Wiz
Wiz is a security platform that allows teams to find and fix issues in their code. Cortex integrates with Wiz to bring cloud and container vulnerabilities into your catalog.
Integrating Wiz with Cortex allows you to:
Automatically map projects to entities, eliminating the overhead of manually maintaining project-to-entity relationships
View Wiz issues directly on entity pages in Cortex
Leverage Wiz scanning capabilities earlier in the development lifecycle and enable visibility into security issues
Create Scorecards that track progress and drive alignment on projects involving Wiz projects and issues
How to configure Wiz with Cortex
Prerequisites
Before getting started:
Obtain your region and authentication provider from Wiz.
If you have IP restrictions in place in Wiz, add Cortex's public IPs to your allowlist to ensure that Cortex is allowed to make requests to Wiz.
Contact the Cortex Customer Engineering team for a list of IPs.
Configure the integration in Cortex
In Cortex, navigate to the Wiz integration settings page:
Click Integrations from the main nav. Search for and select Wiz.
Click Add configuration.
Configure the Wiz integration form:
Client ID and Client secret: Enter your client ID and client secret from Wiz.
Tenant region: Enter the region from Wiz.
Authentication provider: Select your authentication provider. You can confirm the provider in Wiz under User Settings > Tenant.
Click Save.
If you see a "No address associated with hostname" error, verify that you have entered the correct authentication provider.
How to connect Cortex entities to Wiz
Match entity names to Wiz projects
By default, Cortex will use the Cortex tag (e.g. my-service) as the "best guess" for Wiz project. For example, if your entity name is "My Service" or your tag is my-service, then the corresponding project name in Wiz should also be My Service or my-service.
If your Wiz project names don’t cleanly match the Cortex entity name or tag, you can override this in the Cortex entity descriptor.
Considerations for mapping Wiz projects to entities
Expand the tile below to see how Cortex customers have modeled their data when mapping Wiz projects to entities.
Wiz project mapping best practices
Domain-level auto-mapping
Some customers organize their Cortex domain structure to match their Wiz projects, enabling auto-mapping across domains based on their name.
For example:
Cortex domain entity name: Engineering project
Entity tag:
engineering-project
Wiz project name: Engineering project
Auto-mapping across multiple integrations
Some customers organize multiple integrations to use consistent names and tags across all of them.
For example:
Cortex domain entity name: Engineering project
Entity tag:
engineering-project
Wiz project name: Engineering project
Jira project name: engineering-project
When you integrate Cortex with Jira, Cortex will tie Jira tickets to entities by searching for any tickets where the
label,component, orprojectfield for the work item includes the Cortex tag.
Service-level auto-mapping based on repo structure
Some customers use a standardized repository naming convention that makes service-level auto-mapping simple and automated to the Wiz projects.
For example:
Repository name: engineering/integrations/eng-repo
Cortex domain entity name: Eng Repo
Entity tag in Cortex: eng-repo
Wiz project name: eng-repo
Editing the entity descriptor
Define the following block in your Cortex entity descriptor:
Using the Wiz integration
View Wiz information on entity pages
On an entity details page, you'll see Wiz issues, listed by risk level, under the Code and Security header.
In the entity's sidebar, click Code & Security > Wiz to view a list of Wiz issues including their severity, status, basic details, and a link to view the issue directly in Wiz:
Scorecards and CQL
With the Wiz integration, you can create Scorecard rules and write CQL queries based on Wiz projects.
See more examples in the CQL Explorer in Cortex.
Check if Wiz project is set
Check if entity has a registered Wiz project in its entity descriptor.
Definition: wiz (==/!=) null: Boolean
Example
An initial level in a security Scorecard might include a rule to make sure entities are associated with Wiz project:
Setting a wiz != null rule can also serve as a secondary check to confirm an entity is synced properly with Wiz and is reporting frequently.
Wiz issues
List of Wiz issues, filterable on severity and status
Definition: wiz.issues(): List
Example
The Scorecard's top level might include a rule to ensure that entities have fewer than 3 issues in OPEN status:
You could set rule to verify an entity has less than 10 issues with a HIGH or CRITICAL severity:
You can write a rule to verify an entity has less than 25 issues:
View integration logs
This feature is available to Cortex cloud customers.
On the integration settings page, click the Logs tab to view logs from the last 7 days. Learn more in Troubleshooting with integration logs.
Still need help?
The following options are available to get assistance from the Cortex Customer Engineering team:
Email: [email protected], or open a support ticket in the in app Resource Center
Slack: Users with a connected Slack channel will have a workflow added to their account. From here, you can either @CortexTechnicalSupport or add a
:ticket:reaction to a question in Slack, and the team will respond directly.
Don’t have a Slack channel? Talk with your Customer Success Manager.
Last updated
Was this helpful?