## Overview In today’s complex digital ecosystem, operational performance and security issues are often managed in siloed systems. This makes full-stack observability a challenging goal for many organizations. The integration of Coralogix and Wiz empowers development teams to take complete ownership of their services, with full visibility into the performance and resource vulnerabilities, simplifying the analysis of the impact on their code and infrastructure. Additionally, by ingesting Wiz audit logs into Coralogix, SOC admins gain the ability to detect suspicious user activity and correlate cross-product events. This holistic visibility empowers teams to quickly detect, respond to, and prevent incidents, ultimately enhancing operational resilience and ensuring compliance with security standards. ### Poll intervals - Audit logs are pulled every 10 minutes. - Issues and Vulnerabilities are polled every 12 hours. ## Prerequisites Prior to integrating with your Coralogix account, create a Service Account with the appropriate API scope permissions. 1. Log into your Wiz portal. 1. Navigate to your user profile. Go to **Tenant info**. 1. In the **General** tab, copy the **API Endpoint URL** and **Authentication URL** to be used below. 1. Navigate to **Settings** > **Service Accounts** 1. Click **Add Service Account** 1. On the **New Service Account** page, select the **Custom Integration** type. 1. In **Projects:** - To read audit logs, do not select any project. This will grant this Service Account access to all projects. - To read only issues or vulnerabilities, you can either leave the project selection empty and grant access to all projects or limit the access to specific projects. Note To read audit logs as well as issues and vulnerabilities of specific projects, create two Service Accounts - one with all project access for audit logs, and another limited to specific projects for issues and vulnerabilities data. Then, set up a distinct Coralogix integration for each Service Account. 1. In **API Scopes**, select at least one of the following permissions, based on the type of data you want to read. 1. Audit logs - `admin:audit` . 1. Issues - `read:issues`. 1. Vulnerabilities - `read:vulnerabilities` . 1. Click **Add Service Account.** 1. Copy the **Client ID** and **Client Secret** to be used in the steps below. Note The value of the **Client Secret** field is displayed only once, to allow you to copy it. 1. Click **Finish.** ## Setup 1. From your Coralogix toolbar, navigate to **Data Flow** > **Integrations,** select **Wiz** and click **Connect**. 1. Click **Add New.** 1. Define the integration settings by filling in the following parameters: - Integration name - Meaningful name of the Wiz integration. - Application name - The Coralogix application name. - Subsystem name - The Coralogix subsystem name. This field will default to "Wiz", but it may be modified. - API Endpoint URL - The API Endpoint URL, obtained above. - Authentication URL - The URL used for authentication, obtained above. - Client ID - The client ID of the service account used for authentication, obtained above. - Client secret - The client secret of the service account used for authentication, obtained above. - Data types (at least one should be selected): - Audit logs - Issues - Vulnerabilities 1. Click **Create** to create the integration. A successful integration enables cross-screen querying. ## Log format The ingested logs of issues and vulnerabilities will contain the following fields at the top level of the JSON, making it easy to query all logs related to a specific cloud resource. ```text cx_security: { cspm_provider: "Wiz" resource_id: "" } ``` ## Support **Need help?** Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up. Feel free to reach out to us **via our in-app chat** or by sending us an email to [support@coralogix.com](mailto:support@coralogix.com).