LogoLogo
Login to CortexBook a DemoCortex Academycortex.io
  • Cortex Docs
  • Cortex Quick Start
  • Ingesting data into Cortex
    • Managing Entities
      • Adding entities
        • Add services
        • Add domains
        • Add teams
        • Add custom entity types
        • Defining dependencies
      • Entity details page
      • Defining ownership
      • Defining relationship types
      • Grouping entities
      • Adding external documentation
      • Adding Deploy data
      • Adding custom data
      • Viewing discovered entities
      • Archiving entities
      • Relationship graph
      • Using On-call Assistant for incidents
      • Managing Terraform infra in Cortex
    • Managing Catalogs
    • Integrations
      • Internally hosted integrations
      • ArgoCD
      • AWS
      • Azure DevOps
      • Azure Resources
      • BambooHR
      • Bitbucket
      • BugSnag
      • Buildkite
      • Checkmarx
      • CircleCI
      • ClickUp
      • Codecov
      • Coralogix
      • Custom webhook integrations
      • Datadog
      • Dynatrace
      • Entra ID (Azure AD)
      • FireHydrant
      • GitHub
      • GitLab
      • Google
      • Grafana
      • incident.io
      • Instana
      • Jenkins
      • Jira
      • Kubernetes
      • LaunchDarkly
      • Lightstep
      • Mend
      • Microsoft Teams
      • New Relic
      • Okta
      • Opsgenie
      • PagerDuty
      • Prometheus
      • Rollbar
      • Rootly
      • Sentry
      • ServiceNow
      • Slack
      • Snyk
      • SonarQube
      • Splunk Observability Cloud (SignalFx)
      • Splunk On-Call (VictorOps)
      • Sumo Logic
      • Veracode
      • Wiz
      • Workday
      • xMatters
  • Scorecards
    • Initiatives and Action items
      • Creating issues based on Initiatives
    • Scorecard rule exemptions
    • Scorecard rule filters
    • Scorecard examples
    • Scorecards as code
  • Reports
    • Executive report
    • All Scorecards report
    • Bird's eye report
    • Progress report
    • Report card
  • Eng Intelligence
    • Custom Metrics
    • Jira Metrics
    • Metrics Explorer (Beta)
  • Cortex Query Language (CQL)
    • Using CQL reports
    • Using JQ in Cortex
  • Workflows
    • Creating a Workflow
      • Workflows as code
    • Blocks
    • Running a Workflow
    • Registering a Scaffolder template
      • Scaffolder advanced usage
    • Using a Workflow to sync in ArgoCD
    • Kicking off a Jenkins pipeline in a Workflow
    • Calling internal service endpoints in a Workflow
  • Plugins
    • Creating a plugin
      • Creating a plugin proxy
    • Migrating Backstage plugins to Cortex
  • Engineering homepage
  • Workspace Settings
    • Using GitOps for Cortex
      • GitOps logs
    • Managing users
      • Roles and permissions
        • Custom roles
        • Team ownership entity editing
      • Configuring SSO
        • Microsoft Entra ID
        • Google
        • Other OIDC providers
        • Okta
          • Okta SCIM
      • Configuring identity mappings
      • Onboarding management
    • API keys, secrets, and tokens
      • Secrets
      • Personal tokens
    • Audit logs
    • Entity settings
      • Data verification
      • Auto archiving entities
    • IP allowlist
    • Notifications
      • Notification logs
    • Customizing your workspace
    • Using search in Cortex
  • Cortex API
    • REST API operations
      • API Keys
      • Audit Logs
      • Catalog Entities
      • Custom Data
        • Custom Data (Advanced)
      • Custom Events
      • Custom Metrics
      • Dependencies
      • Deploys
      • Discovery Audit
      • Docs
      • Eng Intel: User Labels
      • Entity Relationship Types (Beta)
      • Entity Relationships (Beta)
      • Entity Types
      • GitOps Logs
      • Groups
      • Initiatives
      • Integrations APIs
        • Azure Active Directory (Entra ID) API
        • Azure Resources API
        • AWS API
        • Azure DevOps API
        • CircleCI API
        • Coralogix API
        • Datadog API
        • GitHub API
        • GitLab API
        • incident.io API
        • LaunchDarkly API
        • New Relic API
        • PagerDuty API
        • Prometheus API
        • SonarQube API
      • IP Allowlist
      • Notification Logs
      • On call
      • Packages
      • Plugins
      • Queries
      • SCIM
      • Scorecards
      • Secrets
      • Team Hierarchies
      • Teams
      • Workflows
Powered by GitBook
On this page
  • Overview
  • How to configure Wiz with Cortex
  • Prerequisites
  • Configure the integration in Cortex
  • How to connect Cortex entities to Wiz
  • Match entity names to Wiz projects
  • Editing the entity descriptor
  • Scorecards and CQL
  • Still need help?​

Was this helpful?

Export as PDF
  1. Ingesting data into Cortex
  2. Integrations

Wiz

Last updated 2 months ago

Was this helpful?

Overview

is a security platform that allows teams to find and fix issues in their code. Integrate Wiz with Cortex to leverage Wiz scanning capabilities earlier in the development lifecycle and enable developers to be aware of security issues and track toward remediating issues for entities they own.

After setting up the integration, you'll see Wiz issues, listed by risk level, on an entity's Code and Security tab. In the entity's sidebar, click Integrations > Wiz to view a list of Wiz issues including their severity, status, basic details, and a link to view the issue directly in Wiz.

In addition, you'll be able to add rules to based on Wiz projects.

How to configure Wiz with Cortex

Prerequisites

Before getting started:

  • Create a service account in Wiz:

    1. While logged in to Wiz as a Project Admin, navigate to Settings > Service Accounts.

    2. Click +Add Service Account.

    3. Configure your service account's basic details. For the API scopes, include read access to projects, issues, and vulnerabilities.

    4. Click Add Service Account.

    5. After you add the service account, your client ID and client secret are displayed. Copy these and store them in a secure location, as you will need them for this integration.

  • You will need your region and authentication provider from Wiz. To find these:

    1. In Wiz, click your user profile icon then click User Settings.

    2. In the options menu, click Tenant.

      • The authentication provider is displayed on this page.

      • The region can be found in the API endpoint URL. The URL is in the format https://api..app.wiz.io/

        • If your API endpoint URL does not contain a region, navigate to Tenant Info > Data Centers and Regions in Wiz to find

  • If you have IP restrictions in place in Wiz under Settings > Portal Security, add Cortex's public IPs to your allowlist to ensure that Cortex is allowed to make requests to Wiz. Contact the Cortex Customer Engineering team for a list of IPs.

Configure the integration in Cortex

    1. In Cortex, click your avatar in the lower left corner, then click Settings.

    2. Under "Integrations", click Wiz.

  1. Click Add configuration.

  2. Configure the Wiz integration form:

    • Client ID and Client secret: Enter your client ID and client secret from Wiz.

    • Tenant region: Enter the region from Wiz.

    • Authentication provider: Select your authentication provider. You can confirm the provider in Wiz under User Settings > Tenant.

  3. Click Save.

If you see a "No address associated with hostname" error, verify that you have entered the correct authentication provider.

How to connect Cortex entities to Wiz

Match entity names to Wiz projects

By default, Cortex will use the entity tag (e.g. my-service) as the "best guess" for Wiz project. For example, if your entity name is "My Service" or your tag is my-service, then the corresponding project name in Wiz should also be My Service or my-service.

If your Wiz project names don’t cleanly match the Cortex entity name or tag, you can override this in the Cortex entity descriptor.

Editing the entity descriptor

Define the following block in your Cortex entity descriptor:

x-cortex-wiz:
  projects:
    - projectId: 01234567-e65f-4b7b-a8b1-5b642894ec37

Scorecards and CQL

With the Wiz integration, you can create Scorecard rules and write CQL queries based on Wiz projects.

Check if Wiz project is set

Check if entity has a registered Wiz project in its entity descriptor.

Definition: wiz (==/!=) null: Boolean

Example

An initial level in a security Scorecard might include a rule to make sure entities are associated with Wiz project:

wiz != null

Setting a wiz != null rule can also serve as a secondary check to confirm an entity is synced properly with Wiz and is reporting frequently.

Wiz issues

List of Wiz issues, filterable on severity and status

Definition: wiz.issues(): List

Example

The Scorecard's top level might include a rule to ensure that entities have fewer than 3 issues in OPEN status:

wiz.issues(statuses = ["OPEN"]).length <= 3

You could set rule to verify an entity has less than 10 issues with a HIGH or CRITICAL severity:

wiz.issues(severity = ["CRITICAL", "HIGH"]).length < 10

You can write a rule to verify an entity has less than 25 issues:

wiz.issues().length < 25

The following options are available to get assistance from the Cortex Customer Engineering team:

  • Chat: Available in the Resource Center

  • Slack: Users with a connected Slack channel will have a workflow added to their account. From here, you can either @CortexTechnicalSupport or add a :ticket: reaction to a question in Slack, and the team will respond directly.

Don’t have a Slack channel? Talk with your Customer Success Manager.

In Cortex, navigate to the :

See more examples in the in Cortex.

Still need help?

Email: , or open a support ticket in the in app Resource Center

Wiz settings page
CQL Explorer
​
help@cortex.io
Wiz
Scorecards