WIZ CNAPP 的来源配置
与 Wiz CNAPP 集成
Wiz 是一个云原生应用程序保护平台(CNAPP),可在多云环境中提供全面的可见性和安全性。CloudWatch 管道使用 Wiz GraphQL API 从云基础设施中检索有关安全状况、漏洞、错误配置、威胁和审计活动的信息。Wiz GraphQL API 支持通过灵活的 GraphQL 查询访问安全数据,允许从 Wiz 平台中检索审计日志、问题、漏洞调查发现、配置调查发现和检测。
使用 Wiz CNAPP 进行身份验证
要读取 Wiz Cnapp 审计日志,管道需要使用您的账户进行身份验证。该插件支持 OAuth2 身份验证机制。按照以下说明开始使用。
-
在 Wiz 中创建具有适当权限的服务账户。您必须以 Wiz 用户身份登录,且对服务账户拥有写入(W)权限。
-
配置服务账户,获取新创建的客户端 ID 和客户端密钥。
-
在 Amazon Secrets Manager 中创建密钥,将应用程序(客户端)ID 存储在
client_id键下,将客户端密钥存储在client_secret键下。 -
为您的服务账户配置 API 权限(范围)。
所需的范围:
read:issues、read:detections、read:cloud_events_cloud、read:cloud_events_sensor、read:security_scans、read:vulnerabilities、read:cloud_configuration、admin:audit -
识别您的 GraphQL API 端点:要查找特定端点,请查看 Wiz 门户中的租户信息。Wiz GraphQL API 端点是
https://api.<region>.app.wiz.io/graphql,其中<region>对应于 Wiz 租户的数据中心(例如 us1、us2、eu1、eu2)。
配置 CloudWatch 管道
将管道配置为从 Wiz 读取审计日志时,请选择 Wiz CNAPP 作为数据来源。填写必填信息,例如“区域”。创建管道后,数据将在选定的 CloudWatch Logs 日志组中可用。
支持的开放式网络安全架构框架事件类
此集成支持 OCSF 架构版本 1.5.0 以及映射到“检测调查发现”(2004)、“漏洞调查发现”(2002)、“合规性调查发现”(2003)、“身份验证”(3002)和“API 活动”(6003)的事件。
检测调查发现包含来自以下来源的所有事件:
问题
检测
漏洞调查发现包含来自以下来源的所有事件:
漏洞调查发现
合规性调查发现包含来自以下来源的所有事件:
云配置调查发现
身份验证包含来自以下来源和给定操作的事件:
审核日志
DeviceLogin
登录
API 活动包含来自以下来源和给定操作的事件:
审核日志
AddSecurityScan
AddSupportTicketContext
AiAssistantSendMessage
ApproveCopyResourceForensicsSettings...
AssociateServiceTicket
CancelReportRun
ClearUIUserPreferences
CompleteAuthMigration
ConvertGitHubAppRegistrationCode
CopyResourceForensicsToExternalAccount
CreateActionTemplate
CreateApplicationServiceDiscoveryRule
CreateAutomationRule
CreateCICDScanPolicy
CreateCloudConfigurationFindingNote
CreateCloudConfigurationRule
CreateCloudConfigurationRules
CreateCloudEventRule
CreateComputeGroupTagsSet
CreateConnector
CreateControl
CreateCustomIPRange
CreateDashboard
CreateDashboardWidget
CreateDataClassifier
CreateDigitalTrustCustomDomain
CreateFileIntegrityMonitoringExclusion
CreateHostConfigurationAssessmentNote
CreateHostConfigurationRule
CreateIgnoreRule
CreateImageIntegrityValidator
CreateIntegration
CreateIssueNote
CreateMalwareExclusion
CreateMonitoredMetric
CreateOutpost
CreateOutpostCluster
CreatePolicyPackage
CreatePortalView
CreateProject
CreateRemediationAndResponseDeployment
CreateRemediationPullRequest
CreateReport
CreateRuntimeResponsePolicy
CreateSAMLIdentityProvider
CreateSAMLUser
CreateSavedCloudEventFilter
CreateSavedGraphQuery
CreateScannerAPIRateLimit
CreateSecurityFramework
CreateServiceAccount
CreateSupportTicket
CreateTestNode
CreateUser
CreateUserRole
CreateVulnerabilityFindingNote
DeleteActionTemplate
DeleteApplicationServiceDiscoveryRule
DeleteAutomationRule
DeleteCICDScan
DeleteCICDScanPolicy
DeleteCloudConfigurationFindingNote
DeleteCloudConfigurationRule
DeleteCloudEventRule
DeleteComputeGroupTagsSet
DeleteConnector
DeleteControl
DeleteCustomIPRange
DeleteDashboard
DeleteDashboardWidget
DeleteDataClassifier
DeleteDigitalTrustCustomDomain
DeleteFileIntegrityMonitoringExclusion
DeleteHostConfigurationAssessmentNote
DeleteHostConfigurationRule
DeleteIgnoreRule
DeleteImageIntegrityValidator
DeleteIntegration
DeleteIssueNote
DeleteMalwareExclusion
DeleteMonitoredMetric
DeleteOutpost
DeleteOutpostCluster
DeletePolicyPackage
DeletePortalView
DeleteProject
DeleteRemediationAndResponseDeployment
DeleteReport
DeleteRuntimeResponsePolicy
DeleteSAMLIdentityProvider
DeleteSavedCloudEventFilter
DeleteSavedGraphQuery
DeleteScannerAPIRateLimit
DeleteSecurityFramework
DeleteSecurityScan
DeleteServiceAccount
DeleteTestNode
DeleteUser
DeleteUserRole
DeleteVulnerabilityFindingNote
DisassociateServiceTicket
DuplicateDashboard
DuplicateDataClassifier
DuplicateHostConfigurationRule
DuplicateSecurityFramework
DuplicateUserRole
FinalizeCICDScan
FinalizeCICDScanTelemetry
GenerateWizContainerRegistryToken
GraphSearch
InitiateCICDScanTelemetry
InitiateDiskScanContainerImage
InitiateDiskScanDirectory
InitiateDiskScanVirtualMachine
InitiateDiskScanVirtualMachineImage
InitiateIACScan
InvokeOutpostClusterUpdate
LegalConsent
MergeDiscoveredApplicationService
MigrateUsers
ModifySAMLIdentityProviderGroupMappings
ModifySAMLIdentityProviderPortalView...
PromoteDiscoveredApplicationService
ProvideAiFeedback
ProvideAiGraphQueryExample
ProvideAiGraphQueryFeedback
ProvideIssueFeedback
ReassessIssue
RefreshResponseActions
RegisterAgent
ReportIDEActivityHeartbeat
ReportIDEAnalytics
RequestConnectorEntityScan
RequestConnectorScan
RerunReport
ResetUserPassword
RevokeSessions
RevokeUserSessions
RotateServiceAccountSecret
RunAllControls
RunCloudConfigurationRule
RunControl
RunControlsIntegrationAction
RunIssuesIntegrationAction
RunOutpostClusterUpdate
RunResponseAction
SAMLUserInitialProvision
SendUserEmailInvite
TagCICDScan
TokenDeviceRefresh
TokenRefresh
UninstallOutpost
UpdateAiSettings
UpdateApplicationServiceDiscoveryRule
UpdateAutomationRule
UpdateBasicAuthSettings
UpdateCICDScanPolicy
UpdateChampionCenterJourneyItem
UpdateCloudConfigurationFinding
UpdateCloudConfigurationRule
UpdateCloudConfigurationRules
UpdateCloudCostSettings
UpdateCloudEventRule
UpdateCloudEventRules
UpdateCloudEventSettings
UpdateComputeGroupTagsSet
UpdateConnector
UpdateContainerRegistryCustomScannin...
UpdateContainerRegistryGlobalScannin...
UpdateControl
UpdateControls
UpdateCopyResourceForensicsSettings
UpdateCustomIPRange
UpdateCustomIPRangesSettings
UpdateCustomUserRolesSettings
UpdateDashboard
UpdateDashboardSettings
UpdateDashboardWidget
UpdateDataClassifier
UpdateDataFinding
UpdateDataScannerSettings
UpdateDigitalTrustCustomDomain
UpdateDigitalTrustDashboardSettings
UpdateDigitalTrustSAMLIdentityProvider
UpdateDiscoveredApplicationServices
UpdateEventTriggeredScanningSettings
UpdateExternalExposureScannerSettings
UpdateExternalExposureSettings
UpdateFileIntegrityMonitoringExclusion
UpdateFileIntegrityMonitoringSettings
UpdateForensicsPackageSettings
UpdateGraphEntity
UpdateHostConfigurationRule
UpdateHostConfigurationRuleAssessment
UpdateHostConfigurationRules
UpdateIPRestrictions
UpdateIgnoreRule
UpdateImageIntegrityValidator
UpdateIntegration
UpdateInternalExposureSettings
UpdateIssue
UpdateIssueNote
UpdateIssueSettings
UpdateIssues
UpdateKubernetesGlobalScanningConfig...
UpdateLoginSettings
UpdateMalwareExclusion
UpdateMonitoredMetric
UpdateMonitoredMetricSettings
UpdateNode
UpdateNonOSDiskScanningSettings
UpdateNotificationSettings
UpdateOutpost
UpdateOutpostCluster
UpdatePolicyPackage
UpdatePortalInactivityTimeoutSettings
UpdatePortalSettings
UpdatePortalView
UpdatePreviewHubItem
UpdateProject
UpdateRemediationAndResponseDeployment
UpdateReport
UpdateReportSettings
UpdateRepositorySettings
UpdateResponseAction
UpdateResponseActions
UpdateRuntimeResponsePolicy
UpdateSAMLIdentityProvider
UpdateSavedCloudEventFilter
UpdateSavedGraphQuery
UpdateScannerAPIRateLimit
UpdateScannerExclusionSettingsConstr...
UpdateScannerExclusionSettingsTimeLi...
UpdateScannerExclusionSizeLimits
UpdateScannerExclusionTags
UpdateScannerResourceTagSettings
UpdateScannerResourceTags
UpdateScannerSettings
UpdateSecretInstance
UpdateSecurityFramework
UpdateSecurityScan
UpdateServiceAccount
UpdateSessionLifetimeSettings
UpdateSupportContactList
UpdateSystemHealthIssue
UpdateSystemHealthIssues
UpdateTechnology
UpdateTenantNewsletterSettings
UpdateUIUserPreferences
UpdateUser
UpdateUserRole
UpdateUserSelectedPortalView
UpdateVersionControlOrganizationSett...
UpdateVersionControlRepositorySettings
UpdateViewerPreferences
UpdateVulnerability
UpdateVulnerabilityAssessmentSettings
UpdateVulnerabilityFinding
UpdateVulnerabilityFindingStatus
UpsertAgentTelemetry