Official

Premium

Wiz source integration documentation

Sync from Wiz to any destination

Publisher

cloudquery

Latest version

v4.11.0

Type

Source

Platforms

Date Published

Start Syncing

Overview Licenses

Overview #

The CloudQuery Wiz source plugin pulls data out of Wiz Integration (WIN) platform and loads it into any supported CloudQuery destination (e.g. PostgreSQL, BigQuery, Snowflake, and more).

Authentication #

In order to fetch information from Wiz, cloudquery needs to be authenticated and configured with valid Service Account credentials. These are:

api_endpoint_url
client_id
client_secret
token_url

Wiz Source Plugin Configuration Reference

Example #

This example syncs from Wiz to a Postgres destination. The (top level) source spec section is described in the Source Spec Reference.

kind: source
# Common source-plugin configuration
spec:
  name: wiz
  path: cloudquery/wiz
  registry: cloudquery
  version: "v4.11.0"
  tables:
    - "*"
  destinations: ["postgresql"]

  # Learn more about the configuration options at https://cql.ink/wiz_source
  spec:
    # required parameters
    api_endpoint_url: "${WIZ_API_ENDPOINT_URL}"
    client_id: "${WIZ_CLIENT_ID}"
    client_secret: "${WIZ_CLIENT_SECRET}"
    
    # optional parameters
    # token_url: "${WIZ_TOKEN_URL}"
    # report_polling_interval: 5
    # concurrency: 3

Wiz Spec #

This is the (nested) spec used by the Wiz source plugin.

api_endpoint_url (string) (required) (example: https://api.us17.app.wiz.io/graphql)
API Endpoint URL for your Wiz tenant.
client_id (string) (required)
The Client ID used to generate authentication tokens for the Wiz API. This is generated through the Wiz platform.
client_secret (string) (required)
The Client Secret used to generate authentication tokens for the Wiz API. This is generated through the Wiz platform.
token_url (string) (default: https://auth.app.wiz.io/oauth/token)
The authentication token URL for the Wiz API.
report_polling_interval (string) (default: 5)
Interval in seconds for polling the status of a report.
concurrency (integer) (optional) (default: 1000)
A best effort maximum number of Go routines to use. Lower this number to reduce memory usage.
scheduler (string) (optional) (default: dfs)
The scheduler to use when determining the priority of resources to sync. Supported values are dfs (depth-first search), round-robin, shuffle and shuffle-queue.
For more information about this, see performance tuning.
table_options (map) (default: null)
A set of options to override the defaults for certain tables.
The format of the table_options object is as follows:
```
table_options:
  <table_name>:
    <input_object>
```
A list of <input_object> objects should be provided. The plugin will iterate through these to make multiple API calls. The following tables and default options are supported:
```
table_options:
  wiz_cloud_configuration_findings:
    include_deleted: true
    status: ["OPEN", "IN_PROGRESS", "RESOLVED", "REJECTED"]
```

Some tables support a special table option called time_window_size_days, which allows you to specify the window size that the sync will use to split the initial report. This is useful for large datasets where you want to limit the size, as the Wiz API may fail to generate very large reports

Licenses #

The following tools / packages are used in this plugin:

Name	License
github.com/99designs/gqlgen/graphql	MIT
github.com/Yamashou/gqlgenc	MIT
github.com/adrg/xdg	MIT
github.com/apache/arrow-go/v18	Apache-2.0
github.com/apache/arrow/go/v13	Apache-2.0
github.com/apapsch/go-jsonmerge/v2	MIT
github.com/aws/aws-sdk-go-v2	Apache-2.0
github.com/aws/aws-sdk-go-v2/config	Apache-2.0
github.com/aws/aws-sdk-go-v2/credentials	Apache-2.0
github.com/aws/aws-sdk-go-v2/feature/ec2/imds	Apache-2.0
github.com/aws/aws-sdk-go-v2/internal/configsources	Apache-2.0
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2	Apache-2.0
github.com/aws/aws-sdk-go-v2/internal/ini	Apache-2.0
github.com/aws/aws-sdk-go-v2/internal/sync/singleflight	BSD-3-Clause
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding	Apache-2.0
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	Apache-2.0
github.com/aws/aws-sdk-go-v2/service/licensemanager	Apache-2.0
github.com/aws/aws-sdk-go-v2/service/marketplacemetering	Apache-2.0
github.com/aws/aws-sdk-go-v2/service/signin	Apache-2.0
github.com/aws/aws-sdk-go-v2/service/sso	Apache-2.0
github.com/aws/aws-sdk-go-v2/service/ssooidc	Apache-2.0
github.com/aws/aws-sdk-go-v2/service/sts	Apache-2.0
github.com/aws/smithy-go	Apache-2.0
github.com/aws/smithy-go/internal/sync/singleflight	BSD-3-Clause
github.com/bahlo/generic-list-go	BSD-3-Clause
github.com/buger/jsonparser	MIT
github.com/cenkalti/backoff/v5	MIT
github.com/cespare/xxhash/v2	MIT
github.com/cloudquery/cloudquery-api-go	MPL-2.0
github.com/cloudquery/codegen/jsonschema/docs	MPL-2.0
github.com/cloudquery/plugin-pb-go	MPL-2.0
github.com/cloudquery/plugin-sdk/v2/internal/glob	MIT
github.com/cloudquery/plugin-sdk/v2/schema	MIT
github.com/cloudquery/plugin-sdk/v2/types	MPL-2.0
github.com/cloudquery/plugin-sdk/v4	MPL-2.0
github.com/cloudquery/plugin-sdk/v4/glob	MIT
github.com/cloudquery/plugin-sdk/v4/scalar	MIT
github.com/davecgh/go-spew/spew	ISC
github.com/ghodss/yaml	MIT
github.com/go-logr/logr	Apache-2.0
github.com/go-logr/stdr	Apache-2.0
github.com/goccy/go-json	MIT
github.com/golang/mock/gomock	Apache-2.0
github.com/google/flatbuffers/go	Apache-2.0
github.com/google/uuid	BSD-3-Clause
github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors	Apache-2.0
github.com/grpc-ecosystem/grpc-gateway/v2	BSD-3-Clause
github.com/hashicorp/go-cleanhttp	MPL-2.0
github.com/hashicorp/go-retryablehttp	MPL-2.0
github.com/invopop/jsonschema	MIT
github.com/jszwec/csvutil	MIT
github.com/klauspost/compress	Apache-2.0
github.com/klauspost/compress/internal/snapref	BSD-3-Clause
github.com/klauspost/compress/zstd/internal/xxhash	MIT
github.com/mailru/easyjson	MIT
github.com/mattn/go-colorable	MIT
github.com/mattn/go-isatty	MIT
github.com/oapi-codegen/runtime	Apache-2.0
github.com/pierrec/lz4/v4	BSD-3-Clause
github.com/pmezard/go-difflib/difflib	BSD-3-Clause
github.com/rs/zerolog	MIT
github.com/samber/lo	MIT
github.com/santhosh-tekuri/jsonschema/v6	Apache-2.0
github.com/sosodev/duration	MIT
github.com/spf13/cobra	Apache-2.0
github.com/spf13/pflag	BSD-3-Clause
github.com/stretchr/testify	MIT
github.com/thoas/go-funk	MIT
github.com/vektah/gqlparser/v2	MIT
github.com/wk8/go-ordered-map/v2	Apache-2.0
github.com/zeebo/xxh3	BSD-2-Clause
go.opentelemetry.io/auto/sdk	Apache-2.0
go.opentelemetry.io/otel	Apache-2.0
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp	Apache-2.0
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp	Apache-2.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace	Apache-2.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	Apache-2.0
go.opentelemetry.io/otel/log	Apache-2.0
go.opentelemetry.io/otel/metric	Apache-2.0
go.opentelemetry.io/otel/sdk	Apache-2.0
go.opentelemetry.io/otel/sdk/log	Apache-2.0
go.opentelemetry.io/otel/sdk/metric	Apache-2.0
go.opentelemetry.io/otel/trace	Apache-2.0
go.opentelemetry.io/proto/otlp	Apache-2.0
golang.org/x/exp	BSD-3-Clause
golang.org/x/net	BSD-3-Clause
golang.org/x/oauth2	BSD-3-Clause
golang.org/x/sync	BSD-3-Clause
golang.org/x/sys	BSD-3-Clause
golang.org/x/text	BSD-3-Clause
golang.org/x/time/rate	BSD-3-Clause
golang.org/x/xerrors	BSD-3-Clause
google.golang.org/genproto/googleapis/api/httpbody	Apache-2.0
google.golang.org/genproto/googleapis/rpc/status	Apache-2.0
google.golang.org/grpc	Apache-2.0
google.golang.org/protobuf	BSD-3-Clause
gopkg.in/yaml.v2	Apache-2.0
gopkg.in/yaml.v3	MIT

Loading plugin documentation

Overview #

The CloudQuery Wiz source plugin pulls data out of Wiz Integration (WIN) platform and loads it into any supported CloudQuery destination (e.g. PostgreSQL, BigQuery, Snowflake, and more).

Authentication #

In order to fetch information from Wiz, cloudquery needs to be authenticated and configured with valid Service Account credentials. These are:

api_endpoint_url
client_id
client_secret
token_url

Wiz Source Plugin Configuration Reference

Example #

This example syncs from Wiz to a Postgres destination. The (top level) source spec section is described in the Source Spec Reference.

kind: source
# Common source-plugin configuration
spec:
  name: wiz
  path: cloudquery/wiz
  registry: cloudquery
  version: "v4.11.0"
  tables:
    - "*"
  destinations: ["postgresql"]

  # Learn more about the configuration options at https://cql.ink/wiz_source
  spec:
    # required parameters
    api_endpoint_url: "${WIZ_API_ENDPOINT_URL}"
    client_id: "${WIZ_CLIENT_ID}"
    client_secret: "${WIZ_CLIENT_SECRET}"
    
    # optional parameters
    # token_url: "${WIZ_TOKEN_URL}"
    # report_polling_interval: 5
    # concurrency: 3

Wiz Spec #

This is the (nested) spec used by the Wiz source plugin.

api_endpoint_url (string) (required) (example: https://api.us17.app.wiz.io/graphql)
API Endpoint URL for your Wiz tenant.
client_id (string) (required)
The Client ID used to generate authentication tokens for the Wiz API. This is generated through the Wiz platform.
client_secret (string) (required)
The Client Secret used to generate authentication tokens for the Wiz API. This is generated through the Wiz platform.
token_url (string) (default: https://auth.app.wiz.io/oauth/token)
The authentication token URL for the Wiz API.
report_polling_interval (string) (default: 5)
Interval in seconds for polling the status of a report.
concurrency (integer) (optional) (default: 1000)
A best effort maximum number of Go routines to use. Lower this number to reduce memory usage.
scheduler (string) (optional) (default: dfs)
The scheduler to use when determining the priority of resources to sync. Supported values are dfs (depth-first search), round-robin, shuffle and shuffle-queue.
For more information about this, see performance tuning.
table_options (map) (default: null)
A set of options to override the defaults for certain tables.
The format of the table_options object is as follows:
```
table_options:
  <table_name>:
    <input_object>
```
A list of <input_object> objects should be provided. The plugin will iterate through these to make multiple API calls. The following tables and default options are supported:
```
table_options:
  wiz_cloud_configuration_findings:
    include_deleted: true
    status: ["OPEN", "IN_PROGRESS", "RESOLVED", "REJECTED"]
```

Name

License

github.com/99designs/gqlgen/graphql

MIT

github.com/Yamashou/gqlgenc

MIT

github.com/adrg/xdg

MIT

github.com/apache/arrow-go/v18

Apache-2.0

github.com/apache/arrow/go/v13

Apache-2.0

github.com/apapsch/go-jsonmerge/v2

MIT

github.com/aws/aws-sdk-go-v2

Apache-2.0

github.com/aws/aws-sdk-go-v2/config

Apache-2.0

github.com/aws/aws-sdk-go-v2/credentials

Apache-2.0

github.com/aws/aws-sdk-go-v2/feature/ec2/imds

Apache-2.0

github.com/aws/aws-sdk-go-v2/internal/configsources

Apache-2.0

github.com/aws/aws-sdk-go-v2/internal/endpoints/v2

Apache-2.0

github.com/aws/aws-sdk-go-v2/internal/ini

Apache-2.0

github.com/aws/aws-sdk-go-v2/internal/sync/singleflight

BSD-3-Clause

github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding

Apache-2.0

github.com/aws/aws-sdk-go-v2/service/internal/presigned-url

Apache-2.0

github.com/aws/aws-sdk-go-v2/service/licensemanager

Apache-2.0

github.com/aws/aws-sdk-go-v2/service/marketplacemetering

Apache-2.0

github.com/aws/aws-sdk-go-v2/service/signin

Apache-2.0

github.com/aws/aws-sdk-go-v2/service/sso

Apache-2.0

github.com/aws/aws-sdk-go-v2/service/ssooidc

Apache-2.0

github.com/aws/aws-sdk-go-v2/service/sts

Apache-2.0

github.com/aws/smithy-go

Apache-2.0

github.com/aws/smithy-go/internal/sync/singleflight

BSD-3-Clause

github.com/bahlo/generic-list-go

BSD-3-Clause

github.com/buger/jsonparser

MIT

github.com/cenkalti/backoff/v5

MIT

github.com/cespare/xxhash/v2

MIT

github.com/cloudquery/cloudquery-api-go

MPL-2.0

github.com/cloudquery/codegen/jsonschema/docs

MPL-2.0

github.com/cloudquery/plugin-pb-go

MPL-2.0

github.com/cloudquery/plugin-sdk/v2/internal/glob

MIT

github.com/cloudquery/plugin-sdk/v2/schema

MIT

github.com/cloudquery/plugin-sdk/v2/types

MPL-2.0

github.com/cloudquery/plugin-sdk/v4

MPL-2.0

github.com/cloudquery/plugin-sdk/v4/glob

MIT

github.com/cloudquery/plugin-sdk/v4/scalar

MIT

github.com/davecgh/go-spew/spew

ISC

github.com/ghodss/yaml

MIT

github.com/go-logr/logr

Apache-2.0

github.com/go-logr/stdr

Apache-2.0

github.com/goccy/go-json

MIT

github.com/golang/mock/gomock

Apache-2.0

github.com/google/flatbuffers/go

Apache-2.0

github.com/google/uuid

BSD-3-Clause

github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors

Apache-2.0

github.com/grpc-ecosystem/grpc-gateway/v2

BSD-3-Clause

github.com/hashicorp/go-cleanhttp

MPL-2.0

github.com/hashicorp/go-retryablehttp

MPL-2.0

github.com/invopop/jsonschema

MIT

github.com/jszwec/csvutil

MIT

github.com/klauspost/compress

Apache-2.0

github.com/klauspost/compress/internal/snapref

BSD-3-Clause

github.com/klauspost/compress/zstd/internal/xxhash

MIT

github.com/mailru/easyjson

MIT

github.com/mattn/go-colorable

MIT

github.com/mattn/go-isatty

MIT

github.com/oapi-codegen/runtime

Apache-2.0

github.com/pierrec/lz4/v4

BSD-3-Clause

github.com/pmezard/go-difflib/difflib

BSD-3-Clause

github.com/rs/zerolog

MIT

github.com/samber/lo

MIT

github.com/santhosh-tekuri/jsonschema/v6

Apache-2.0

github.com/sosodev/duration

MIT

github.com/spf13/cobra

Apache-2.0

github.com/spf13/pflag

BSD-3-Clause

github.com/stretchr/testify

MIT

github.com/thoas/go-funk

MIT

github.com/vektah/gqlparser/v2

MIT

github.com/wk8/go-ordered-map/v2

Apache-2.0

github.com/zeebo/xxh3

BSD-2-Clause

go.opentelemetry.io/auto/sdk

Apache-2.0

go.opentelemetry.io/otel

Apache-2.0

go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp

Apache-2.0

go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp

Apache-2.0

go.opentelemetry.io/otel/exporters/otlp/otlptrace

Apache-2.0

go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp

Apache-2.0

go.opentelemetry.io/otel/log

Apache-2.0

go.opentelemetry.io/otel/metric

Apache-2.0

go.opentelemetry.io/otel/sdk

Apache-2.0

go.opentelemetry.io/otel/sdk/log

Apache-2.0

go.opentelemetry.io/otel/sdk/metric

Apache-2.0

go.opentelemetry.io/otel/trace

Apache-2.0

go.opentelemetry.io/proto/otlp

Apache-2.0

golang.org/x/exp

BSD-3-Clause

golang.org/x/net

BSD-3-Clause

golang.org/x/oauth2

BSD-3-Clause

golang.org/x/sync

BSD-3-Clause

golang.org/x/sys

BSD-3-Clause

golang.org/x/text

BSD-3-Clause

golang.org/x/time/rate

BSD-3-Clause

golang.org/x/xerrors

BSD-3-Clause

google.golang.org/genproto/googleapis/api/httpbody

Apache-2.0

google.golang.org/genproto/googleapis/rpc/status

Apache-2.0

google.golang.org/grpc

Apache-2.0

google.golang.org/protobuf

BSD-3-Clause

gopkg.in/yaml.v2

Apache-2.0

gopkg.in/yaml.v3

MIT