# Wiz

{% hint style="info" %}
Cortex connects to many third-party vendors whose system interfaces frequently change. As a result, integration behavior or configuration steps may shift without notice. If you encounter unexpected issues, check with your system administrator or refer to the vendor's documentation for the most current information. Additionally, integration sync times vary and are subject to scheduling overrides and timing variance.
{% endhint %}

[Wiz](https://www.wiz.io/) is a security platform that allows teams to find and fix issues in their code. Cortex integrates with Wiz to bring cloud and container vulnerabilities into your catalog.

Integrating Wiz with Cortex allows you to:

* [Automatically map projects to entities](#match-entity-names-to-wiz-projects), eliminating the overhead of manually maintaining project-to-entity relationships
* [View Wiz issues directly on entity pages](#view-wiz-information-on-entity-pages) in Cortex
  * Leverage Wiz scanning capabilities earlier in the development lifecycle and enable visibility into security issues
* Create [Scorecards](#scorecards-and-cql) that track progress and drive alignment on projects involving Wiz projects and issues

## How to configure Wiz with Cortex

### Prerequisites

Before getting started:

* [Create a service account in Wiz](https://docs.wiz.io/docs/service-accounts-settings).
* Obtain your [data center and authentication provider from Wiz](https://docs.wiz.io/docs/using-the-wiz-api).
* If you have IP restrictions in place in Wiz, [add Cortex's public IPs to your allowlist](https://docs.wiz.io/docs/req-urls-ip-addr) to ensure that Cortex is allowed to make requests to Wiz.
  * Contact the Cortex Customer Engineering team for a list of IPs.

### Configure the integration in Cortex

1. In Cortex, navigate to the [Wiz integration settings page](https://app.getcortexapp.com/admin/integrations/wiz):
   1. Click **Integrations** from the main nav. Search for and select **Wiz**.
2. Click **Add configuration**.
3. Configure the Wiz integration form:
   * **Client ID** and **Client secret**: Enter your client ID and client secret from Wiz.
   * **Tenant data center**: Enter the data center from Wiz.
   * **Authentication provider**: Select your authentication provider. You can confirm the provider in Wiz under **User Settings > Tenant**.
4. Click **Save**.

If you see a "No address associated with hostname" error, verify that you have entered the correct authentication provider.

## How to connect Cortex entities to Wiz

### Match entity names to Wiz projects

By default, Cortex will use the [Cortex tag](https://docs.cortex.io/entities#cortex-tag) (e.g. `my-service`) as the "best guess" for Wiz project. For example, if your entity name is "My Service" or your tag is `my-service`, then the corresponding project name in Wiz should also be My Service or `my-service`.

If your Wiz project names don’t cleanly match the Cortex entity name or tag, you can override this in the Cortex entity descriptor.

#### Considerations for mapping Wiz projects to entities

Expand the tile below to see how Cortex customers have modeled their data when mapping Wiz projects to entities.

<details>

<summary>Wiz project mapping best practices</summary>

**Domain-level auto-mapping**

Some customers organize their Cortex domain structure to match their Wiz projects, enabling auto-mapping across domains based on their name.

For example:

* **Cortex domain entity name**: Engineering project
  * **Entity tag**: `engineering-project`
* **Wiz project name**: Engineering project

**Auto-mapping across multiple integrations**

Some customers organize multiple integrations to use consistent names and tags across all of them.

For example:

* **Cortex domain entity name**: Engineering project
  * **Entity tag**: `engineering-project`
* **Wiz project name**: Engineering project
* **Jira project name**: engineering-project
  * When you [integrate Cortex with Jira](https://docs.cortex.io/ingesting-data-into-cortex/integrations/jira), Cortex will tie Jira tickets to entities by searching for any tickets where the `label`, `component`, or `project` field for the work item includes the Cortex tag.

**Service-level auto-mapping based on repo structure**

Some customers use a standardized repository naming convention that makes service-level auto-mapping simple and automated to the Wiz projects.

For example:

* **Repository name**: engineering/integrations/eng-repo
* **Cortex domain entity name**: Eng Repo
  * **Entity tag in Cortex**: eng-repo
* **Wiz project name**: eng-repo

</details>

### Editing the entity descriptor

Define the following block in your Cortex entity descriptor:

```yaml
x-cortex-wiz:
  projects:
    - projectId: 01234567-e65f-4b7b-a8b1-5b642894ec37
```

## Using the Wiz integration

### View Wiz information on entity pages

On an [entity details page](https://docs.cortex.io/ingesting-data-into-cortex/entities/details), you'll see Wiz issues, listed by risk level, under the **Code and Security** header.

In the entity's sidebar, click **Code & Security > Wiz** to view a list of Wiz issues including their severity, status, basic details, and a link to view the issue directly in Wiz:

<figure><img src="https://826863033-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FJW7pYRxS4dHS3Hv6wxve%2Fuploads%2Fgit-blob-4349daa269f4bfd114283696fd17e2a1ece67d31%2Fwiz-issues-entity.jpg?alt=media" alt="View Wiz issues on the entity details page under Code &#x26; security."><figcaption></figcaption></figure>

### Scorecards and CQL

With the Wiz integration, you can create Scorecard rules and write CQL queries based on Wiz projects.

See more examples in the [CQL Explorer](https://app.getcortexapp.com/admin/cql-explorer) in Cortex.

<details>

<summary>Check if Wiz project is set</summary>

Check if entity has a registered Wiz project in its entity descriptor.

**Definition:** `wiz (==/!=) null: Boolean`

**Example**

An initial level in a security Scorecard might include a rule to make sure entities are associated with Wiz project:

```
wiz != null
```

Setting a `wiz != null` rule can also serve as a secondary check to confirm an entity is synced properly with Wiz and is reporting frequently.

</details>

<details>

<summary>Wiz issues</summary>

List of Wiz issues, filterable on severity and status

**Definition:** `wiz.issues(): List`

**Example**

The Scorecard's top level might include a rule to ensure that entities have fewer than 3 issues in OPEN status:

```
wiz.issues(statuses = ["OPEN"]).length <= 3
```

You could set rule to verify an entity has less than 10 issues with a HIGH or CRITICAL severity:

```
wiz.issues(severity = ["CRITICAL", "HIGH"]).length < 10
```

You can write a rule to verify an entity has less than 25 issues:

```
wiz.issues().length < 25
```

</details>

### View integration logs <a href="#still-need-help" id="still-need-help"></a>

{% hint style="info" %}
This feature is available to Cortex cloud customers.
{% endhint %}

On the integration settings page, click the **Logs** tab to view logs from the last 7 days. Learn more in [Troubleshooting with integration logs](https://docs.cortex.io/ingesting-data-into-cortex/integrations/..#troubleshooting-with-integration-logs).

## Still need help?[​](https://docs.cortex.io/docs/reference/integrations/aws#still-need-help) <a href="#still-need-help" id="still-need-help"></a>

The following options are available to get assistance from the Cortex Customer Engineering team:

* **Email**: <help@cortex.io>, or open a support ticket in the in app Resource Center
* **Slack**: Users with a connected Slack channel will have a workflow added to their account. From here, you can either @CortexTechnicalSupport or add a `:ticket:` reaction to a question in Slack, and the team will respond directly.

Don’t have a Slack channel? Talk with your Customer Success Manager.