Wiz

CatalogScorecards

Overview

Wiz is a security platform that allows teams to find and fix issues in their code. Integrate Wiz with Cortex to leverage Wiz scanning capabilities earlier in the development lifecycle and enable developers to be aware of security issues and track toward remediating issues for entities they own.

After setting up the integration, you'll see Wiz issues, listed by risk level, on an entity's Code and Security tab. In the entity's sidebar, click Integrations > Wiz to view a list of Wiz issues including their severity, status, basic details, and a link to view the issue directly in Wiz.

In addition, you'll be able to add rules to Scorecards based on Wiz projects.

How to configure Wiz with Cortex

Prerequisites

Before getting started:

Create a service account in Wiz:
1. While logged in to Wiz as a Project Admin, navigate to Settings > Service Accounts.
2. Click +Add Service Account.
3. Configure your service account's basic details. For the API scopes, include read access to projects, issues, and vulnerabilities
4. Click Add Service Account.
5. After you add the service account, your client ID and client secret are displayed. Copy these and store them in a secure location, as you will need them for this integration.
You will need your region and authentication provider from Wiz. To find these:
1. In Wiz, click your user profile icon then click User Settings.
2. In the options menu, click Tenant.
  - The authentication provider is displayed on this page.
  - The region can be found in the API endpoint URL. The URL is in the format https://api.<region>.app.wiz.io/
    - If your API endpoint URL does not contain a region, navigate to Tenant Info > Data Centers and Regions in Wiz to find

Configure the integration in Cortex

In Cortex, navigate to the Wiz settings page:
1. In Cortex, click your avatar in the lower left corner, then click Settings.
2. Under "Integrations", click Wiz.
Configure the Wiz integration form:
- Client ID and Client secret: Enter your client ID and client secret from Wiz.
- Tenant region: Enter the region from Wiz.
- Authentication provider: Select your authentication provider. You can confirm the provider in Wiz under User Settings > Tenant.
Click Save.

If you see a "No address associated with hostname" error, verify that you have entered the correct authentication provider.

caution

If you do not see the settings page you're looking for, you may not have permission to access that page. Please contact your admin for assistance.

How to connect Cortex entities to Wiz

Match entity names to Wiz projects

By default, Cortex will use the entity tag (e.g. my-service) as the "best guess" for Wiz project. For example, if your entity name is "My Service" or your tag is my-service, then the corresponding project name in Wiz should also be My Service or my-service.

If your Wiz project names don’t cleanly match the Cortex entity name or tag, you can override this in the Cortex entity descriptor.

Editing the entity descriptor

Define the following block in your Cortex entity descriptor:

x-cortex-wiz:
  projects:
    - projectId: 01234567-e65f-4b7b-a8b1-5b642894ec37

Scorecards and CQL

With the Wiz integration, you can create Scorecard rules and write CQL queries based on Wiz projects.

See more examples in the CQL Explorer in Cortex.

Check if Wiz project is set

Check if entity has a registered Wiz project in its entity descriptor.

Definition: wiz (==/!=) null: Boolean

Example

An initial level in a security Scorecard might include a rule to make sure entities are associated with Wiz project:

wiz != null

Setting a wiz != null rule can also serve as a secondary check to confirm an entity is synced properly with Wiz and is reporting frequently.

Wiz issues

List of Wiz issues, filterable on severity and status

Definition: wiz.issues(): List<WizIssue>

Details

Example

The Scorecard's top level might include a rule to ensure that entities have fewer than 3 issues in OPEN status:

wiz.issues(statuses = ["OPEN"]).length <= 3

You could set rule to verify an entity has less than 10 issues with a HIGH or CRITICAL severity:

wiz.issues(severity = ["CRITICAL", "HIGH"]).length < 10

You can write a rule to verify an entity has less than 25 issues:

wiz.issues().length < 25

Still need help?

The following are all the ways to get assistance from our customer engineering team. Please use the option that is best for your users:

Email: help@cortex.io, or open a support ticket in the in app Resource Center
Chat: Available in the Resource Center
Slack: Users with a connected Slack channel will have a workflow added to their account. From here, you can either @CortexTechnicalSupport or add a :ticket: reaction to a question in Slack, and the team will respond directly.

Don’t have a Slack channel? Talk with your customer success manager.

Overview​

How to configure Wiz with Cortex​

Prerequisites​

Configure the integration in Cortex​

How to connect Cortex entities to Wiz​

Match entity names to Wiz projects​

Editing the entity descriptor​

Scorecards and CQL​

Still need help?​