Wiz
Overview
In today’s complex digital ecosystem, operational performance and security issues are often managed in siloed systems. This makes full-stack observability a challenging goal for many organizations.
The integration of Coralogix and Wiz empowers development teams to take complete ownership of their services, with full visibility into the performance and resource vulnerabilities, simplifying the analysis of the impact on their code and infrastructure.
Additionally, by ingesting Wiz audit logs into Coralogix, SOC admins gain the ability to detect suspicious user activity and correlate cross-product events. This holistic visibility empowers teams to quickly detect, respond to, and prevent incidents, ultimately enhancing operational resilience and ensuring compliance with security standards.
Prerequisites
Prior to integrating with your Coralogix account, create a Service Account with the appropriate API scope permissions.
- Log into your Wiz portal.
- Navigate to your user profile. Go to Tenant info.
- In the General tab, copy the API Endpoint URL and Authentication URL to be used below.
- Navigate to Settings > Service Accounts
- Click Add Service Account
-
On the New Service Account page, select the Custom Integration type.
-
In Projects:
- To read audit logs, do not select any project. This will grant this Service Account access to all projects.
- To read only issues or vulnerabilities, you can either leave the project selection empty and grant access to all projects or limit the access to specific projects.
Note
To read audit logs as well as issues and vulnerabilities of specific projects, create two Service Accounts - one with all project access for audit logs, and another limited to specific projects for issues and vulnerabilities data. Then, set up a distinct Coralogix integration for each Service Account.
-
In API Scopes, select at least one of the following permissions, based on the type of data you want to read.
- Audit logs -
admin:audit
. - Issues -
read:issues
. -
Vulnerabilities -
read:vulnerabilities
.
- Audit logs -
-
Click Add Service Account.
-
Copy the Client ID and Client Secret to be used in the steps below.
Note
The value of the Client Secret field is displayed only once, to allow you to copy it.
-
Click Finish.
Setup
- From your Coralogix toolbar, navigate to Data Flow > Integrations, select Wiz and click Connect.
- Click Add New.
-
Define the integration settings by filling in the following parameters:
- Integration name - Meaningful name of the Wiz integration.
- Application name - The Coralogix application name.
- Subsystem name - The Coralogix subsystem name. This field will default to "Wiz", but it may be modified.
- API Endpoint URL - The API Endpoint URL, obtained above.
- Authentication URL - The URL used for authentication, obtained above.
- Client ID - The client ID of the service account used for authentication, obtained above.
- Client secret - The client secret of the service account used for authentication, obtained above.
- Data types (at least one should be selected):
- Audit logs
- Issues
- Vulnerabilities
-
Click Create to create the integration. A successful integration enables cross-screen querying.
Log format
The ingested logs of issues and vulnerabilities will contain the following fields at the top level of the JSON, making it easy to query all logs related to a specific cloud resource.
Support
Need help?
Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.
Feel free to reach out to us via our in-app chat or by sending us an email to [email protected].