Skip to main content

Wiz

CatalogScorecards

Overview

Wiz is a security platform that allows teams to find and fix issues in their code. Integrate Wiz with Cortex to leverage Wiz scanning capabilities earlier in the development lifecycle and enable developers to be aware of security issues and track toward remediating issues for entities they own.

How to configure Wiz with Cortex

Prerequisites

Before getting started:

  • Create a service account in Wiz:
    1. While logged in to Wiz as a Project Admin, navigate to Settings > Service Accounts.
    2. Click +Add Service Account.
    3. Configure your service account's basic details. For the API scopes, include read access to projects, issues, and vulnerabilities
    4. Click Add Service Account.
    5. After you add the service account, your client ID and client secret are displayed. Copy these and store them in a secure location, as you will need them for this integration.
  • You will need your region and authentication provider from Wiz. To find these:
    1. In Wiz, click your user profile icon then click User Settings.
    2. In the options menu, click Tenant.
      • The authentication provider is displayed on this page.
      • The region can be found in the API endpoint URL. The URL is in the format https://api.<region>.app.wiz.io/
        • If your API endpoint URL does not contain a region, navigate to Tenant Info > Data Centers and Regions in Wiz to find

Configure the integration in Cortex

  1. In Cortex, navigate to the Wiz settings page:
    1. In Cortex, click your avatar in the lower left corner, then click Settings.
    2. Under "Integrations", click Wiz.
  2. Configure the Wiz integration form:
    • Client ID and Client secret: Enter your client ID and client secret from Wiz.
    • Tenant region: Enter the region from Wiz.
    • Authentication provider: Select your authentication provider. You can confirm the provider in Wiz under User Settings > Tenant.
  3. Click Save.
caution

If you do not see the settings page you're looking for, you may not have permission to access that page. Please contact your admin for assistance.

How to connect Cortex entities to Wiz

Match entity names to Wiz projects

By default, Cortex will use the entity name (e.g. My service) or tag (e.g. my-service) as the "best guess" for Wiz project. For example, if your entity name is "My Service" or your tag is my-service, then the corresponding project name in Wiz should also be My Service or my-service.

If your Wiz project names don’t cleanly match the Cortex entity name or tag, you can override this in the Cortex entity descriptor.

Editing the entity descriptor

Define the following block in your Cortex entity descriptor:

x-cortex-wiz:
  projects:
    - projectId: 01234567-e65f-4b7b-a8b1-5b642894ec37