Wiz provides a comprehensive analysis engine that integrates: Cloud Security Posture Management (CSPM) Kubernetes Security Posture Management (KSPM) Cloud Workload Protection (CWPP) + vulnerability management. Infrastructure-as-Code (IaC) scanning.
This document provides information about the Wiz.io Connector, which facilitates automated interactions, with a Wiz.io server using FortiSOAR™ playbooks. Add the Wiz.io Connector as a step in FortiSOAR™ playbooks and perform automated operations with Wiz.io.
Connector Version: 1.1.0
FortiSOAR™ Version Tested on: 7.4.3-3294
Authored By: Fortinet
Contributor: Julian Petersohn
Certified: Yes
Following enhancements have been made to the Wiz.io Connector in version 1.1.0:
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command as a root user to install the connector:
yum install cyops-connector-wiz-io
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the Wiz.io connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
| Parameter | Description |
|---|---|
| API Endpoint URL | Specify the URL of the Wiz.io server to connect and perform automated operations. Provide the API endpoint URL for the GraphQL API. The format is as follows:
https://api.your-server-location-here.app.wiz.io |
| Client ID | Specify the API Client ID generated in the service account of the WIZ deployment to access the Wiz.io server. |
| Client Secret | Specify the API Client Secret generated in the service account of the WIZ deployment to access the Wiz.io server. |
| Authentication Endpoint URL | Specify the URL from which to retrieve OAuth token. The URL can be found at the Service Account page of the Wiz.io server. |
| Verify SSL | Specifies whether the SSL certificate for the server is to be verified. By default, this option is set to True. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations:
| Function | Description | Annotation and Category |
|---|---|---|
| Get Issues | Gets issues for all assets from Wiz.io based on the filter query and maximum results limit that you have specified. | get_issues Investigation |
| Get Inventory Assets | Get inventory assets from Wiz.io platform based on the Project ID and other filter criteria that you have specified. | get_inventory_assets Investigation |
| Get Issues for Asset | Get issues for all assets from Wiz.io based on the Asset ID, Project ID, Status, and other filter criteria that you have specified. | get_issues_by_asset Investigation |
| Get Projects | Get a list of projects and settings based on the filter query and maximum results limit that you have specified. | get_projects Investigation |
| Add Comment to Issue | Add a comment to an existing issue within Wiz.io based on the issue ID and the comment that you have specified. | add_comment_to_issue Investigation |
| Get Vulnerabilities for Asset | Get vulnerabilities for all assets from Wiz.io based on the Asset ID, Project ID, and other filter criteria that you have specified. | get_vulnerabilities_for_asset Investigation |
| Parameter | Description |
|---|---|
| Filter Query | Specify the filter query to fetch the issues from Wiz. For example: { "severity": ["critical"]} |
| Limit | Specify the maximum number of results to be returned in the response. |
The output contains the following populated JSON schema:
{
"data": {
"issues": {
"nodes": [
{
"id": "",
"type": "",
"dueAt": "",
"notes": [],
"status": "",
"projects": [
{
"id": "",
"name": "",
"slug": "",
"riskProfile": {
"businessImpact": ""
},
"businessUnit": ""
}
],
"severity": "",
"createdAt": "",
"updatedAt": "",
"resolvedAt": "",
"sourceRule": {
"id": "",
"name": "",
"controlDescription": "",
"securitySubCategories": [
{
"title": "",
"category": {
"name": "",
"framework": {
"name": ""
}
}
}
],
"resolutionRecommendation": ""
},
"entitySnapshot": {
"id": "",
"name": "",
"tags": {},
"type": "",
"region": "",
"status": "",
"createdAt": "",
"externalId": "",
"nativeType": "",
"providerId": "",
"cloudPlatform": "",
"cloudProviderURL": "",
"subscriptionName": "",
"subscriptionTags": {},
"subscriptionExternalId": "",
"resourceGroupExternalId": ""
},
"serviceTickets": [],
"statusChangedAt": ""
}
],
"pageInfo": {
"endCursor": "",
"hasNextPage": ""
}
}
}
}
| Parameter | Description |
|---|---|
| Project ID | Specify the project ID whose associated inventory assets are to be retrieved. |
| Filter Query | Specify the filter query to fetch the inventory assets from Wiz. For example: { "type": ["VIRTUAL_MACHINE"]} |
| Limit | Specify the maximum number of results to be returned in the response. |
The output contains the following populated JSON schema:
{
"data": {
"graphSearch": {
"totalCount": "",
"pageInfo": {
"endCursor": "",
"hasNextPage": ""
},
"nodes": [
{
"entities": [
{
"id": "",
"name": "",
"properties": {
"_productIDs": [],
"_vertexID": "",
"accessibleFrom.internet": "",
"cloudPlatform": "",
"cloudProviderURL": "",
"creationDate": "",
"externalId": "",
"hasAdminPrivileges": "",
"hasHighPrivileges": "",
"hasSensitiveData": "",
"isContainerHost": "",
"isEphemeral": "",
"isManaged": "",
"memoryGB": "",
"name": "",
"nativeType": "",
"numAddressesOpenForHTTP": "",
"numAddressesOpenForHTTPS": "",
"numAddressesOpenForNonStandardPorts": "",
"numAddressesOpenForRDP": "",
"numAddressesOpenForSSH": "",
"numAddressesOpenForWINRM": "",
"openToAllInternet": "",
"openToEntireInternet": "",
"operatingSystem": "",
"passwordAuthDisabled": "",
"providerUniqueId": "",
"region": "",
"regionLocation": "",
"resourceGroupExternalId": "",
"status": "",
"subscriptionExternalId": "",
"tags": {
"Name": ""
},
"totalDisks": "",
"updatedAt": "",
"vCPUs": "",
"zone": ""
},
"type": "",
"technologies": [
{
"name": "",
"risk": "",
"usage": "",
"status": ""
}
]
}
]
}
]
}
}
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the asset ID whose associated issues are to be retrieved. |
| Project ID | Specify the project ID whose associated issues are to be retrieved. |
| Status | Select the issue status associated with the specified asset and project ID. You can choose from the following options:
|
| Limit | Specify the maximum number of results to be returned in the response. |
The output contains the following populated JSON schema:
{
"data": {
"issuesGroupedByValue": {
"nodes": [
{
"id": "",
"issues": {
"nodes": [
{
"id": "",
"type": "",
"control": {
"id": "",
"name": "",
"description": "",
"severity": "",
"type": "",
"query": {
"as": "",
"relationships": [
{
"negate": "",
"type": [
{
"type": ""
}
],
"with": {
"relationships": [
{
"type": [
{
"type": ""
}
],
"with": {
"type": [
""
],
"where": {
"categories": {
"EQUALS": []
}
}
}
}
],
"type": []
}
}
],
"select": "",
"type": [],
"where": {
"cloudPlatform": {
"EQUALS": []
}
}
},
"enabled": "",
"enabledForLBI": "",
"enabledForMBI": "",
"enabledForHBI": "",
"enabledForUnattributed": "",
"securitySubCategories": [
{
"id": "",
"category": {
"id": ""
}
}
],
"sourceCloudConfigurationRule": "",
"createdBy": "",
"serviceTickets": ""
},
"sourceRule": {
"id": "",
"name": "",
"query": {
"as": "",
"relationships": [
{
"negate": "",
"type": [
{
"type": ""
}
],
"with": {
"relationships": [
{
"type": [
{
"type": ""
}
],
"with": {
"type": [
""
],
"where": {
"categories": {
"EQUALS": []
}
}
}
}
],
"type": []
}
}
],
"select": "",
"type": [],
"where": {
"cloudPlatform": {
"EQUALS": []
}
}
},
"type": "",
"enabled": "",
"enabledForHBI": "",
"enabledForLBI": "",
"enabledForMBI": "",
"enabledForUnattributed": "",
"resolutionRecommendation": "",
"controlDescription": "",
"securitySubCategories": [
{
"id": "",
"title": "",
"category": {
"id": "",
"name": "",
"framework": {
"id": "",
"name": "",
"description": "",
"enabled": ""
}
}
}
]
},
"createdAt": "",
"updatedAt": "",
"projects": [
{
"id": "",
"name": "",
"slug": "",
"isFolder": "",
"businessUnit": "",
"riskProfile": {
"businessImpact": ""
}
}
],
"status": "",
"severity": "",
"entity": {
"id": "",
"name": "",
"type": ""
},
"resolutionReason": "",
"entitySnapshot": {
"id": "",
"type": "",
"name": "",
"cloudPlatform": "",
"region": "",
"subscriptionName": "",
"subscriptionId": "",
"subscriptionExternalId": "",
"subscriptionTags": {},
"nativeType": "",
"kubernetesClusterId": "",
"kubernetesClusterName": "",
"kubernetesNamespaceName": "",
"containerServiceId": "",
"containerServiceName": "",
"tags": {
"Name": ""
}
},
"notes": [],
"serviceTickets": [],
"entityBasicDetails": {
"id": "",
"type": "",
"name": ""
},
"entityExtraDetails": {
"id": "",
"properties": {
"_productIDs": [],
"_vertexID": "",
"accessibleFrom.internet": "",
"cloudPlatform": "",
"cloudProviderURL": "",
"creationDate": "",
"externalId": "",
"hasAdminPrivileges": "",
"hasHighPrivileges": "",
"hasSensitiveData": "",
"isContainerHost": "",
"isEphemeral": "",
"isManaged": "",
"memoryGB": "",
"name": "",
"nativeType": "",
"numAddressesOpenForHTTP": "",
"numAddressesOpenForHTTPS": "",
"numAddressesOpenForNonStandardPorts": "",
"numAddressesOpenForRDP": "",
"numAddressesOpenForSSH": "",
"numAddressesOpenForWINRM": "",
"openToAllInternet": "",
"openToEntireInternet": "",
"operatingSystem": "",
"passwordAuthDisabled": "",
"providerUniqueId": "",
"region": "",
"regionLocation": "",
"resourceGroupExternalId": "",
"status": "",
"subscriptionExternalId": "",
"tags": {
"Name": ""
},
"totalDisks": "",
"updatedAt": "",
"vCPUs": "",
"zone": ""
},
"projects": [
{
"id": "",
"name": "",
"slug": "",
"isFolder": "",
"businessUnit": "",
"riskProfile": {
"businessImpact": ""
}
}
]
}
}
],
"totalCount": "",
"criticalSeverityCount": "",
"highSeverityCount": "",
"mediumSeverityCount": "",
"lowSeverityCount": "",
"informationalSeverityCount": "",
"pageInfo": {
"hasNextPage": ""
}
}
}
],
"pageInfo": {
"hasNextPage": "",
"endCursor": ""
},
"totalCount": ""
}
}
}
| Parameter | Description |
|---|---|
| Filter Query | Specify the filter query to fetch projects from Wiz. For example: { "id": {"equals": "d6ac50bb-aec0-52fc-80ab-bacd7b02f178"}} |
| Limit | Specify the maximum number of results to be returned in the response. |
The output contains the following populated JSON schema:
{
"data": {
"projects": {
"pageInfo": {
"hasNextPage": "",
"endCursor": ""
},
"totalCount": "",
"nodes": [
{
"id": "",
"name": "",
"slug": "",
"isFolder": "",
"childProjectCount": "",
"cloudAccountCount": "",
"repositoryCount": "",
"kubernetesClusterCount": "",
"containerRegistryCount": "",
"securityScore": "",
"archived": "",
"businessUnit": "",
"description": "",
"workloadCount": "",
"licensedWorkloadQuota": "",
"riskProfile": {
"businessImpact": ""
},
"nestingLevel": "",
"ancestorProjects": ""
}
]
}
}
}
| Parameter | Description |
|---|---|
| Issue ID | Specify the issue ID for which the comment is to be added. |
| Comment | Specify the comment to add to the issue. |
The output contains the following populated JSON schema:
{
"data": {
"createIssueNote": {
"issueNote": {
"createdAt": "",
"id": "",
"text": "",
"user": ""
}
}
}
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the asset ID whose associated vulnerabilities are to be retrieved. |
| Limit | Specify the maximum number of results to be returned in the response. |
The output contains the following populated JSON schema:
{
"vulnerabilityFindings": {
"nodes": [
{
"id": "",
"link": "",
"name": "",
"score": "",
"status": "O",
"version": "",
"projects": [
{
"id": "",
"name": "",
"slug": "",
"riskProfile": {
"businessImpact": ""
},
"businessUnit": ""
}
],
"portalUrl": "",
"hasExploit": "",
"resolvedAt": "",
"description": "",
"ignoreRules": "",
"impactScore": "",
"remediation": "",
"CVSSSeverity": "",
"detailedName": "",
"epssSeverity": "",
"fixedVersion": "",
"locationPath": "",
"layerMetadata": "",
"CVEDescription": "",
"dataSourceName": "",
"epssPercentile": "",
"lastDetectedAt": "",
"vendorSeverity": "",
"detectionMethod": "",
"epssProbability": "",
"firstDetectedAt": "",
"vulnerableAsset": {
"id": "",
"name": "",
"tags": {},
"type": "",
"region": "",
"status": "",
"ipAddresses": [],
"cloudPlatform": "",
"subscriptionId": "",
"operatingSystem": "",
"cloudProviderURL": "",
"providerUniqueId": "",
"subscriptionName": "",
"isAccessibleFromVPN": "",
"subscriptionExternalId": "",
"hasWideInternetExposure": "",
"hasLimitedInternetExposure": "",
"isAccessibleFromOtherVnets": "",
"isAccessibleFromOtherSubscriptions": ""
},
"resolutionReason": "",
"hasCisaKevExploit": "",
"validatedInRuntime": "",
"exploitabilityScore": ""
}
],
"pageInfo": {
"endCursor": "",
"hasNextPage": ""
}
}
}
The Sample - Wiz.io - 1.1.0 playbook collection comes bundled with the Wiz.io connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Wiz.io connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Wiz provides a comprehensive analysis engine that integrates: Cloud Security Posture Management (CSPM) Kubernetes Security Posture Management (KSPM) Cloud Workload Protection (CWPP) + vulnerability management. Infrastructure-as-Code (IaC) scanning.
This document provides information about the Wiz.io Connector, which facilitates automated interactions, with a Wiz.io server using FortiSOAR™ playbooks. Add the Wiz.io Connector as a step in FortiSOAR™ playbooks and perform automated operations with Wiz.io.
Connector Version: 1.1.0
FortiSOAR™ Version Tested on: 7.4.3-3294
Authored By: Fortinet
Contributor: Julian Petersohn
Certified: Yes
Following enhancements have been made to the Wiz.io Connector in version 1.1.0:
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command as a root user to install the connector:
yum install cyops-connector-wiz-io
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the Wiz.io connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
| Parameter | Description |
|---|---|
| API Endpoint URL | Specify the URL of the Wiz.io server to connect and perform automated operations. Provide the API endpoint URL for the GraphQL API. The format is as follows:
https://api.your-server-location-here.app.wiz.io |
| Client ID | Specify the API Client ID generated in the service account of the WIZ deployment to access the Wiz.io server. |
| Client Secret | Specify the API Client Secret generated in the service account of the WIZ deployment to access the Wiz.io server. |
| Authentication Endpoint URL | Specify the URL from which to retrieve OAuth token. The URL can be found at the Service Account page of the Wiz.io server. |
| Verify SSL | Specifies whether the SSL certificate for the server is to be verified. By default, this option is set to True. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations:
| Function | Description | Annotation and Category |
|---|---|---|
| Get Issues | Gets issues for all assets from Wiz.io based on the filter query and maximum results limit that you have specified. | get_issues Investigation |
| Get Inventory Assets | Get inventory assets from Wiz.io platform based on the Project ID and other filter criteria that you have specified. | get_inventory_assets Investigation |
| Get Issues for Asset | Get issues for all assets from Wiz.io based on the Asset ID, Project ID, Status, and other filter criteria that you have specified. | get_issues_by_asset Investigation |
| Get Projects | Get a list of projects and settings based on the filter query and maximum results limit that you have specified. | get_projects Investigation |
| Add Comment to Issue | Add a comment to an existing issue within Wiz.io based on the issue ID and the comment that you have specified. | add_comment_to_issue Investigation |
| Get Vulnerabilities for Asset | Get vulnerabilities for all assets from Wiz.io based on the Asset ID, Project ID, and other filter criteria that you have specified. | get_vulnerabilities_for_asset Investigation |
| Parameter | Description |
|---|---|
| Filter Query | Specify the filter query to fetch the issues from Wiz. For example: { "severity": ["critical"]} |
| Limit | Specify the maximum number of results to be returned in the response. |
The output contains the following populated JSON schema:
{
"data": {
"issues": {
"nodes": [
{
"id": "",
"type": "",
"dueAt": "",
"notes": [],
"status": "",
"projects": [
{
"id": "",
"name": "",
"slug": "",
"riskProfile": {
"businessImpact": ""
},
"businessUnit": ""
}
],
"severity": "",
"createdAt": "",
"updatedAt": "",
"resolvedAt": "",
"sourceRule": {
"id": "",
"name": "",
"controlDescription": "",
"securitySubCategories": [
{
"title": "",
"category": {
"name": "",
"framework": {
"name": ""
}
}
}
],
"resolutionRecommendation": ""
},
"entitySnapshot": {
"id": "",
"name": "",
"tags": {},
"type": "",
"region": "",
"status": "",
"createdAt": "",
"externalId": "",
"nativeType": "",
"providerId": "",
"cloudPlatform": "",
"cloudProviderURL": "",
"subscriptionName": "",
"subscriptionTags": {},
"subscriptionExternalId": "",
"resourceGroupExternalId": ""
},
"serviceTickets": [],
"statusChangedAt": ""
}
],
"pageInfo": {
"endCursor": "",
"hasNextPage": ""
}
}
}
}
| Parameter | Description |
|---|---|
| Project ID | Specify the project ID whose associated inventory assets are to be retrieved. |
| Filter Query | Specify the filter query to fetch the inventory assets from Wiz. For example: { "type": ["VIRTUAL_MACHINE"]} |
| Limit | Specify the maximum number of results to be returned in the response. |
The output contains the following populated JSON schema:
{
"data": {
"graphSearch": {
"totalCount": "",
"pageInfo": {
"endCursor": "",
"hasNextPage": ""
},
"nodes": [
{
"entities": [
{
"id": "",
"name": "",
"properties": {
"_productIDs": [],
"_vertexID": "",
"accessibleFrom.internet": "",
"cloudPlatform": "",
"cloudProviderURL": "",
"creationDate": "",
"externalId": "",
"hasAdminPrivileges": "",
"hasHighPrivileges": "",
"hasSensitiveData": "",
"isContainerHost": "",
"isEphemeral": "",
"isManaged": "",
"memoryGB": "",
"name": "",
"nativeType": "",
"numAddressesOpenForHTTP": "",
"numAddressesOpenForHTTPS": "",
"numAddressesOpenForNonStandardPorts": "",
"numAddressesOpenForRDP": "",
"numAddressesOpenForSSH": "",
"numAddressesOpenForWINRM": "",
"openToAllInternet": "",
"openToEntireInternet": "",
"operatingSystem": "",
"passwordAuthDisabled": "",
"providerUniqueId": "",
"region": "",
"regionLocation": "",
"resourceGroupExternalId": "",
"status": "",
"subscriptionExternalId": "",
"tags": {
"Name": ""
},
"totalDisks": "",
"updatedAt": "",
"vCPUs": "",
"zone": ""
},
"type": "",
"technologies": [
{
"name": "",
"risk": "",
"usage": "",
"status": ""
}
]
}
]
}
]
}
}
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the asset ID whose associated issues are to be retrieved. |
| Project ID | Specify the project ID whose associated issues are to be retrieved. |
| Status | Select the issue status associated with the specified asset and project ID. You can choose from the following options:
|
| Limit | Specify the maximum number of results to be returned in the response. |
The output contains the following populated JSON schema:
{
"data": {
"issuesGroupedByValue": {
"nodes": [
{
"id": "",
"issues": {
"nodes": [
{
"id": "",
"type": "",
"control": {
"id": "",
"name": "",
"description": "",
"severity": "",
"type": "",
"query": {
"as": "",
"relationships": [
{
"negate": "",
"type": [
{
"type": ""
}
],
"with": {
"relationships": [
{
"type": [
{
"type": ""
}
],
"with": {
"type": [
""
],
"where": {
"categories": {
"EQUALS": []
}
}
}
}
],
"type": []
}
}
],
"select": "",
"type": [],
"where": {
"cloudPlatform": {
"EQUALS": []
}
}
},
"enabled": "",
"enabledForLBI": "",
"enabledForMBI": "",
"enabledForHBI": "",
"enabledForUnattributed": "",
"securitySubCategories": [
{
"id": "",
"category": {
"id": ""
}
}
],
"sourceCloudConfigurationRule": "",
"createdBy": "",
"serviceTickets": ""
},
"sourceRule": {
"id": "",
"name": "",
"query": {
"as": "",
"relationships": [
{
"negate": "",
"type": [
{
"type": ""
}
],
"with": {
"relationships": [
{
"type": [
{
"type": ""
}
],
"with": {
"type": [
""
],
"where": {
"categories": {
"EQUALS": []
}
}
}
}
],
"type": []
}
}
],
"select": "",
"type": [],
"where": {
"cloudPlatform": {
"EQUALS": []
}
}
},
"type": "",
"enabled": "",
"enabledForHBI": "",
"enabledForLBI": "",
"enabledForMBI": "",
"enabledForUnattributed": "",
"resolutionRecommendation": "",
"controlDescription": "",
"securitySubCategories": [
{
"id": "",
"title": "",
"category": {
"id": "",
"name": "",
"framework": {
"id": "",
"name": "",
"description": "",
"enabled": ""
}
}
}
]
},
"createdAt": "",
"updatedAt": "",
"projects": [
{
"id": "",
"name": "",
"slug": "",
"isFolder": "",
"businessUnit": "",
"riskProfile": {
"businessImpact": ""
}
}
],
"status": "",
"severity": "",
"entity": {
"id": "",
"name": "",
"type": ""
},
"resolutionReason": "",
"entitySnapshot": {
"id": "",
"type": "",
"name": "",
"cloudPlatform": "",
"region": "",
"subscriptionName": "",
"subscriptionId": "",
"subscriptionExternalId": "",
"subscriptionTags": {},
"nativeType": "",
"kubernetesClusterId": "",
"kubernetesClusterName": "",
"kubernetesNamespaceName": "",
"containerServiceId": "",
"containerServiceName": "",
"tags": {
"Name": ""
}
},
"notes": [],
"serviceTickets": [],
"entityBasicDetails": {
"id": "",
"type": "",
"name": ""
},
"entityExtraDetails": {
"id": "",
"properties": {
"_productIDs": [],
"_vertexID": "",
"accessibleFrom.internet": "",
"cloudPlatform": "",
"cloudProviderURL": "",
"creationDate": "",
"externalId": "",
"hasAdminPrivileges": "",
"hasHighPrivileges": "",
"hasSensitiveData": "",
"isContainerHost": "",
"isEphemeral": "",
"isManaged": "",
"memoryGB": "",
"name": "",
"nativeType": "",
"numAddressesOpenForHTTP": "",
"numAddressesOpenForHTTPS": "",
"numAddressesOpenForNonStandardPorts": "",
"numAddressesOpenForRDP": "",
"numAddressesOpenForSSH": "",
"numAddressesOpenForWINRM": "",
"openToAllInternet": "",
"openToEntireInternet": "",
"operatingSystem": "",
"passwordAuthDisabled": "",
"providerUniqueId": "",
"region": "",
"regionLocation": "",
"resourceGroupExternalId": "",
"status": "",
"subscriptionExternalId": "",
"tags": {
"Name": ""
},
"totalDisks": "",
"updatedAt": "",
"vCPUs": "",
"zone": ""
},
"projects": [
{
"id": "",
"name": "",
"slug": "",
"isFolder": "",
"businessUnit": "",
"riskProfile": {
"businessImpact": ""
}
}
]
}
}
],
"totalCount": "",
"criticalSeverityCount": "",
"highSeverityCount": "",
"mediumSeverityCount": "",
"lowSeverityCount": "",
"informationalSeverityCount": "",
"pageInfo": {
"hasNextPage": ""
}
}
}
],
"pageInfo": {
"hasNextPage": "",
"endCursor": ""
},
"totalCount": ""
}
}
}
| Parameter | Description |
|---|---|
| Filter Query | Specify the filter query to fetch projects from Wiz. For example: { "id": {"equals": "d6ac50bb-aec0-52fc-80ab-bacd7b02f178"}} |
| Limit | Specify the maximum number of results to be returned in the response. |
The output contains the following populated JSON schema:
{
"data": {
"projects": {
"pageInfo": {
"hasNextPage": "",
"endCursor": ""
},
"totalCount": "",
"nodes": [
{
"id": "",
"name": "",
"slug": "",
"isFolder": "",
"childProjectCount": "",
"cloudAccountCount": "",
"repositoryCount": "",
"kubernetesClusterCount": "",
"containerRegistryCount": "",
"securityScore": "",
"archived": "",
"businessUnit": "",
"description": "",
"workloadCount": "",
"licensedWorkloadQuota": "",
"riskProfile": {
"businessImpact": ""
},
"nestingLevel": "",
"ancestorProjects": ""
}
]
}
}
}
| Parameter | Description |
|---|---|
| Issue ID | Specify the issue ID for which the comment is to be added. |
| Comment | Specify the comment to add to the issue. |
The output contains the following populated JSON schema:
{
"data": {
"createIssueNote": {
"issueNote": {
"createdAt": "",
"id": "",
"text": "",
"user": ""
}
}
}
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the asset ID whose associated vulnerabilities are to be retrieved. |
| Limit | Specify the maximum number of results to be returned in the response. |
The output contains the following populated JSON schema:
{
"vulnerabilityFindings": {
"nodes": [
{
"id": "",
"link": "",
"name": "",
"score": "",
"status": "O",
"version": "",
"projects": [
{
"id": "",
"name": "",
"slug": "",
"riskProfile": {
"businessImpact": ""
},
"businessUnit": ""
}
],
"portalUrl": "",
"hasExploit": "",
"resolvedAt": "",
"description": "",
"ignoreRules": "",
"impactScore": "",
"remediation": "",
"CVSSSeverity": "",
"detailedName": "",
"epssSeverity": "",
"fixedVersion": "",
"locationPath": "",
"layerMetadata": "",
"CVEDescription": "",
"dataSourceName": "",
"epssPercentile": "",
"lastDetectedAt": "",
"vendorSeverity": "",
"detectionMethod": "",
"epssProbability": "",
"firstDetectedAt": "",
"vulnerableAsset": {
"id": "",
"name": "",
"tags": {},
"type": "",
"region": "",
"status": "",
"ipAddresses": [],
"cloudPlatform": "",
"subscriptionId": "",
"operatingSystem": "",
"cloudProviderURL": "",
"providerUniqueId": "",
"subscriptionName": "",
"isAccessibleFromVPN": "",
"subscriptionExternalId": "",
"hasWideInternetExposure": "",
"hasLimitedInternetExposure": "",
"isAccessibleFromOtherVnets": "",
"isAccessibleFromOtherSubscriptions": ""
},
"resolutionReason": "",
"hasCisaKevExploit": "",
"validatedInRuntime": "",
"exploitabilityScore": ""
}
],
"pageInfo": {
"endCursor": "",
"hasNextPage": ""
}
}
}
The Sample - Wiz.io - 1.1.0 playbook collection comes bundled with the Wiz.io connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Wiz.io connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.