Wiz connector for Microsoft Sentinel
The Wiz connector allows you to easily send Wiz Issues, Vulnerability Findings, and Audit logs to Microsoft Sentinel.
This is autogenerated content. For changes, contact the solution provider.
Connector attributes
Connector attribute | Description |
---|---|
Log Analytics table(s) | WizIssues_CL WizVulnerabilities_CL WizAuditLogs_CL |
Data collection rules support | Not currently supported |
Supported by | Wiz |
Query samples
Summary by Issues's severity
WizIssues_CL
| summarize Count=count() by severity_s
Prerequisites
To integrate with Wiz make sure you have:
- Microsoft.Web/sites permissions: Read and write permissions to Azure Functions to create a Function App is required. See the documentation to learn more about Azure Functions.
- Wiz Service Account credentials: Ensure you have your Wiz service account client ID and client secret, API endpoint URL, and auth URL. Instructions can be found on Wiz documentation.
Vendor installation instructions
Note
This connector: Uses Azure Functions to connect to Wiz API to pull Wiz Issues, Vulnerability Findings, and Audit Logs into Microsoft Sentinel. This might result in additional data ingestion costs. Check the Azure Functions pricing page for details. Creates an Azure Key Vault with all the required parameters stored as secrets.
STEP 1 - Get your Wiz credentials
Follow the instructions on Wiz documentation to get the erquired credentials.
STEP 2 - Deploy the connector and the associated Azure Function
IMPORTANT: Before deploying the Wiz Connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Wiz credentials from the previous step.
Option 1: Deploy using the Azure Resource Manager (ARM) Template
Click the Deploy to Azure button below.
Select the preferred Subscription, Resource Group and Location.
Enter the following parameters:
- Choose KeyVaultName and FunctionName for the new resources
- Enter the following Wiz credentials from step 1: WizAuthUrl, WizEndpointUrl, WizClientId, and WizClientSecret
- Enter the Workspace credentials AzureLogsAnalyticsWorkspaceId and AzureLogAnalyticsWorkspaceSharedKey
- Choose the Wiz data types you want to send to Microsoft Sentinel, choose at least one from Wiz Issues, Vulnerability Findings, and Audit Logs.
- (optional) follow Wiz documentation to add IssuesQueryFilter, VulnerbailitiesQueryFilter, and AuditLogsQueryFilter.
- Mark the checkbox labeled I agree to the terms and conditions stated above.
- Click Purchase to deploy.
Option 2: Manual Deployment of the Azure Function
Follow Wiz documentation to deploy the connector manually.