Wiz provides a comprehensive analysis engine that integrates: Cloud Security Posture Management (CSPM) Kubernetes Security Posture Management (KSPM) Cloud Workload Protection (CWPP) + vulnerability management. Infrastructure-as-Code (IaC) scanning.
This document provides information about the Wiz.io connector, which facilitates automated interactions, with a Wiz.io server using FortiSOAR™ playbooks. Add the Wiz.io connector as a step in FortiSOAR™ playbooks and perform automated operations with Wiz.io.
Connector Version: 2.0.0
FortiSOAR™ Version Tested on: 7.6.0-5012
Authored By: Fortinet
Contributor: Julian Petersohn
Certified: Yes
Following enhancements have been made to the Wiz.io connector in version 2.0.0:
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command as a root user to install the connector:
yum install cyops-connector-wiz-io
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the Wiz.io connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
| Parameter | Description |
|---|---|
| API Endpoint URL | Specify the URL of the Wiz.io server to connect and perform automated operations. Provide the API endpoint URL for the GraphQL API. The format is as follows:
https://api.your-server-location-here.app.wiz.io |
| Client ID | Specify the API Client ID generated in the service account of the WIZ deployment to access the Wiz.io server. |
| Client Secret | Specify the API Client Secret generated in the service account of the WIZ deployment to access the Wiz.io server. |
| Authentication Endpoint URL | Specify the URL from which to retrieve OAuth token. The URL can be found at the Service Account page of the Wiz.io server. |
| Verify SSL | Specifies whether the SSL certificate for the server is to be verified. By default, this option is selected, i.e., set to true. |
You can use the following automated operations in playbooks and also use the annotations to access operations:
| Function | Description | Annotation and Category |
|---|---|---|
| Get Issues | Gets issues from Wiz.io based on the issue ID, search query, and other filter criteria that you have specified. | get_issues Investigation |
| Get Inventory Assets | Gets inventory assets from Wiz.io platform based on the Project ID, type, and other filter criteria that you have specified. | get_inventory_assets Investigation |
| Get Projects | Gets a list of projects and settings based on the name, business impact, and other filter criteria that you have specified. | get_projects Investigation |
| Add Comment to Issue | Adds a comment to an existing issue within Wiz.io based on the issue ID and the comment that you have specified. | add_comment_to_issue Investigation |
| Get Vulnerabilities | Gets vulnerabilities from Wiz.io based on the asset ID, project ID, and other filter criteria that you have specified. | get_vulnerabilities Investigation |
| Parameter | Description |
|---|---|
| Issue ID | (Optional) Specify the issue ID to fetch its details from Wiz.io. |
| Search Query | (Optional) Specify the search term to filter the retrieved results. This action searches on the fields Issue Title and Object Name. Returns NULL if no match is found. |
| Project ID | (Optional) Specify the project ID whose issues are to be fetched from Wiz.io. |
| Severity | (Optional) Select the severity to filter the retrieved results. You can choose from the following options:
|
| Status | (Optional) Select the status to filter the issues. You can choose from the following options:
|
| Type | (Optional) Select the issue type to filter the issues. You can choose from the following options:
|
| Related Entity ID | (Optional) Specify the related entity ID to fetch the issues from Wiz.io. |
| Related Entity Type | (Optional) Select the related entity type to fetch the issues from Wiz.io. For example: ACCESS_KEY, ACCESS_ROLE, API_GATEWAY, etc. |
| Created before | (Optional) Select the date and time to filter issues created before the specified date period. |
| Created after | (Optional) Select the date and time to filter issues created after the specified date period. |
| Resolved before | (Optional) Select the date and time to filter issues resolved before the specified date period. |
| Resolved after | (Optional) Select the date and time to filter issues resolved after the specified date period. |
| Limit | Specify the maximum number of results to be returned in the response. Default is 20. |
| Pagination | (Optional) Specify the pagination to filter the issues. Use the Value from the "after" parameter in the previous result. |
| Related Cloud Platform | (Optional) Specify the related cloud platform to filter the issue. e.g. Alibaba, AKS, AWS, Azure, EKS, GCP, GKE, Kubernetes, Linode, OCI, OKE, OpenShift, vSphere |
The output contains the following populated JSON schema:
{
"data": {
"issues": {
"nodes": [
{
"id": "",
"type": "",
"dueAt": "",
"notes": [],
"status": "",
"projects": [
{
"id": "",
"name": "",
"slug": "",
"riskProfile": {
"businessImpact": ""
},
"businessUnit": ""
}
],
"severity": "",
"createdAt": "",
"updatedAt": "",
"resolvedAt": "",
"sourceRule": {
"id": "",
"name": "",
"controlDescription": "",
"securitySubCategories": [
{
"title": "",
"category": {
"name": "",
"framework": {
"name": ""
}
}
}
],
"resolutionRecommendation": ""
},
"entitySnapshot": {
"id": "",
"name": "",
"tags": {},
"type": "",
"region": "",
"status": "",
"createdAt": "",
"externalId": "",
"nativeType": "",
"providerId": "",
"cloudPlatform": "",
"cloudProviderURL": "",
"subscriptionName": "",
"subscriptionTags": {},
"subscriptionExternalId": "",
"resourceGroupExternalId": ""
},
"serviceTickets": [],
"statusChangedAt": ""
}
],
"pageInfo": {
"endCursor": "",
"hasNextPage": ""
}
}
}
}
| Parameter | Description |
|---|---|
| Project ID | Specify the project ID whose associated inventory assets are to be retrieved. Default is *. |
| Type | Specify the entity types for which inventory assets needs to be fetched. For example: VIRTUAL_MACHINE,CONTAINER_IMAGE. Entity types must be specified in ALL CAPS. For more information on the list of types, refer to https://win.wiz.io/docs/security-graph-object-normalization |
| Search Term | (Optional) Specify the search term to fetch the inventory assets. |
| Updated before | (Optional) Specify the time to retrieve cloud resources created or updated in the specified date period. DateTime format: yyyy-MM-dd'T'HH:mm:ss'Z' (ISO 8601 format) |
| Updated after | (Optional) Specify the time to retrieve cloud resources created or updated in the specified date period. DateTime format: yyyy-MM-dd'T'HH:mm:ss'Z' (ISO 8601 format) |
| Deleted before | (Optional) Specify the time to retrieve cloud resources deleted in the specified date period. DateTime format: yyyy-MM-dd'T'HH:mm:ss'Z' (ISO 8601 format) |
| Deleted after | (Optional) Specify the time to retrieve cloud resources deleted in the specified date period. DateTime format: yyyy-MM-dd'T'HH:mm:ss'Z' (ISO 8601 format) |
| Limit | Specify the maximum number of results to be returned in the response. Default is 10. |
The output contains the following populated JSON schema:
{
"data": {
"graphSearch": {
"totalCount": "",
"pageInfo": {
"endCursor": "",
"hasNextPage": ""
},
"nodes": [
{
"entities": [
{
"id": "",
"name": "",
"properties": {
"_productIDs": [],
"_vertexID": "",
"accessibleFrom.internet": "",
"cloudPlatform": "",
"cloudProviderURL": "",
"creationDate": "",
"externalId": "",
"hasAdminPrivileges": "",
"hasHighPrivileges": "",
"hasSensitiveData": "",
"isContainerHost": "",
"isEphemeral": "",
"isManaged": "",
"memoryGB": "",
"name": "",
"nativeType": "",
"numAddressesOpenForHTTP": "",
"numAddressesOpenForHTTPS": "",
"numAddressesOpenForNonStandardPorts": "",
"numAddressesOpenForRDP": "",
"numAddressesOpenForSSH": "",
"numAddressesOpenForWINRM": "",
"openToAllInternet": "",
"openToEntireInternet": "",
"operatingSystem": "",
"passwordAuthDisabled": "",
"providerUniqueId": "",
"region": "",
"regionLocation": "",
"resourceGroupExternalId": "",
"status": "",
"subscriptionExternalId": "",
"tags": {
"Name": ""
},
"totalDisks": "",
"updatedAt": "",
"vCPUs": "",
"zone": ""
},
"type": "",
"technologies": [
{
"name": "",
"risk": "",
"usage": "",
"status": ""
}
]
}
]
}
]
}
}
}
| Parameter | Description |
|---|---|
| Name | (Optional) Specify the project name which needs to be fetched from Wiz.io |
| Business Impact | (Optional) Select the business impact value to filter the retrieved projects. For example: LBI, MBI, HBI |
| Include Archived Projects | (Optional) Select to include archived projects. Default is not selected, i.e., set to false. |
| Limit | Specify the maximum number of results to be returned in the response. Default is 20. |
The output contains the following populated JSON schema:
{
"data": {
"projects": {
"pageInfo": {
"hasNextPage": "",
"endCursor": ""
},
"totalCount": "",
"nodes": [
{
"id": "",
"name": "",
"slug": "",
"isFolder": "",
"childProjectCount": "",
"cloudAccountCount": "",
"repositoryCount": "",
"kubernetesClusterCount": "",
"containerRegistryCount": "",
"securityScore": "",
"archived": "",
"businessUnit": "",
"description": "",
"workloadCount": "",
"licensedWorkloadQuota": "",
"riskProfile": {
"businessImpact": ""
},
"nestingLevel": "",
"ancestorProjects": ""
}
]
}
}
}
| Parameter | Description |
|---|---|
| Issue ID | Specify the ID of the issue in which to add the comment. |
| Comment | Specify the comment to add. |
The output contains the following populated JSON schema:
{
"data": {
"createIssueNote": {
"issueNote": {
"createdAt": "",
"id": "",
"text": "",
"user": ""
}
}
}
}
| Parameter | Description |
|---|---|
| Status | Select the status to get the vulnerabilities from Wiz.io. You can choose from the following options:
|
| Project ID | Specify the project ID whose vulnerabilities needs to be fetched from Wiz.io. |
| Asset Type | Specify the asset type for which vulnerabilities needs to be fetched from Wiz.io. For example: VIRTUAL_MACHINE,CONTAINER_IMAGE. |
| Vulnerability ID | (Optional) Specify the vulnerability ID whose vulnerabilities needs to be fetched from Wiz.io. |
| External Subscription ID | (Optional) Specify the external subscription ID whose vulnerabilities needs to be fetched from Wiz.io. |
| Severity | (Optional) Select the severity to filter vulnerabilities from Wiz.io. You can choose from the following options:
|
| First Seen before | (Optional) Specify the time to return vulnerability findings that were created before the specified date period. Format: 2022-12-03T10:15:30Z |
| First Seen after | (Optional) Specify the time to return vulnerability findings that were created after the specified date period. Format: 2022-12-03T10:15:30Z |
| Resolved before | (Optional) Specify the time to return vulnerability findings that were resolved before the specified date period. Format: 2022-12-03T10:15:30Z |
| Resolved after | (Optional) Specify the time to return vulnerability findings that were resolved after the specified date period. Format: 2022-12-03T10:15:30Z |
| Asset ID | (Optional) Specify the Asset ID whose vulnerabilities needs to be fetched from Wiz.io. |
| Patch available | (Optional) Select to filter the vulnerabilities with available patch. |
| Exploit available | (Optional) Select to filter the vulnerabilities with available exploit. |
| Limit | Specify the maximum number of results to be returned in the response. Default is 10. Minimum is 1 and maximum is 5000. |
| Pagination | (Optional) Specify the pagination to filter the vulnerabilities. Use the Value from the "after" parameter in the previous result. |
The output contains the following populated JSON schema:
{
"data": {
"vulnerabilityFindings": {
"nodes": [
{
"id": "",
"link": "",
"name": "",
"score": "",
"status": "O",
"version": "",
"projects": [
{
"id": "",
"name": "",
"slug": "",
"riskProfile": {
"businessImpact": ""
},
"businessUnit": ""
}
],
"portalUrl": "",
"hasExploit": "",
"resolvedAt": "",
"description": "",
"ignoreRules": "",
"impactScore": "",
"remediation": "",
"CVSSSeverity": "",
"detailedName": "",
"epssSeverity": "",
"fixedVersion": "",
"locationPath": "",
"layerMetadata": "",
"CVEDescription": "",
"dataSourceName": "",
"epssPercentile": "",
"lastDetectedAt": "",
"vendorSeverity": "",
"detectionMethod": "",
"epssProbability": "",
"firstDetectedAt": "",
"vulnerableAsset": {
"id": "",
"name": "",
"tags": {},
"type": "",
"region": "",
"status": "",
"ipAddresses": [],
"cloudPlatform": "",
"subscriptionId": "",
"operatingSystem": "",
"cloudProviderURL": "",
"providerUniqueId": "",
"subscriptionName": "",
"isAccessibleFromVPN": "",
"subscriptionExternalId": "",
"hasWideInternetExposure": "",
"hasLimitedInternetExposure": "",
"isAccessibleFromOtherVnets": "",
"isAccessibleFromOtherSubscriptions": ""
},
"resolutionReason": "",
"hasCisaKevExploit": "",
"validatedInRuntime": "",
"exploitabilityScore": ""
}
],
"pageInfo": {
"endCursor": "",
"hasNextPage": ""
}
}
}
}
The Sample - Wiz.io - 2.0.0 playbook collection comes bundled with the Wiz.io connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Wiz.io connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Wiz provides a comprehensive analysis engine that integrates: Cloud Security Posture Management (CSPM) Kubernetes Security Posture Management (KSPM) Cloud Workload Protection (CWPP) + vulnerability management. Infrastructure-as-Code (IaC) scanning.
This document provides information about the Wiz.io connector, which facilitates automated interactions, with a Wiz.io server using FortiSOAR™ playbooks. Add the Wiz.io connector as a step in FortiSOAR™ playbooks and perform automated operations with Wiz.io.
Connector Version: 2.0.0
FortiSOAR™ Version Tested on: 7.6.0-5012
Authored By: Fortinet
Contributor: Julian Petersohn
Certified: Yes
Following enhancements have been made to the Wiz.io connector in version 2.0.0:
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command as a root user to install the connector:
yum install cyops-connector-wiz-io
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the Wiz.io connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
| Parameter | Description |
|---|---|
| API Endpoint URL | Specify the URL of the Wiz.io server to connect and perform automated operations. Provide the API endpoint URL for the GraphQL API. The format is as follows:
https://api.your-server-location-here.app.wiz.io |
| Client ID | Specify the API Client ID generated in the service account of the WIZ deployment to access the Wiz.io server. |
| Client Secret | Specify the API Client Secret generated in the service account of the WIZ deployment to access the Wiz.io server. |
| Authentication Endpoint URL | Specify the URL from which to retrieve OAuth token. The URL can be found at the Service Account page of the Wiz.io server. |
| Verify SSL | Specifies whether the SSL certificate for the server is to be verified. By default, this option is selected, i.e., set to true. |
You can use the following automated operations in playbooks and also use the annotations to access operations:
| Function | Description | Annotation and Category |
|---|---|---|
| Get Issues | Gets issues from Wiz.io based on the issue ID, search query, and other filter criteria that you have specified. | get_issues Investigation |
| Get Inventory Assets | Gets inventory assets from Wiz.io platform based on the Project ID, type, and other filter criteria that you have specified. | get_inventory_assets Investigation |
| Get Projects | Gets a list of projects and settings based on the name, business impact, and other filter criteria that you have specified. | get_projects Investigation |
| Add Comment to Issue | Adds a comment to an existing issue within Wiz.io based on the issue ID and the comment that you have specified. | add_comment_to_issue Investigation |
| Get Vulnerabilities | Gets vulnerabilities from Wiz.io based on the asset ID, project ID, and other filter criteria that you have specified. | get_vulnerabilities Investigation |
| Parameter | Description |
|---|---|
| Issue ID | (Optional) Specify the issue ID to fetch its details from Wiz.io. |
| Search Query | (Optional) Specify the search term to filter the retrieved results. This action searches on the fields Issue Title and Object Name. Returns NULL if no match is found. |
| Project ID | (Optional) Specify the project ID whose issues are to be fetched from Wiz.io. |
| Severity | (Optional) Select the severity to filter the retrieved results. You can choose from the following options:
|
| Status | (Optional) Select the status to filter the issues. You can choose from the following options:
|
| Type | (Optional) Select the issue type to filter the issues. You can choose from the following options:
|
| Related Entity ID | (Optional) Specify the related entity ID to fetch the issues from Wiz.io. |
| Related Entity Type | (Optional) Select the related entity type to fetch the issues from Wiz.io. For example: ACCESS_KEY, ACCESS_ROLE, API_GATEWAY, etc. |
| Created before | (Optional) Select the date and time to filter issues created before the specified date period. |
| Created after | (Optional) Select the date and time to filter issues created after the specified date period. |
| Resolved before | (Optional) Select the date and time to filter issues resolved before the specified date period. |
| Resolved after | (Optional) Select the date and time to filter issues resolved after the specified date period. |
| Limit | Specify the maximum number of results to be returned in the response. Default is 20. |
| Pagination | (Optional) Specify the pagination to filter the issues. Use the Value from the "after" parameter in the previous result. |
| Related Cloud Platform | (Optional) Specify the related cloud platform to filter the issue. e.g. Alibaba, AKS, AWS, Azure, EKS, GCP, GKE, Kubernetes, Linode, OCI, OKE, OpenShift, vSphere |
The output contains the following populated JSON schema:
{
"data": {
"issues": {
"nodes": [
{
"id": "",
"type": "",
"dueAt": "",
"notes": [],
"status": "",
"projects": [
{
"id": "",
"name": "",
"slug": "",
"riskProfile": {
"businessImpact": ""
},
"businessUnit": ""
}
],
"severity": "",
"createdAt": "",
"updatedAt": "",
"resolvedAt": "",
"sourceRule": {
"id": "",
"name": "",
"controlDescription": "",
"securitySubCategories": [
{
"title": "",
"category": {
"name": "",
"framework": {
"name": ""
}
}
}
],
"resolutionRecommendation": ""
},
"entitySnapshot": {
"id": "",
"name": "",
"tags": {},
"type": "",
"region": "",
"status": "",
"createdAt": "",
"externalId": "",
"nativeType": "",
"providerId": "",
"cloudPlatform": "",
"cloudProviderURL": "",
"subscriptionName": "",
"subscriptionTags": {},
"subscriptionExternalId": "",
"resourceGroupExternalId": ""
},
"serviceTickets": [],
"statusChangedAt": ""
}
],
"pageInfo": {
"endCursor": "",
"hasNextPage": ""
}
}
}
}
| Parameter | Description |
|---|---|
| Project ID | Specify the project ID whose associated inventory assets are to be retrieved. Default is *. |
| Type | Specify the entity types for which inventory assets needs to be fetched. For example: VIRTUAL_MACHINE,CONTAINER_IMAGE. Entity types must be specified in ALL CAPS. For more information on the list of types, refer to https://win.wiz.io/docs/security-graph-object-normalization |
| Search Term | (Optional) Specify the search term to fetch the inventory assets. |
| Updated before | (Optional) Specify the time to retrieve cloud resources created or updated in the specified date period. DateTime format: yyyy-MM-dd'T'HH:mm:ss'Z' (ISO 8601 format) |
| Updated after | (Optional) Specify the time to retrieve cloud resources created or updated in the specified date period. DateTime format: yyyy-MM-dd'T'HH:mm:ss'Z' (ISO 8601 format) |
| Deleted before | (Optional) Specify the time to retrieve cloud resources deleted in the specified date period. DateTime format: yyyy-MM-dd'T'HH:mm:ss'Z' (ISO 8601 format) |
| Deleted after | (Optional) Specify the time to retrieve cloud resources deleted in the specified date period. DateTime format: yyyy-MM-dd'T'HH:mm:ss'Z' (ISO 8601 format) |
| Limit | Specify the maximum number of results to be returned in the response. Default is 10. |
The output contains the following populated JSON schema:
{
"data": {
"graphSearch": {
"totalCount": "",
"pageInfo": {
"endCursor": "",
"hasNextPage": ""
},
"nodes": [
{
"entities": [
{
"id": "",
"name": "",
"properties": {
"_productIDs": [],
"_vertexID": "",
"accessibleFrom.internet": "",
"cloudPlatform": "",
"cloudProviderURL": "",
"creationDate": "",
"externalId": "",
"hasAdminPrivileges": "",
"hasHighPrivileges": "",
"hasSensitiveData": "",
"isContainerHost": "",
"isEphemeral": "",
"isManaged": "",
"memoryGB": "",
"name": "",
"nativeType": "",
"numAddressesOpenForHTTP": "",
"numAddressesOpenForHTTPS": "",
"numAddressesOpenForNonStandardPorts": "",
"numAddressesOpenForRDP": "",
"numAddressesOpenForSSH": "",
"numAddressesOpenForWINRM": "",
"openToAllInternet": "",
"openToEntireInternet": "",
"operatingSystem": "",
"passwordAuthDisabled": "",
"providerUniqueId": "",
"region": "",
"regionLocation": "",
"resourceGroupExternalId": "",
"status": "",
"subscriptionExternalId": "",
"tags": {
"Name": ""
},
"totalDisks": "",
"updatedAt": "",
"vCPUs": "",
"zone": ""
},
"type": "",
"technologies": [
{
"name": "",
"risk": "",
"usage": "",
"status": ""
}
]
}
]
}
]
}
}
}
| Parameter | Description |
|---|---|
| Name | (Optional) Specify the project name which needs to be fetched from Wiz.io |
| Business Impact | (Optional) Select the business impact value to filter the retrieved projects. For example: LBI, MBI, HBI |
| Include Archived Projects | (Optional) Select to include archived projects. Default is not selected, i.e., set to false. |
| Limit | Specify the maximum number of results to be returned in the response. Default is 20. |
The output contains the following populated JSON schema:
{
"data": {
"projects": {
"pageInfo": {
"hasNextPage": "",
"endCursor": ""
},
"totalCount": "",
"nodes": [
{
"id": "",
"name": "",
"slug": "",
"isFolder": "",
"childProjectCount": "",
"cloudAccountCount": "",
"repositoryCount": "",
"kubernetesClusterCount": "",
"containerRegistryCount": "",
"securityScore": "",
"archived": "",
"businessUnit": "",
"description": "",
"workloadCount": "",
"licensedWorkloadQuota": "",
"riskProfile": {
"businessImpact": ""
},
"nestingLevel": "",
"ancestorProjects": ""
}
]
}
}
}
| Parameter | Description |
|---|---|
| Issue ID | Specify the ID of the issue in which to add the comment. |
| Comment | Specify the comment to add. |
The output contains the following populated JSON schema:
{
"data": {
"createIssueNote": {
"issueNote": {
"createdAt": "",
"id": "",
"text": "",
"user": ""
}
}
}
}
| Parameter | Description |
|---|---|
| Status | Select the status to get the vulnerabilities from Wiz.io. You can choose from the following options:
|
| Project ID | Specify the project ID whose vulnerabilities needs to be fetched from Wiz.io. |
| Asset Type | Specify the asset type for which vulnerabilities needs to be fetched from Wiz.io. For example: VIRTUAL_MACHINE,CONTAINER_IMAGE. |
| Vulnerability ID | (Optional) Specify the vulnerability ID whose vulnerabilities needs to be fetched from Wiz.io. |
| External Subscription ID | (Optional) Specify the external subscription ID whose vulnerabilities needs to be fetched from Wiz.io. |
| Severity | (Optional) Select the severity to filter vulnerabilities from Wiz.io. You can choose from the following options:
|
| First Seen before | (Optional) Specify the time to return vulnerability findings that were created before the specified date period. Format: 2022-12-03T10:15:30Z |
| First Seen after | (Optional) Specify the time to return vulnerability findings that were created after the specified date period. Format: 2022-12-03T10:15:30Z |
| Resolved before | (Optional) Specify the time to return vulnerability findings that were resolved before the specified date period. Format: 2022-12-03T10:15:30Z |
| Resolved after | (Optional) Specify the time to return vulnerability findings that were resolved after the specified date period. Format: 2022-12-03T10:15:30Z |
| Asset ID | (Optional) Specify the Asset ID whose vulnerabilities needs to be fetched from Wiz.io. |
| Patch available | (Optional) Select to filter the vulnerabilities with available patch. |
| Exploit available | (Optional) Select to filter the vulnerabilities with available exploit. |
| Limit | Specify the maximum number of results to be returned in the response. Default is 10. Minimum is 1 and maximum is 5000. |
| Pagination | (Optional) Specify the pagination to filter the vulnerabilities. Use the Value from the "after" parameter in the previous result. |
The output contains the following populated JSON schema:
{
"data": {
"vulnerabilityFindings": {
"nodes": [
{
"id": "",
"link": "",
"name": "",
"score": "",
"status": "O",
"version": "",
"projects": [
{
"id": "",
"name": "",
"slug": "",
"riskProfile": {
"businessImpact": ""
},
"businessUnit": ""
}
],
"portalUrl": "",
"hasExploit": "",
"resolvedAt": "",
"description": "",
"ignoreRules": "",
"impactScore": "",
"remediation": "",
"CVSSSeverity": "",
"detailedName": "",
"epssSeverity": "",
"fixedVersion": "",
"locationPath": "",
"layerMetadata": "",
"CVEDescription": "",
"dataSourceName": "",
"epssPercentile": "",
"lastDetectedAt": "",
"vendorSeverity": "",
"detectionMethod": "",
"epssProbability": "",
"firstDetectedAt": "",
"vulnerableAsset": {
"id": "",
"name": "",
"tags": {},
"type": "",
"region": "",
"status": "",
"ipAddresses": [],
"cloudPlatform": "",
"subscriptionId": "",
"operatingSystem": "",
"cloudProviderURL": "",
"providerUniqueId": "",
"subscriptionName": "",
"isAccessibleFromVPN": "",
"subscriptionExternalId": "",
"hasWideInternetExposure": "",
"hasLimitedInternetExposure": "",
"isAccessibleFromOtherVnets": "",
"isAccessibleFromOtherSubscriptions": ""
},
"resolutionReason": "",
"hasCisaKevExploit": "",
"validatedInRuntime": "",
"exploitabilityScore": ""
}
],
"pageInfo": {
"endCursor": "",
"hasNextPage": ""
}
}
}
}
The Sample - Wiz.io - 2.0.0 playbook collection comes bundled with the Wiz.io connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Wiz.io connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.