Skip to main content

Check out Port for yourselfย 

Wiz

Port's Wiz integration allows you to model Wiz resources in your software catalog and ingest data into them.

Overviewโ€‹

This integration allows you to:

  • Map and organize your desired Wiz resources and their metadata in Port (see supported resources below).
  • Watch for Wiz object changes (create/update/delete) in real-time, and automatically apply the changes to your entities in Port.

Supported Resourcesโ€‹

The resources that can be ingested from Wiz into Port are listed below. It is possible to reference any field that appears in the API responses linked below in the mapping configuration.

Prerequisitesโ€‹

Port Credentialsโ€‹

To get your Port credentials, go to your Port application, click on the ... button in the top right corner, and select Credentials. Here you can view and copy your CLIENT_ID and CLIENT_SECRET:

Wiz Credentialsโ€‹

You need the following connection details to configure Wiz:

  • Wiz API URL (API Endpoint URL)
  • Wiz Token URL
  • Client ID and Client Secret
Wiz Token URL

There are two possible endpoints depending on your service account's identity provider:

Learn more here.


  1. Finding Your Wiz API URL:
    • Login to Wiz account.
    • Click the User Profile icon available at the top right of the screen and click the User Settings option.
    • Click the Tenant option from the left options menu.
    • The system displays the API Endpoint URL.
    • Copy and save the API URL to use while configuring the Wiz intergration.

For more details, refer to the documentation


  1. Getting the Client ID and Client Secret

You must create a service account in Wiz to generate the Client ID and Client Secret. Follow the below steps to get the Client ID and Client Secret:

  • Login to Wiz with the Project Admin role.
  • Click the Settings icon available at the top-right of the page.
  • On the Settings page, Click Service Accounts from the left menu.
  • Create a Service Account:
    • Click Add Service Account.
    • Provide a descriptive Service Account Name.
    • Type: Select Custom Integration (GraphQL API).
    • Project: Choose the relevant project(s).
    • API Scopes: Select only the read:projects and read:issues permissions.
    • Click Add Service Account at the bottom of the page to save.


  • Retrieve Credentials: Wiz will display your Client ID and Client Secret.
  • Save Credentials: Copy and store them securely for use in Port.


Setupโ€‹

Choose one of the following installation methods:

Using this installation option means that the integration will be hosted by Port, with a customizable resync interval to ingest data into Port.

Beta feature

The Hosted by Port option is currently in beta, and is still undergoing final testing before its official release.

Should you encounter any bugs or functionality issues, please let us know so we can rectify them as soon as possible.
Your help is greatly appreciated! โญ

Live event support

Currently, live events are not supported for integrations hosted by Port.
Resyncs will be performed periodically every 1 hour by default (can be configured differently after installation), or manually triggered by you via Port's UI.

Therefore, real-time events (including GitOps) will not be ingested into Port immediately.
Support for live events is WIP and will be supported in the near future.

Installation

To install, follow the following steps:

  1. Go to the Data sources page of your portal.

  2. Click on the + Data source button in the top-right corner.

  3. Click on the relevant integration in the list.

  4. Under Select your installation method, choose Hosted by Port.

  5. Configure the integration settings and application settings as you wish (see below for details).

Application settings

Every integration hosted by Port has the following customizable application settings, which are configurable after installation:

  • Resync interval: The frequency at which Port will ingest data from the integration. There are various options available, ranging from every 1 hour to once a day.

  • Send raw data examples: A boolean toggle (enabled by default). If enabled, raw data examples will be sent from the integration to Port. These examples are used when testing your mapping configuration, they allow you to run your jq expressions against real data and see the results.

Integration settings

Every integration has its own tool-specific settings, under the Integration settings section.
Each of these settings has an โ“˜ icon next to it, which you can hover over to see a description of the setting.

Port secrets

Some integration settings require sensitive pieces of data, such as tokens.
For these settings, Port secrets will be used, ensuring that your sensitive data is encrypted and secure.

When changing such a setting, you will be prompted to choose an existing secret or create a new one:



Port source IP addresses

When using this installation method, Port will make outbound calls to your 3rd-party applications from static IP addresses.
You may need to add these addresses to your allowlist, in order to allow Port to interact with the integrated service:

54.73.167.226  
63.33.143.237
54.76.185.219

Configurationโ€‹

Port integrations use a YAML mapping block to ingest data from the third-party api into Port.

The mapping makes use of the JQ JSON processor to select, modify, concatenate, transform and perform other operations on existing fields and values from the integration API.

Examplesโ€‹

Examples of blueprints and the relevant integration configurations:

Projectโ€‹

Project blueprint
{
"identifier": "wizProject",
"description": "This blueprint represents a wiz project",
"title": "Wiz Project",
"icon": "Box",
"schema": {
"properties": {
"archived": {
"type": "boolean",
"title": "Archived?",
"description": "Is the project archived?"
},
"businessUnit": {
"type": "string",
"title": "Business Unit",
"description": "the business unit of the project"
},
"description": {
"type": "string",
"title": "Description",
"description": "the project description"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"relations": {
"issues": {
"target": "wizIssue",
"title": "Issues",
"description": "The issues affecting this project",
"required": false,
"many": true
}
}
}
Integration configuration
resources:
- kind: project
selector:
query: 'true'
port:
entity:
mappings:
blueprint: '"wizProject"'
identifier: .id
title: .name
properties:
archived: .archived
businessUnit: .businessUnit
description: .description

Controlโ€‹

Control blueprint
{
"identifier": "wizControl",
"description": "This blueprint represents a wiz source rule",
"title": "Wiz Control",
"icon": "Flag",
"schema": {
"properties": {
"controlDescription": {
"type": "string",
"title": "Control Description",
"description": "the control description"
},
"resolutionRecommendation": {
"type": "string",
"title": "Control Recommendation",
"description": "the control recommendation on resolving issues"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"relations": {}
}
Integration configuration
createMissingRelatedEntities: true
deleteDependentEntities: true
resources:
- kind: control
selector:
query: 'true'
port:
entity:
mappings:
blueprint: '"wizControl"'
identifier: .id
title: .name
properties:
controlDescription: .controlDescription
resolutionRecommendation: .resolutionRecommendation

Issueโ€‹

Issue blueprint
{
"identifier": "wizIssue",
"description": "This blueprint represents a wiz issue",
"title": "Wiz Issue",
"icon": "Alert",
"schema": {
"properties": {
"url": {
"type": "string",
"title": "Issue URL",
"format": "url",
"description": "the link to the issue"
},
"status": {
"title": "Status",
"type": "string",
"enum": [
"OPEN",
"IN_PROGRESS",
"RESOLVED",
"REJECTED"
],
"enumColors": {
"OPEN": "blue",
"IN_PROGRESS": "orange",
"RESOLVED": "green",
"REJECTED": "darkGray"
}
},
"severity": {
"title": "Severity",
"type": "string",
"enum": [
"INFORMATIONAL",
"LOW",
"MEDIUM",
"HIGH",
"CRITICAL"
],
"enumColors": {
"INFORMATIONAL": "blue",
"LOW": "yellow",
"MEDIUM": "orange",
"HIGH": "red",
"CRITICAL": "red"
}
},
"vulnerabilityType": {
"title": "Vulnerability Type",
"type": "string"
},
"wizIssueID": {
"title": "Wiz Issue ID",
"type": "string"
},
"cloudResourceType": {
"title": "Cloud Resource Type",
"type": "string"
},
"resourceName": {
"title": "Resource Name",
"type": "string"
},
"cloudPlatform": {
"title": "Cloud Platform",
"type": "string"
},
"linkToResource": {
"title": "Link to Cloud Resource",
"type": "string",
"format": "url"
},
"cloudResourceID": {
"title": "Cloud Resource ID",
"type": "string"
},
"cloudRegion": {
"title": "Cloud Region",
"type": "string"
},
"resourceGroupExternalId": {
"title": "Resource Group External ID",
"type": "string"
},
"subscriptionExternalId": {
"title": "Subscription External ID",
"type": "string"
},
"subscriptionName": {
"title": "Subscription Name",
"type": "string"
},
"subscriptionTags": {
"title": "Subscription Tags",
"type": "object"
},
"resourceTags": {
"title": "Resource Tags",
"type": "object"
},
"vulnerability": {
"title": "Vulnerability",
"type": "object",
"description": "The identified security risk"
},
"notes": {
"title": "Notes",
"type": "array"
},
"createdAt": {
"title": "Created At",
"type": "string",
"format": "date-time"
},
"updatedAt": {
"title": "Updated At",
"type": "string",
"format": "date-time"
},
"dueAt": {
"title": "Due At",
"type": "string",
"format": "date-time"
},
"resolvedAt": {
"title": "Resolved At",
"type": "string",
"format": "date-time"
},
"statusChangedAt": {
"title": "Status ChangedAt",
"type": "string",
"format": "date-time"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"relations": {
"projects": {
"target": "wizProject",
"title": "Affected Projects",
"description": "The projects affected by this issue",
"required": false,
"many": true
},
"serviceTickets": {
"target": "wizServiceTicket",
"title": "Service Tickets",
"description": "The service tickets belonging to this issue",
"required": false,
"many": true
},
"control": {
"target": "wizControl",
"title": "Control",
"description": "The control that flagged this issue",
"required": false,
"many": false
}
}
}
Integration configuration
createMissingRelatedEntities: true
deleteDependentEntities: true
resources:
- kind: issue
selector:
query: 'true'
port:
entity:
mappings:
blueprint: '"wizIssue"'
identifier: .id
title: .entitySnapshot.name + " | " + .entitySnapshot.type
properties:
url: .id as $id | "https://app.wiz.io/issues#~(issue~'" + $id + ")"
status: .status
severity: .severity
vulnerabilityType: .type
notes: .notes
wizIssueID: .entitySnapshot.id
cloudResourceType: .entitySnapshot.type
resourceName: .entitySnapshot.name
cloudPlatform: .entitySnapshot.cloudPlatform
linkToResource: if .entitySnapshot.cloudProviderURL == "" then null else .entitySnapshot.cloudProviderURL end
cloudResourceID: .entitySnapshot.providerId
cloudRegion: .entitySnapshot.region
resourceGroupExternalId: .entitySnapshot.resourceGroupExternalId
subscriptionExternalId: .entitySnapshot.subscriptionExternalId
subscriptionName: .entitySnapshot.subscriptionName
subscriptionTags: .entitySnapshot.subscriptionTags
resourceTags: .entitySnapshot.tags
vulnerability: .entitySnapshot
createdAt: .createdAt
updatedAt: .updatedAt
statusChangedAt: .statusChangedAt
resolvedAt: .resolvedAt
relations:
projects: .projects[].id
serviceTickets: .serviceTickets[].externalId
control: .sourceRule.id

Service Ticketโ€‹

Service Ticket blueprint
{
"identifier": "wizServiceTicket",
"description": "This blueprint represents a wiz service ticket",
"title": "Wiz Service Ticket",
"icon": "Book",
"schema": {
"properties": {
"url": {
"type": "string",
"title": "Ticket URL",
"format": "url",
"description": "the service ticket URL"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"relations": {}
}
Integration configuration
createMissingRelatedEntities: true
deleteDependentEntities: true
resources:
- kind: serviceTicket
selector:
query: 'true'
port:
entity:
mappings:
blueprint: '"wizServiceTicket"'
identifier: .externalId
title: .name
properties:
url: .url

Let's Test Itโ€‹

This section includes a sample response data from Wiz. In addition, it includes the entity created from the resync event based on the Ocean configuration provided in the previous section.

Payloadโ€‹

Here is an example of the payload structure from Wiz:

Project response data
{
"id": "d6ac50bb-aec0-52fc-80ab-bacd7b02f178",
"name": "Project1",
"isFolder": false,
"archived": false,
"businessUnit": "Dev",
"description": "Test project"
}
Control response data
{
"__typename": "Control",
"id": "9d7ef6e4-baed-47ba-99ec-a78a801f1e19",
"name": "Publicly Exposed Assets with DataFindings ",
"controlDescription": "",
"resolutionRecommendation": "",
"securitySubCategories": [
{
"title": "Data Security",
"category": {
"name": "8 Data Security",
"framework": {
"name": "Wiz"
}
}
}
]
}
Issue response data
{
"id": "fffedba9-587f-4251-8c96-d966c183f10c",
"sourceRule": {
"__typename": "Control",
"id": "9d7ef6e4-baed-47ba-99ec-a78a801f1e19",
"name": "Publicly Exposed Assets with DataFindings ",
"controlDescription": "",
"resolutionRecommendation": "",
"securitySubCategories": [
{
"title": "Data Security",
"category": {
"name": "8 Data Security",
"framework": {
"name": "Wiz"
}
}
}
]
},
"createdAt": "2023-08-23T07:56:09.903743Z",
"updatedAt": "2023-09-12T08:33:16.327851Z",
"dueAt": null,
"type": "TOXIC_COMBINATION",
"resolvedAt": "2023-08-30T08:17:54.613564Z",
"statusChangedAt": "2023-08-30T08:17:54.613564Z",
"projects": [
{
"id": "d6ac50bb-aec0-52fc-80ab-bacd7b02f178",
"name": "Project1",
"slug": "project1",
"businessUnit": "Dev",
"riskProfile": {
"businessImpact": "MBI"
}
}
],
"status": "RESOLVED",
"severity": "HIGH",
"entitySnapshot": {
"id": "3d7dafdc-0087-55e0-81fd-a9e2b152fb47",
"type": "DATA_FINDING",
"nativeType": "",
"name": "GDPR 2415",
"status": null,
"cloudPlatform": null,
"cloudProviderURL": "",
"providerId": "data##wizt-recEIECHXqlRPMZRw##wfke-jpb8-twwk-l7mm",
"region": "",
"resourceGroupExternalId": "",
"subscriptionExternalId": "",
"subscriptionName": "",
"subscriptionTags": null,
"tags": {},
"externalId": "data##wizt-recEIECHXqlRPMZRw##wfke-jpb8-twwk-l7mm"
},
"serviceTickets": [],
"notes": [
{
"createdAt": "2023-09-12T08:33:16.29091Z",
"updatedAt": "2023-09-12T08:33:16.366971Z",
"text": "test",
"user": null,
"serviceAccount": {
"name": "bot-ise"
}
},
{
"createdAt": "2023-09-12T08:22:20.13926Z",
"updatedAt": "2023-09-12T08:33:16.369728Z",
"text": "test",
"user": null,
"serviceAccount": {
"name": "bot-ise"
}
},
{
"createdAt": "2023-09-12T08:21:49.663314Z",
"updatedAt": "2023-09-12T08:33:16.371541Z",
"text": "test",
"user": null,
"serviceAccount": {
"name": "bot-ise"
}
}
]
}
Service Ticket response data
{
"externalId": "data##wizt-customID##ja63-kx0z-f27x-mpvl",
"name": "Security Vulnerability in AWS S3 Bucket",
"url": "https://api.wiz.com/wiz/service-tickets/data##wizt-customID##ja63-kx0z-f27x-mpvl"
}

Mapping Resultโ€‹

The combination of the sample payload and the Ocean configuration generates the following Port entity:

Project entity in Port(Click to expand)
{
"identifier": "d6ac50bb-aec0-52fc-80ab-bacd7b02f178",
"title": "Project1",
"blueprint": "wizProject",
"team": [],
"icon": "NewRelic",
"properties": {
"archived": false,
"businessUnit": "Dev",
"description": "Test project"
},
"createdAt": "2024-2-6T09:30:57.924Z",
"createdBy": "hBx3VFZjqgLPEoQLp7POx5XaoB0cgsxW",
"updatedAt": "2024-2-6T11:49:20.881Z",
"updatedBy": "hBx3VFZjqgLPEoQLp7POx5XaoB0cgsxW"
}
Control entity in Port(Click to expand)
{
"identifier": "9d7ef6e4-baed-47ba-99ec-a78a801f1e19",
"title": "Publicly Exposed Assets with DataFindings",
"blueprint": "wizControl",
"icon": "Flag",
"properties": {
"controlDescription": "",
"resolutionRecommendation": ""
},
"createdAt": "2024-2-6T09:30:57.924Z",
"createdBy": "hBx3VFZjqgLPEoQLp7POx5XaoB0cgsxW",
"updatedAt": "2024-2-6T11:49:20.881Z",
"updatedBy": "hBx3VFZjqgLPEoQLp7POx5XaoB0cgsxW"
}
Issue entity in Port(Click to expand)
{
"identifier": "fffedba9-587f-4251-8c96-d966c183f10c",
"title": "GDPR 2415 | DATA_FINDING",
"blueprint": "wizIssue",
"icon": "Alert",
"properties": {
"url": "https://app.wiz.io/issues#~(issue~'fffedba9-587f-4251-8c96-d966c183f10c)",
"status": "RESOLVED",
"severity": "HIGH",
"type": "TOXIC_COMBINATION",
"notes": [],
"vulnerability": {
"id": "3d7dafdc-0087-55e0-81fd-a9e2b152fb47",
"type": "DATA_FINDING",
"nativeType": "",
"name": "GDPR 2415",
"status": null,
"cloudPlatform": null,
"cloudProviderURL": "",
"providerId": "data##wizt-recEIECHXqlRPMZRw##wfke-jpb8-twwk-l7mm",
"region": "",
"resourceGroupExternalId": "",
"subscriptionExternalId": "",
"subscriptionName": "",
"subscriptionTags": null,
"tags": {},
"externalId": "data##wizt-recEIECHXqlRPMZRw##wfke-jpb8-twwk-l7mm"
},
"createdAt": "2023-08-23T07:56:09.903743Z",
"updatedAt": "2023-09-12T08:33:16.327851Z",
"resolvedAt": "2023-08-30T08:17:54.613564Z",
"statusChangedAt": "2023-08-30T08:17:54.613564Z",
},
"relations": {
"projects": ["d6ac50bb-aec0-52fc-80ab-bacd7b02f178"],
"serviceTickets": [],
"control": "9d7ef6e4-baed-47ba-99ec-a78a801f1e19"
},
"createdAt": "2023-08-23T07:56:09.903743Z",
"createdBy": "hBx3VFZjqgLPEoQLp7POx5XaoB0cgsxW",
"updatedAt": "2023-09-12T08:33:16.327851Z",
"updatedBy": "hBx3VFZjqgLPEoQLp7POx5XaoB0cgsxW"
}
Service Ticket entity in Port(Click to expand)
{
"identifier": "data##wizt-customID##ja63-kx0z-f27x-mpvl",
"title": "Security Vulnerability in AWS S3 Bucket",
"blueprint": "serviceTicket",
"icon": "Book",
"properties": {
"url": "https://api.wiz.com/wiz/service-tickets/data##wizt-customID##ja63-kx0z-f27x-mpvl"
},
"relations": {},
"createdAt": "2023-08-23T07:56:09.903743Z",
"createdBy": "hBx3VFZjqgLPEoQLp7POx5XaoB0cgsxW",
"updatedAt": "2023-09-12T08:33:16.327851Z",
"updatedBy": "hBx3VFZjqgLPEoQLp7POx5XaoB0cgsxW"
}

Alternative installation via webhookโ€‹

While the Ocean integration described above is the recommended installation method, you may prefer to use a webhook to ingest data from Wiz. If so, use the following instructions:

Note that when using the webhook installation method, data will be ingested into Port only when the webhook is triggered.

Webhook installation (click to expand)

In this example you are going to create a webhook integration between Wiz and Port, which will ingest Wiz issue entities into Port.

Port configuration

Create the following blueprint definition:

Wiz issue blueprint
{
"identifier": "wizIssue",
"description": "This blueprint represents a wiz issue",
"title": "Wiz Issue",
"icon": "Alert",
"schema": {
"properties": {
"status": {
"title": "Status",
"type": "string",
"enum": [
"OPEN",
"IN_PROGRESS",
"RESOLVED",
"REJECTED"
],
"enumColors": {
"OPEN": "blue",
"IN_PROGRESS": "orange",
"RESOLVED": "green",
"REJECTED": "darkGray"
}
},
"severity": {
"title": "Severity",
"type": "string",
"enum": [
"INFORMATIONAL",
"LOW",
"MEDIUM",
"HIGH",
"CRITICAL"
],
"enumColors": {
"INFORMATIONAL": "blue",
"LOW": "yellow",
"MEDIUM": "orange",
"HIGH": "red",
"CRITICAL": "red"
}
},
"control": {
"title": "Control",
"type": "string",
"description": "A security graph query defining a risk"
},
"vulnerability": {
"title": "Vulnerability",
"type": "object",
"description": "The identified security risk"
},
"createdAt": {
"title": "Created At",
"type": "string",
"format": "date-time"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"relations": {}
}

Create the following webhook configuration using Port's UI

Wiz issue webhook configuration
  1. Basic details tab - fill the following details:

    1. Title : Wiz Mapper;
    2. Identifier : wiz_mapper;
    3. Description : A webhook configuration to map Wiz issues to Port;
    4. Icon : Box;
  2. Integration configuration tab - fill the following JQ mapping:

    [
    {
    "blueprint": "wizIssue",
    "entity": {
    "identifier": ".body.issue.id",
    "title": ".body.resource.name",
    "properties": {
    "status": ".body.issue.status",
    "severity": ".body.issue.severity",
    "control": ".body.control.name",
    "vulnerability": ".body.resource",
    "createdAt": ".body.issue.created"
    }
    }
    }
    ]

Create a webhook in Wiz

  1. Send an email to win@wiz.io requesting for access to the developer documentation or reach out to your Wiz account manager.
  2. Follow this guide in the documentation to create a webhook.

Done! Any issue created in Wiz will trigger a webhook event to the webhook URL provided by Port. Port will parse the events according to the mapping and update the catalog entities accordingly.