Skip to main content
Wiz Connection

Learn how to connect Wiz to Drata and set up risk categories.

Updated over a month ago

Wiz is a CSPM (Cloud Security Posture Management) platform that continuously detects and remediates misconfigurations from build time to runtime across your hybrid clouds.

Connect Wiz to Drata to monitor security risks in your cloud infrastructure and display the current posture as evidence for your compliance.

BEFORE DIVING IN

  • Wiz connections are workspace specific. You can configure each Wiz connection differently in each workspace. The Wiz connection does not sync across workspaces within Drata.

Enable the Wiz connection

To connect Wiz to Drata, you must have a Wiz Client ID, Client secret and Server URL. If you do not have these, create a Wiz service account.

Create a Wiz service account

To learn how to create a Wiz service account, go to Wiz’s Service Accounts.

Requirements for Wiz service account:

  • Service Account type: Must be a Custom Integration (GraphQL API).

  • Relevant Projects: Select the relevant projects.

  • Permissions: Select Read an issue, list issues (read:issues).

After creating a Wiz service account, the Client ID and Client secret is shown. Ensure to copy these fields because they will not be shown again.

Connect Wiz

On the Drata's Connections page, select Available connections and select the CSPM category or search for Wiz at the top search bar and select the Connect button.

In the connection drawer, enter your Wiz Client ID, Client secret, and Server URL. You can refer to Wiz's documentation to learn how to access these fields within Wiz.

  • Client ID: Enter the Client ID that is associated with your Wiz account.

  • Client secret: Enter the Client secret that is associated with your Wiz account.

  • Server URL: Enter the Wiz's API Endpoint URL. Ensure that your Server URL ends with /graphql. The URL can be found within the Tenant section on Wiz's User Settings page.

Troubleshoot tips

If your connection fails to connect, you can try to reconnect with a new Service Account with only the read:issues permission.

Configure and setup risk categories

After connecting Wiz to Drata, three (3) different Wiz issue risk categories is imported: Not encrypted in-transit, External exposure, and Excessive privileges.

Each of these risk categories has pre-set filters so that the correct risk category can match the Wiz issue and have the following optional filters that the admins can add. Admins can also modify the Wiz connection, like adding another risk category.

  • Pre-set filters:

    • Search: Name of risk category (for example: "Not encrypted in-transit” ).

    • Status: “Open”, ”InProgress”.

  • Optional filters:

    • Project IDs: Add one or more Project Ids, separated by comma. If none are provided, Wiz issues from all projects are imported.

    • Subscription IDs: Add one or more Subscription Ids, separated by comma. If none are provided, Wiz issues from all subscriptions are imported.

Learn more about the risk categories, how to enable them, and the corresponding monitoring test to satisfy for the DCFs (Drata Control Framework).

Workspace specific

Admins must create Wiz connections with different types of risk categories for each workspace. For example, if an admin has already created a Wiz connection with ‘External exposure’ for Workspace1, you cannot create another Wiz connection on a different workspace with the same type of risk category. (View the error message in the following screenshot).

Multiple risk category in workspace

If you have multiple risk categories like "user with excessive admin privileges" and "external exposure", you can have another wiz connection in a different workspace with only "external exposure".

Not encrypted in-transit risk category

Test ID: 210

Test name: Encryption in transit

Test description: Drata collects data from your cloud security posture management (CSPM) software to determine if there are active issues related to data not being encrypted while in transit.

Test logic (pass or fail): If one or more issues exist, the test fails. Otherwise it passes.

DCFs : DCF-55

User with excessive admin privileges risk category

Test ID: 208

Test name: Excessive privileges assigned

Test description: Drata collects data from your cloud security posture management (CSPM) software to determine if there are active issues related to accounts with excessive administrative privileges.

Test logic (pass or fail): If one or more issues exist, the test fails. Otherwise it passes.

DCFs: DCF-59, DCF-326

External exposure risk category

Test ID: 209

Test name: External exposure for cloud resources

Test description: Drata collects data from your cloud security posture management (CSPM) software to determine if there are active issues related to external exposure of cloud resources.

Test logic (pass or fail): If one or more issues exist, the test fails. Otherwise it passes.

DCFs: DCF-85, DCF-218, DCF-75

Risk categories

The 3 tests, 210, 208, and 209, has a default ‘unused’ state until a Wiz connection is created with the related risk category.

Auto-pilot sync

Note: Wiz issues are imported into Drata once every 24 hours as part of the auto-pilot sync.

After Wiz connection is set up, the Auto-pilot syncs. Drata can import up to 200 Wiz issues for each configured risk category. The corresponding tests are triggered and can pass if no issues were detected, otherwise will fail. If the test fails, the test drawer displays the list of Wiz issues (as shown in the following image).

Admins are able to exclude and re-include Wiz issues in the test drawer on the Monitoring page.

Delete the Wiz connection

You can delete the Wiz connection by going to the Connection page and selecting the trash icon on the drawer for the Wiz connection. All of the corresponding test for the Wiz connection will have an ‘Unused’ state for that workspace.

Did this answer your question?