The Wiz (Vulnerability Scanning) integration enables security and compliance teams to monitor vulnerabilities detected in their cloud environments. It connects Drata to Wiz so your team can automatically sync vulnerability findings and collect evidence required for compliance monitoring.
Key Capabilities
Vulnerability monitoring: Sync vulnerability findings detected by Wiz
Cloud security visibility: Track vulnerabilities across cloud resources
Automated evidence collection: Maintain vulnerability data in Drata for compliance reviews
This integration is used to automate tests such as vulnerability scanning verification and vulnerability remediation monitoring, helping prove compliance with vulnerability management policies.
Prerequisites & Data Access
A Wiz Service Account created for the integration
Access to generate API credentials in Wiz
Access to the following values from Wiz:
Base URL (Wiz API endpoint)
Client ID
Client Secret
Required Drata Role with Write access: Admin, Workspace Managers, DevOps Engineer
Access Reviewers (Access Reviewers can only Read the connection page they can’t make changes)
The Wiz service account must include the following permissions:
read:resourcesread:vulnerabilitiesread:issues
Permissions & Data Table
Permission/Scope | Why It’s Needed |
read:resources | Allows Drata to retrieve cloud resource data associated with vulnerabilities |
read:vulnerabilities | Allows Drata to sync vulnerability findings from Wiz |
read:issues | Allows Drata to retrieve issue metadata related to vulnerabilities |
Client ID | Used to authenticate the Wiz service account |
Client Secret | Used to securely authenticate API requests |
Base URL | Identifies the Wiz API endpoint used for the connection |
Step-by-Step Setup
Step 1: Retrieve Your Wiz Base URL
Log in to the Wiz dashboard.
Navigate to your user profile.
Locate the API Endpoint URL.
Copy the Base URL.
Expected outcome: You have the Wiz API endpoint URL required for the integration.
Step 2: Create a Wiz Service Account
In the Wiz dashboard, navigate to Settings → Service Accounts.
Select Add Service Account.
Enter a name for the service account.
(Optional) Restrict the scope of the service account to specific projects if desired.
Assign the following permissions:
read:resourcesread:vulnerabilitiesread:issues
Select Add Service Account.
Expected outcome: A service account is created with the required permissions.
Step 3: Copy the API Credentials
After creating the service account, copy the following values:
Client ID
Client Secret
Important:
Record the Client Secret in a secure location. After the credential window is closed, the secret will no longer be visible.
Expected outcome: You have the Client ID and Client Secret needed to authenticate the connection.
Step 4: Connect Wiz in Drata
Log in to Drata → go to the Connections page.
Navigate to your Available Connections.
Search for and start the Wiz connection process.
Enter the following values when prompted:
Base URL
Client ID
Client Secret
Expected outcome:
Wiz is successfully connected and vulnerability data begins syncing into Drata.
Important Notes
The Wiz service account must include the required read permissions to allow Drata to retrieve vulnerability data.
The Client Secret is only visible when the service account is created, so it must be stored securely.
The provided information does not specify additional filtering or configuration options for vulnerabilities synced into Drata.