Configure Wiz as a finding source

Integrating Wiz with Opus enables you to reduce cloud risk by building and utilizing built-in workflows triggered by security events sent from Wiz, streamlining cloud security orchestration and remediation processes across teams and the cloud stack. Turning data into actionable insights and quickly remediating cloud security risks enables SecOps to switch to proactive security by tracing any issue to its root cause, providing automated remediation paths, and controlling risk exposure from cloud to code.

Before you begin

The prerequisites are:

  1. An Opus user with sufficient permissions to add connections & finding sources
  2. Opus service account in Wiz with read:issues, read:cloud_configuration, read:vulnerabilities, update:issues permissions.

Integration steps

Step 1: Create an Opus service role for custom integration (GraphQL API) in Wiz

Step 2: Add Wiz integration in Opus

Step 3: Add Wiz finding-source in Opus

Step 4: Add Opus integration in Wiz

Step 5: Create Opus automation rule in Wiz


Add a Wiz connection in Opus.

  1. Log in to your Opus tenant.
  2. On the left, click Integrations and select finding source
  3. Search for wiz and click add connection

  1. Name the connection.
  2. Add the tenant datacenter, Tenant datacenter can be found here.
  3. Add the client id and secret from the Opus service role created previously.

  1. click verify connectivity & connect and then "Enable Polling"

Fill in the polling

fill in the polling interval (24h usually will suffice) interval and comma separated project ids if you don't want all findings to be fetched.

Add an Automation Rule for Opus.

An Automation Rule runs an Action using a pre-defined Integration when its logical criteria are met, e.g. "send a Slack message to the head of DevOps when a critical severity Issue is generated on a resource in the Project named 'prod'". Learn about Integrations, Actions, and Automation Rules.

When you add an Automation Rule, you can use an existing Action template or define the Action parameters manually.

To add an Automation Rule:

  1. On the Settings > Response and Automation > Automation Rules, click Add Rule.
  2. Enter a short but meaningful Name.
  3. (Optional) Enter a longer description.
  4. Select a Project Scope.
  5. In the Rule Conditions section, define:
WHENAn Automation Rule can be triggered by Issue or cloud event creation, a change of Issue state, or a change in the number of Issues associated with a Control:
Created—When an Issue or Cloud Event is first created
IFClick Add filter then define the filter criteria. Repeat for each additional filter.
THENOpus integration
  1. (Recommended) Scroll to the bottom of the page to preview the existing Issues or cloud events that match the selected "IF" filters. Verify that the filter results match your expectations.

    📘

    The new Automation Rule will not be triggered for all existing Issues or cloud events shown in the preview, only for future Issues or cloud events that meet the selected criteria.

  2. Click Add Rule.

👍

And you're done!