wiz (new)

[vtalas]

Rationale

Implement "External Enrichment" flow (https://win.wiz.io/docs/third-party-security-graph-enrichment-tutorial#upload-the-file-to-the-presigned-aws-s3-bucket-url)

OAuth app admin:

Create/Edit OAuth App
https://app.wiz.io/settings/service-accounts

Base URL:

• get api url: API Endpoint URL -> General -> API Endpoint URL
  https://app.wiz.io/tenant-info/data-center-and-regions

set the app url to backoffice under the appmixer:wiz:

Required Scopes:

• Resources

  • Read graph resource read:resources
  • Update graph resource update:resources

• Security Scans

  • Upload new security scan create:security_scans

• System Activities

  • Read system activities read:system_activities

Examples:

FindCloudResources - https://win.wiz.io/reference/pull-cloud-resources

{
    "type": [
        "VIRTUAL_MACHINE"
    ],
    "updatedAt": {
        "after": "2023-06-14T14:07:06Z"
    }
}

{
      "search": "seach string"
}

UploadSecurityScan
steps:

1. request upload (https://win.wiz.io/docs/third-party-security-graph-enrichment-tutorial#request-to-upload-a-file-to-wiz)
2. upload vulnerability document matching the schema: https://win.wiz.io/docs/vuln-scan-schema
3. get Security Finding enrichment status (https://win.wiz.io/reference/get-file-upload-id-status) Polling the endpoint until the status is not IN_PROGESS