14:32:33.043Z`	This error is raised when the optional value `historic_date_utc` defined in `config.json` does not match the indicated format.	Make the value of `historic_date_utc` in `config.json` match the indicated format. Or leave it empty so the collector starts pulling data N days ago at the current time.
`InitVariablesError`	`29`	`historic datetime cannot be greater than the present UTC time`	This error is raised when the optional value `historic_date_utc` defined in `config.json` is higher than the current time. Time is indicated in UTC time.	Make the value of `historic_date_utc` in `config.json` be a past value in UTC time. Or leave it empty so the collector starts pulling data N days ago at the current time.
`SetupError`	`100`	`Error occurred while requesting access token from the Wiz server. Error message: <error_message>`	This error is raised when a generic error occurs during the request to get the token to authenticate the collector in the API.	This is an internal issue. Contact with Devo Support team.
`SetupError`	`101`	`The credentials provided in the config file are incorrect. Please provide the correct credentials.` `Status code: 401` `Error type: <error_type>` `Error message: <error_message>`	This error is raised when the credentials provided in `config.json` are not valid. (401 Unauthorized error)	Add the correct `client_id` and `client_secret` fields in `config.json`, at `credentials` property.
`SetupError`	`102`	`The credentials provided in the config file does not have necessary permissions to create access token.` `Status code: 403` `Error type: <error_type>` `Error message: <error_message>`	This error is raised when the credentials provided in `config.json` are valid, but the credentials used to access the API have no permissions to create a token. (403 Forbidden error)	Add some credentials in `config.json` with enough privileges to create a token from the API.
`SetupError`	`103`	`The requested URL <URL> is not found. The URL may have been deprecated.` `Status code: 404` `Error message: <error_message>`	This error is raised when the credentials provided in `config.json` are valid, but the authentication endpoint that is being requested to get a token is not found.	This is an internal issue. Contact with Devo Support team.
`SetupError`	`104`	`Unexpected error occurred while getting access token from the Wiz server` `Status code: <status_code>` `Error message: <error_message>`	This error is raised when the credentials provided in `config.json` are valid, but an unexpected response has been returned from the API.	This is an internal issue. Contact with Devo Support team.
`SetupError`	`105`	`The credentials does not have valid permissions to fetch issues from the Wiz server`	This error is raised when the credentials provided in `config.json` are valid, but the credentials used have no permissions to access the API endpoint to get issues.	Check that the provided credentials have enough permission to retrieve issues from the API.
`SetupError`	`106`	`Failed to check if the provided credentials have valid permissions.` `Error message: <error_message>`	This error is raised when the credentials provided in `config.json` are valid, but there was an error in the process of checking if the provided credentials have permission to get issues.	This is an internal issue. Contact with Devo Support team.
`PullError`	`300`	`Error occurred while requesting issues from the Wiz server. Error message: <error_message>`	This error is raised when a generic error occurs during the request to get issues from the API.	This is an internal issue. Contact with Devo Support team.
`PullError`	`301`	`The token used to make this request is not valid anymore.` `Status code: 401` `Error message: <error_message>`	This error is raised when the token being used to make requests to the API is not valid anymore.	Check if the credentials need to be renewed. Add some valid credentials in `config.json`. If credentials are still valid, contact with Devo Support team.
`PullError`	`302`	`The access token does not have necessary permissions to fetch issues from Wiz.` `Status code: 403` `Error message: <error_message>`	This error is raised when the token being used to make requests to the API is valid, but it lost permissions to get issues from API.	Check what happened with credential permissions. Add some credentials in `config.json` with permissions to get issues. If credentials are valide and still have permissions, contact with Devo Support team.
`PullError`	`303`	`The requested URL <URL> is not found. The URL may have been depreciated` `Status code: 404` `Error message: <error_message>`	This error is raised when the token being used to make requests to the API is valid, but cannot find the endpoints to get issues.	This is an internal issue. Contact with Devo Support team.
`PullError`	`304`	`The server has returned <status_code> status code. The server may not be available for fetching issues. Try after sometime. Error message from server: <error_message>`	This error is raised when the token being used to make requests to the API is valid, but there has been an error on Wiz's API.	The error is on Wiz’s side. Wiz can be contacted for more info. It should work again when the incident at Wiz is solved.
`PullError`	`305`	`Unexpected error occurred while getting issues from the Wiz server` `Status code: <status_code>` `Error message: <error_message>`	This error is raised when the token being used to make requests to the API is valid, but there has been an unexpected return from the API.	This is an internal issue. Contact with Devo Support team.
`PullError`	`306`	`After <retry_count> retries still getting the too many requests error.`	This error is raised when the token being used to make requests to the API is valid, but we are constantly receiving a `429` error response (too many requests)	Check throttle limitations on Wiz API and change the value of `request_period_in_seconds` and xxxxxxxx from `config.json` to adapt to it.

Collector operations

This section is intended to explain how to proceed with specific operations of this collector.

Change log for 1.x.x

Release	Released on	Release type	Details	Recommendations

Release

Released on

Release type

Details

Recommendations

v1.0.0

Jul 1, 2022

FEATURE

New features:

Wiz issues

Upgrade

v1.1.0

Jul 21, 2022

FEATURE

New features:

Wiz’s new authentication via Cognito is now available. Former authentication using Auth0 is also still compatible.

Recommended version

v1.1.1

Oct 7, 2022

BUG FIX

Bug fixes:

Force using always UTC timezone for all date time operations.

Recommended version