Wiz
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Connector ID | Wiz |
| Publisher | Wiz |
| Used in Solutions | Wiz |
| Collection Method | Azure Function |
| Connector Definition Files | template_WIZ.json |
| Ingestion API | HTTP Data Collector API — Connector definition requires workspace key (SharedKey pattern) |
| Custom Log V1 Tables | Yes 🔶 — ingests into tables with type-suffixed columns |
The Wiz connector allows you to easily send Wiz Issues, Vulnerability Findings, and Audit logs to Microsoft Sentinel.
Tables Ingested
This connector ingests data into the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
WizAuditLogsV2_CL 🔶 |
? | ✓ | ? |
WizAuditLogs_CL 🔶 |
? | ✓ | ? |
WizIssuesV2_CL 🔶 |
? | ✓ | ? |
WizIssues_CL 🔶 |
? | ✓ | ? |
WizVulnerabilitiesV2_CL 🔶 |
? | ✓ | ? |
WizVulnerabilities_CL 🔶 |
? | ✓ | ? |
💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.
Permissions
Resource Provider Permissions: - Workspace (Workspace): read and write permissions are required. - Keys (Workspace): read permissions to shared keys for the workspace are required. See the documentation to learn more about workspace keys.
Custom Permissions: - Microsoft.Web/sites permissions: Read and write permissions to Azure Functions to create a Function App is required. See the documentation to learn more about Azure Functions. - Wiz Service Account credentials: Ensure you have your Wiz service account client ID and client secret, API endpoint URL, and auth URL. Instructions can be found on Wiz documentation.
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
NOTE: This connector: Uses Azure Functions to connect to Wiz API to pull Wiz Issues, Vulnerability Findings, and Audit Logs into Microsoft Sentinel. This might result in additional data ingestion costs. Check the Azure Functions pricing page for details. Creates an Azure Key Vault with all the required parameters stored as secrets.
1. STEP 1 - Get your Wiz credentials
Follow the instructions on Wiz documentation to get the erquired credentials.
2. STEP 2 - Deploy the connector and the associated Azure Function
IMPORTANT: Before deploying the Wiz Connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Wiz credentials from the previous step. - Workspace ID:
WorkspaceIdNote: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel. - Primary Key:PrimaryKeyNote: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel.
3. Option 1: Deploy using the Azure Resource Manager (ARM) Template
-
Click the Deploy to Azure button below.
2. Select the preferred Subscription, Resource Group and Location. 3. Enter the following parameters:
- Choose KeyVaultName and FunctionName for the new resources
- Enter the following Wiz credentials from step 1: WizAuthUrl, WizEndpointUrl, WizClientId, and WizClientSecret
- Enter the Workspace credentials AzureLogsAnalyticsWorkspaceId and AzureLogAnalyticsWorkspaceSharedKey
- Choose the Wiz data types you want to send to Microsoft Sentinel, choose at least one from Wiz Issues, Vulnerability Findings, and Audit Logs.
- (optional) follow Wiz documentation to add IssuesQueryFilter, VulnerbailitiesQueryFilter, and AuditLogsQueryFilter.
- Mark the checkbox labeled I agree to the terms and conditions stated above.
- Click Purchase to deploy.
4. Option 2: Manual Deployment of the Azure Function
Follow Wiz documentation to deploy the connector manually.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊