Examples
To view and test the integration's mapping against examples of the third-party API responses, use the jq playground in your data sources page. Find the integration in the list of data sources and click on it to open the playground.
Examples of blueprints and the relevant integration configurations:
Project
Project blueprint
{
"identifier": "wizProject",
"description": "This blueprint represents a wiz project",
"title": "Wiz Project",
"icon": "Box",
"schema": {
"properties": {
"archived": {
"type": "boolean",
"title": "Archived?",
"description": "Is the project archived?"
},
"businessUnit": {
"type": "string",
"title": "Business Unit",
"description": "the business unit of the project"
},
"description": {
"type": "string",
"title": "Description",
"description": "the project description"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"relations": {
"issues": {
"target": "wizIssue",
"title": "Issues",
"description": "The issues affecting this project",
"required": false,
"many": true
}
}
}
Integration configuration
resources:
- kind: project
selector:
query: 'true'
port:
entity:
mappings:
blueprint: '"wizProject"'
identifier: .id
title: .name
properties:
archived: .archived
businessUnit: .businessUnit
description: .description
- Include archived projects
- Include business impact
The includeArchived selector controls whether to include archived projects in the integration. If not specified, archived projects are not included.
- kind: project
selector:
query: 'true'
includeArchived: true
The impact selector controls whether to filter projects by business impact in the integration. If not specified, no business impact filters are applied.
- kind: project
selector:
query: 'true'
impact: "HBI"
Control
Control blueprint
{
"identifier": "wizControl",
"description": "This blueprint represents a wiz source rule",
"title": "Wiz Control",
"icon": "Flag",
"schema": {
"properties": {
"controlDescription": {
"type": "string",
"title": "Control Description",
"description": "the control description"
},
"resolutionRecommendation": {
"type": "string",
"title": "Control Recommendation",
"description": "the control recommendation on resolving issues"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"relations": {}
}
Integration configuration
createMissingRelatedEntities: true
deleteDependentEntities: true
resources:
- kind: control
selector:
query: 'true'
port:
entity:
mappings:
blueprint: '"wizControl"'
identifier: .id
title: .name
properties:
controlDescription: .controlDescription
resolutionRecommendation: .resolutionRecommendation
Issue
Issue blueprint
{
"identifier": "wizIssue",
"description": "This blueprint represents a wiz issue",
"title": "Wiz Issue",
"icon": "Alert",
"schema": {
"properties": {
"url": {
"type": "string",
"title": "Issue URL",
"format": "url",
"description": "the link to the issue"
},
"status": {
"title": "Status",
"type": "string",
"enum": [
"OPEN",
"IN_PROGRESS",
"RESOLVED",
"REJECTED"
],
"enumColors": {
"OPEN": "blue",
"IN_PROGRESS": "orange",
"RESOLVED": "green",
"REJECTED": "darkGray"
}
},
"severity": {
"title": "Severity",
"type": "string",
"enum": [
"INFORMATIONAL",
"LOW",
"MEDIUM",
"HIGH",
"CRITICAL"
],
"enumColors": {
"INFORMATIONAL": "blue",
"LOW": "yellow",
"MEDIUM": "orange",
"HIGH": "red",
"CRITICAL": "red"
}
},
"vulnerabilityType": {
"title": "Vulnerability Type",
"type": "string"
},
"wizIssueID": {
"title": "Wiz Issue ID",
"type": "string"
},
"cloudResourceType": {
"title": "Cloud Resource Type",
"type": "string"
},
"resourceName": {
"title": "Resource Name",
"type": "string"
},
"cloudPlatform": {
"title": "Cloud Platform",
"type": "string"
},
"linkToResource": {
"title": "Link to Cloud Resource",
"type": "string",
"format": "url"
},
"cloudResourceID": {
"title": "Cloud Resource ID",
"type": "string"
},
"cloudRegion": {
"title": "Cloud Region",
"type": "string"
},
"resourceGroupExternalId": {
"title": "Resource Group External ID",
"type": "string"
},
"subscriptionExternalId": {
"title": "Subscription External ID",
"type": "string"
},
"subscriptionName": {
"title": "Subscription Name",
"type": "string"
},
"subscriptionTags": {
"title": "Subscription Tags",
"type": "object"
},
"resourceTags": {
"title": "Resource Tags",
"type": "object"
},
"vulnerability": {
"title": "Vulnerability",
"type": "object",
"description": "The identified security risk"
},
"notes": {
"title": "Notes",
"type": "array"
},
"createdAt": {
"title": "Created At",
"type": "string",
"format": "date-time"
},
"updatedAt": {
"title": "Updated At",
"type": "string",
"format": "date-time"
},
"dueAt": {
"title": "Due At",
"type": "string",
"format": "date-time"
},
"resolvedAt": {
"title": "Resolved At",
"type": "string",
"format": "date-time"
},
"statusChangedAt": {
"title": "Status ChangedAt",
"type": "string",
"format": "date-time"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"relations": {
"projects": {
"target": "wizProject",
"title": "Affected Projects",
"description": "The projects affected by this issue",
"required": false,
"many": true
},
"serviceTickets": {
"target": "wizServiceTicket",
"title": "Service Tickets",
"description": "The service tickets belonging to this issue",
"required": false,
"many": true
},
"control": {
"target": "wizControl",
"title": "Control",
"description": "The control that flagged this issue",
"required": false,
"many": false
}
}
}
Integration configuration
createMissingRelatedEntities: true
deleteDependentEntities: true
resources:
- kind: issue
selector:
query: 'true'
port:
entity:
mappings:
blueprint: '"wizIssue"'
identifier: .id
title: .entitySnapshot.name + " | " + .entitySnapshot.type
properties:
url: .id as $id | "https://app.wiz.io/issues#~(issue~'" + $id + ")"
status: .status
severity: .severity
vulnerabilityType: .type
notes: .notes
wizIssueID: .entitySnapshot.id
cloudResourceType: .entitySnapshot.type
resourceName: .entitySnapshot.name
cloudPlatform: .entitySnapshot.cloudPlatform
linkToResource: if .entitySnapshot.cloudProviderURL == "" then null else .entitySnapshot.cloudProviderURL end
cloudResourceID: .entitySnapshot.providerId
cloudRegion: .entitySnapshot.region
resourceGroupExternalId: .entitySnapshot.resourceGroupExternalId
subscriptionExternalId: .entitySnapshot.subscriptionExternalId
subscriptionName: .entitySnapshot.subscriptionName
subscriptionTags: .entitySnapshot.subscriptionTags
resourceTags: .entitySnapshot.tags
vulnerability: .entitySnapshot
createdAt: .createdAt
updatedAt: .updatedAt
statusChangedAt: .statusChangedAt
resolvedAt: .resolvedAt
relations:
projects: .projects[].id
serviceTickets: .serviceTickets[].externalId
control: .sourceRule.id
Service Ticket
Service Ticket blueprint
{
"identifier": "wizServiceTicket",
"description": "This blueprint represents a wiz service ticket",
"title": "Wiz Service Ticket",
"icon": "Book",
"schema": {
"properties": {
"url": {
"type": "string",
"title": "Ticket URL",
"format": "url",
"description": "the service ticket URL"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"relations": {}
}
Integration configuration
createMissingRelatedEntities: true
deleteDependentEntities: true
resources:
- kind: serviceTicket
selector:
query: 'true'
port:
entity:
mappings:
blueprint: '"wizServiceTicket"'
identifier: .externalId
title: .name
properties:
url: .url
Vulnerability
Vulnerability blueprint
{
"identifier": "wizVulnerabilityFinding",
"description": "This blueprint represents a wiz vulnerability finding",
"title": "Wiz Vulnerability Finding",
"icon": "Wiz",
"schema": {
"properties": {
"status": {
"title": "Status",
"type": "string",
"enum": [
"OPEN",
"IN_PROGRESS",
"RESOLVED",
"REJECTED"
],
"enumColors": {
"OPEN": "red",
"IN_PROGRESS": "yellow",
"RESOLVED": "green",
"REJECTED": "lightGray"
}
},
"severity": {
"title": "Severity",
"type": "string",
"enum": [
"LOW",
"MEDIUM",
"HIGH",
"CRITICAL",
"NONE"
],
"enumColors": {
"LOW": "olive",
"MEDIUM": "yellow",
"HIGH": "red",
"CRITICAL": "red",
"NONE": "lightGray"
}
},
"categories": {
"title": "Categories",
"type": "array"
},
"version": {
"title": "Version",
"type": "string"
},
"detectionMethod": {
"title": "Detection Method",
"type": "string"
},
"score": {
"title": "Score",
"type": "number"
},
"description": {
"title": "Description",
"type": "string"
},
"firstDetectedAt": {
"title": "First Detected At",
"type": "string",
"format": "date-time"
},
"publishedDate": {
"title": "Published Date",
"type": "string",
"format": "date-time"
},
"remediation": {
"title": "Remediation",
"type": "string"
},
"environments": {
"title": "Environments",
"type": "array"
},
"link": {
"title": "Link",
"type": "string",
"format": "url"
},
"vulnerabilityExternalId": {
"title": "Vulnerability External ID",
"type": "string"
},
"portalUrl": {
"title": "Portal URL",
"type": "string",
"format": "url"
},
"origin": {
"title": "Origin",
"type": "string"
},
"CVEDescription": {
"title": "CVE Description",
"type": "string"
},
"hasFix": {
"title": "Has Fix",
"type": "boolean"
},
"hasExploit": {
"title": "Has Exploit",
"type": "boolean"
},
"isHighProfileThreat": {
"title": "Is High Profile Threat",
"type": "boolean"
},
"rootComponent": {
"title": "Root Component",
"type": "object"
},
"applicationServices": {
"title": "Application Services",
"type": "array"
},
"updatedAt": {
"title": "Updated At",
"type": "string",
"format": "date-time"
},
"resolvedAt": {
"title": "Resolved At",
"type": "string",
"format": "date-time"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"relations": {
"projects": {
"target": "wizProject",
"title": "Projects",
"description": "The projects affected by this vulnerability finding",
"required": false,
"many": true
}
}
}
Integration configuration
resources:
- kind: vulnerability-finding
selector:
query: 'true'
port:
entity:
mappings:
blueprint: '"wizVulnerabilityFinding"'
identifier: .id
title: .name
properties:
status: .status
severity: .severity
categories: .categories
version: .version
score: .score
description: .description
remediation: .remediation
detectionMethod: .detectionMethod
environments: .environments
link: .link
portalUrl: .portalUrl
origin: .origin
vulnerabilityExternalId: .vulnerabilityExternalId
CVEDescription: .CVEDescription
hasFix: .hasFix
hasExploit: .hasExploit
isHighProfileThreat: .isHighProfileThreat
updatedAt: .updatedAt
resolvedAt: .resolvedAt
firstDetectedAt: .firstDetectedAt
publishedDate: .publishedDate
rootComponent: .rootComponent
applicationServices: .applicationServices
relations:
projects: .projects | map(.id)
The following selectors can be used to filter the data fetched from the Wiz API for the Vulnerability kind:
severityList: List of severity values to filter vulnerability findings by.statusList: List of status values to filter vulnerability findings by.maxPages: Maximum number of pages to fetch from the Wiz API.
- Include severity list
- Include status list
- Include max pages
The severityList selector controls the severity of vulnerabilities fetched from the Wiz API. If not specified, no severity filtering is applied, and all vulnerability severity are ingested into the catalog.
- kind: vulnerability-finding
selector:
query: 'true'
severityList: ["LOW", "MEDIUM", "HIGH", "CRITICAL", "NONE"]
The statusList selector optionally restricts returned results to specific vulnerability statuses. If not specified, the default statuses (OPEN, IN_PROGRESS) are applied.
- kind: vulnerability-finding
selector:
query: 'true'
typeList: ["OPEN", "IN_PROGRESS", "RESOLVED", "REJECTED"]
The maxPages selector is used to control how many pages the integration fetches from the Wiz API. The default value is 500, which ingests up to 50,000 results since each page contains 100 results.
- kind: vulnerability-finding
selector:
query: 'true'
maxPages: 100 # default is 500
Repository
Repository blueprint
{
"identifier": "wizRepository",
"description": "This blueprint represents a wiz repository",
"title": "Wiz Repository",
"icon": "Wiz",
"schema": {
"properties": {
"url": {
"title": "URL",
"type": "string",
"format": "url"
},
"platform": {
"title": "Platform",
"type": "string"
},
"public": {
"title": "Public",
"type": "boolean"
},
"archived": {
"title": "Archived",
"type": "boolean"
},
"visibility": {
"title": "Visibility",
"type": "string"
},
"organization": {
"title": "Organization",
"type": "string"
},
"branches": {
"title": "Branches",
"type": "array"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"relations": {}
}
Integration configuration
createMissingRelatedEntities: true
deleteDependentEntities: true
resources:
- kind: repository
selector:
query: 'true'
port:
entity:
mappings:
blueprint: '"wizRepository"'
identifier: .id
title: .name
properties:
url: .url
platform: .platform
public: .public
archived: .archived
visibility: .visibility
organization: .organization.id
branches: .branches | map(.id)
SBOM Package
SBOM package blueprint
{
"identifier": "sbomPackage",
"description": "This blueprint represents a software bill of materials (SBOM) package",
"title": "SBOM Package",
"icon": "Package",
"schema": {
"properties": {
"package": {
"icon": "DefaultProperty",
"type": "string",
"title": "Package"
},
"version": {
"icon": "DefaultProperty",
"type": "string",
"title": "Version"
},
"manager": {
"icon": "DefaultProperty",
"type": "string",
"title": "Manager"
}
},
"required": [
"package",
"version"
]
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {}
}
Integration configuration
createMissingRelatedEntities: true
deleteDependentEntities: true
resources:
- kind: vulnerability-finding
selector:
query: '.detailedName != null and .version != null'
port:
entity:
mappings:
identifier: .detailedName + "-" + .version | gsub("[^\\p{L}0-9@_.+:\\/=-]"; "")
title: .detailedName + "-" + .version | gsub("[^\\p{L}0-9@_.+:\\/=-]"; "")
blueprint: '"sbomPackage"'
properties:
version: .version
package: .detailedName
manager: .artifactType.osPackageManager // .artifactType.codeLibraryLanguage
Technology
Technology blueprint
{
"identifier": "wizTechnology",
"description": "This blueprint represents a wiz technology",
"title": "Wiz Technology",
"icon": "Wiz",
"schema": {
"properties": {
"description": {
"title": "Description",
"type": "string"
},
"categories": {
"title": "Categories",
"type": "array"
},
"usage": {
"title": "Usage",
"type": "string"
},
"status": {
"title": "Status",
"type": "string"
},
"risk": {
"title": "Risk",
"type": "string"
},
"note": {
"title": "Note",
"type": "string"
},
"ownerName": {
"title": "Owner Name",
"type": "string"
},
"businessModel": {
"title": "Business Model",
"type": "string"
},
"popularity": {
"title": "Popularity",
"type": "number"
},
"projectCount": {
"title": "Project Count",
"type": "number"
},
"codeRepoCount": {
"title": "Code Repo Count",
"type": "number"
},
"isCloudService": {
"title": "Is Cloud Service",
"type": "boolean"
},
"supportedOperatingSystems": {
"title": "Supported Operating Systems",
"type": "array"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"relations": {}
}
Integration configuration
createMissingRelatedEntities: true
deleteDependentEntities: true
resources:
- kind: technology
selector:
query: 'true'
port:
entity:
mappings:
blueprint: '"wizTechnology"'
identifier: .id
title: .name
properties:
description: .description
categories: .categories | map(.name)
usage: .usage
status: .status
risk: .risk
note: .note
ownerName: .ownerName
businessModel: .businessModel
popularity: .popularity
projectCount: .projectCount
codeRepoCount: .codeRepoCount
isCloudService: .isCloudService
supportedOperatingSystems: .supportedOperatingSystems
Hosted technology
Hosted technology blueprint
{
"identifier": "wizHostedTechnology",
"description": "This blueprint represents a wiz hosted technology",
"title": "Wiz Hosted Technology",
"icon": "Wiz",
"schema": {
"properties": {
"detectionMethods": {
"title": "Detection Methods",
"type": "array"
},
"installedPackages": {
"title": "Installed Packages",
"type": "array"
},
"firstSeen": {
"title": "First Seen",
"type": "string",
"format": "date-time"
},
"updatedAt": {
"title": "Updated At",
"type": "string",
"format": "date-time"
},
"cpe": {
"title": "CPE",
"type": "string"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"relations": {
"technology": {
"target": "wizTechnology",
"title": "Technology",
"description": "The technology that this hosted technology is associated with",
"required": false,
"many": false
}
}
}
Integration configuration
createMissingRelatedEntities: true
deleteDependentEntities: true
resources:
- kind: hosted-technology
selector:
query: 'true'
port:
entity:
mappings:
blueprint: '"wizHostedTechnology"'
identifier: .id
title: .name
properties:
detectionMethods: .detectionMethods
installedPackages: .installedPackages
firstSeen: .firstSeen
updatedAt: .updatedAt
cpe: .cpe
relations:
technology: .technology.id
Advanced configuration
The following selectors can be used to filter the data fetched from the Wiz API for Issue, Control and Service Ticket kinds:
severityList: List of severity values to filter issues by.typeList: List of type values to filter issues by.maxPages: Maximum number of pages to fetch from the Wiz API.
- Include severity list
- Include type list
- Include max pages
The severityList selector controls whether to filter results by severity of the issues. If not specified, no severity filtering is applied. This selector is valid for the issues, serviceTicket, and serviceControl kinds.
- kind: issue # one of [issue, serviceControl, serviceTicket] kinds
selector:
query: 'true'
severityList: ["HIGH", "CRITICAL", "INFORMATIONAL"]
The typeList selector optionally restricts returned results to specific issue types. If not specified, no type filtering is applied. This selector is valid for the issues, serviceTicket, and serviceControl kinds.
- kind: issue # one of the supported kinds: issue, serviceControl, serviceTicket
selector:
query: 'true'
typeList: ["TOXIC_COMBINATION", "THREAT_DETECTION"]
Wiz issues can grow to an extremely large volume, which may significantly increase the time required to complete a resync for the integration. To help manage this, use the maxPages selector to control how many pages the integration fetches from the Wiz API. The default value is 500, which ingests up to 50,000 results since each page contains 100 results.
- kind: issue # one of the supported kinds: issue, serviceControl, serviceTicket
selector:
query: 'true'
maxPages: 100 # default is 500
Performance impact
Setting high values for maxPages may significantly prolong the sync process. Consider increasing this value only when it is truly necessary.