Wiz collector
Overview
Wiz is a cloud infrastructure security tool that provides organizations with an in-depth contextual risk assessment. Wiz’s agentless solution builds inventory, and scans for varied risk factors such as vulnerabilities, excessive permissions, malware, exposed secrets, practical exposure, and more, and prioritizes the alerts for the security teams based on the likelihood to be exploited and potential business impact.
The Devo Wiz collector allows customers to retrieve Wiz cloud security issues into Devo to query, correlate, analyze, and visualize to enable Enterprise IT and Cybersecurity teams to take the most impactful decisions at the petabyte scale. The collector processes the Wiz API responses and sends them to the Devo platform, which then categorizes all data received on tables along rows and columns in your Devo domain.
Data sources
Data source | Description | API Endpoint | Collector service name | Devo table | Available from release |
---|---|---|---|---|---|
Issues | An issue in wiz is a vulnerability that is detected in the cloud infrastructure |
|
|
|
|
Vulnerability | Vulnerabilities are weaknesses in computer systems that can be exploited by malicious attackers. Whether they are caused by bugs or design flaws, vulnerabilities can allow attackers to execute code in an environment or elevate privileges. |
|
|
|
|
Audit Logs | The Audit Log records key events in Wiz, such as login, logout, and user update. The Audit Log is primarily used to investigate potentially suspicious activity or diagnose and troubleshoot errors. |
|
|
|
|
Cloud Configuration Findings | This returns the problems with configurations and the remediation solutions for the same. |
|
|
|
|
Custom Service | This provides an option to add custom graphql query in the config and ingest data. |
|
|
User can provide override tag in the config if the parser is deployed for their custom query or if they want a different table in my.app . |
|
Devo collector features
Feature | Details |
---|---|
Allow parallel downloading ( |
|
Running environments |
|
Populated Devo events |
|
Flattening preprocessing |
|
Flattening preprocessing
In order to improve the data exploitation and enrichment, this collector applies some flattening actions to the collected data before delivering it to Devo:
Data source | Collector service | Optional | Flattening details |
---|---|---|---|
Issues |
|
|
|
Vulnerabilities |
|
|
|
Audit Logs |
|
|
|
Cloud Configuration Findings |
|
|
|
Custom Service |
|
| N/A |
How to enable the collection in the vendor
Minimal requirements to follow this guide
In order to retrieve the data, the following details will be required from your Wiz instance.
Instance domain | Wiz domain of your cloud instance where the collector will make the requests. |
---|---|
Client ID | Wiz user ID. |
Client secret | Wiz user passwords. |
Minimum configuration required for basic pulling
Although this collector supports advanced configuration, the fields required to download data with basic configuration are defined below.
This minimum configuration refers exclusively to the specific parameters of this integration. There are more required parameters related to the generic behavior of the collector. Check setting sections for details.
Setting | Details |
---|---|
| By default, the base URLs |
| User Client ID to authenticate to the service. |
| User Secret Key to authenticate to the service. |
Accepted authentication methods
The following are the accepted authentication methods for this collector.
Authentication method | Client ID | Client secret |
---|---|---|
Basic authentication | REQUIRED | REQUIRED |
Run the collector
Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).
Collector service details
Issue Service
Vulnerability Service
AuditLogs Service
CloudConfiguration Service
Custom Service
Collector operations
This section is intended to explain how to proceed with specific operations of this collector.
Change log
Release | Released on | Release type | Details | Recommendations |
---|---|---|---|---|
| Jul 12, 2024 | FEATUREIMPROVEMENTS | New Features
Improvements
|
|
| Mar 13, 2024 | BUG FIX | Bug Fixes
|
|
| Feb 29, 2024 | BUG FIXIMPROVEMENTS | Bug Fixes
Improvements
|
|
| Feb 15, 2024 | FEATUREIMPROVEMENTS | New Features
Improvements
|
|
| Nov 20, 2023 | FEATUREIMPROVEMENTS | New Features
Improvements
|
|
| Oct 30, 2023 | BUG FIXIMPROVEMENTS | Improvements:
Bug Fix:
|
|
| Aug 23, 2023 | IMPROVEMENTS | Improvements:
|
|
| Oct 7, 2022 | BUG FIX | Bug fixes:
|
|
| Jul 21, 2022 | FEATURE | New features:
|
|
| Jul 1, 2022 | FEATURE | New features:
|
|