Wiz

Overview

is a security platform that allows teams to find and fix issues in their code. Integrate Wiz with Cortex to leverage Wiz scanning capabilities earlier in the development lifecycle and enable developers to be aware of security issues and track toward remediating issues for entities they own.

After setting up the integration, you'll see Wiz issues, listed by risk level, on an entity's Code and Security tab. In the entity's sidebar, click Integrations > Wiz to view a list of Wiz issues including their severity, status, basic details, and a link to view the issue directly in Wiz.

In addition, you'll be able to add rules to based on Wiz projects.

How to configure Wiz with Cortex

Prerequisites

Before getting started:

• Create a service account in Wiz:

  1. While logged in to Wiz as a Project Admin, navigate to Settings > Service Accounts.

  2. Click +Add Service Account.

  3. Configure your service account's basic details. For the API scopes, include read access to projects, issues, and vulnerabilities.

  4. Click Add Service Account.

  5. After you add the service account, your client ID and client secret are displayed. Copy these and store them in a secure location, as you will need them for this integration.

• You will need your region and authentication provider from Wiz. To find these:

  1. In Wiz, click your user profile icon then click User Settings.

  2. In the options menu, click Tenant.

     • The authentication provider is displayed on this page.

     • The region can be found in the API endpoint URL. The URL is in the format https://api..app.wiz.io/

       • If your API endpoint URL does not contain a region, navigate to Tenant Info > Data Centers and Regions in Wiz to find

• If you have IP restrictions in place in Wiz under Settings > Portal Security, add Cortex's public IPs to your allowlist to ensure that Cortex is allowed to make requests to Wiz. Contact the Cortex Customer Engineering team for a list of IPs.

Configure the integration in Cortex

1. 1. In Cortex, click your avatar in the lower left corner, then click Settings.

   2. Under "Integrations", click Wiz.

2. Click Add configuration.

3. Configure the Wiz integration form:

   • Client ID and Client secret: Enter your client ID and client secret from Wiz.

   • Tenant region: Enter the region from Wiz.

   • Authentication provider: Select your authentication provider. You can confirm the provider in Wiz under User Settings > Tenant.

4. Click Save.

If you see a "No address associated with hostname" error, verify that you have entered the correct authentication provider.

How to connect Cortex entities to Wiz

Match entity names to Wiz projects

By default, Cortex will use the entity tag (e.g. my-service) as the "best guess" for Wiz project. For example, if your entity name is "My Service" or your tag is my-service, then the corresponding project name in Wiz should also be My Service or my-service.

If your Wiz project names don’t cleanly match the Cortex entity name or tag, you can override this in the Cortex entity descriptor.

Editing the entity descriptor

Define the following block in your Cortex entity descriptor:

x-cortex-wiz:
  projects:
    - projectId: 01234567-e65f-4b7b-a8b1-5b642894ec37

Scorecards and CQL

With the Wiz integration, you can create Scorecard rules and write CQL queries based on Wiz projects.

wiz != null

wiz.issues(statuses = ["OPEN"]).length <= 3

wiz.issues(severity = ["CRITICAL", "HIGH"]).length < 10

wiz.issues().length < 25

The following options are available to get assistance from the Cortex Customer Engineering team:

• Chat: Available in the Resource Center

• Slack: Users with a connected Slack channel will have a workflow added to their account. From here, you can either @CortexTechnicalSupport or add a :ticket: reaction to a question in Slack, and the team will respond directly.

Don’t have a Slack channel? Talk with your Customer Success Manager.