Wiz
Overview
Section titled “Overview”Integrate your Risk Register with Wiz. Each Wiz issue is imported as its own risk record. Only Cloud Configuration and Toxic Combination issue types are imported — Threat Detection issues are not included. Only issues with severity Low, Medium, High, or Critical are imported; Informational issues are excluded.
- Source: Attack Surface Monitoring
- Type: Configuration
- Opened By: “Wiz Integration”
The integration can be enabled directly from your Adversarial tenant via Settings > Integrations. The necessary details to connect your Wiz environment are the API Client ID and Client Secret from a service account scoped to read issues.
Data Flow
Section titled “Data Flow”This is a one-way, ingest-only integration:
- Each Wiz issue creates its own risk record in Adversarial.
- Subsequent syncs update the title, description, status, dates, urgency, and other content fields of existing records.
- Status is always synced from Wiz, including re-opening closed risks if the Wiz issue is re-opened. Two guard rules prevent churn: a closed risk won’t move to Closure Proposed (avoids reopening just to re-close), and a risk scored by the platform (Urgency Proposed) won’t regress to New.
Status Mapping
Section titled “Status Mapping”Wiz issue status is mapped to an Adversarial risk status using both the status and the resolution reason (sub-reason):
| Wiz Status | Resolution Reason | Adversarial Status | Notes |
|---|---|---|---|
| Open | — | New | |
| In Progress | — | Remediation | |
| Resolved | Object Deleted | Closed | Resource no longer exists |
| Resolved | (any other) | Closure Proposed | Closed Date carried over |
| Rejected | Exception | Remediation | Time-bound exception; Expected Date set from expiry |
| Rejected | (any other) | Closed |
Severity Mapping
Section titled “Severity Mapping”Wiz severity maps directly to Adversarial urgency:
| Wiz Severity | Adversarial Urgency |
|---|---|
| Critical | Critical |
| High | High |
| Medium | Medium |
| Low | Low |
Informational severity issues are not imported.
Risk Description
Section titled “Risk Description”Each imported risk includes a detailed Markdown description assembled from the Wiz issue data. The description contains the following sections (when data is available):
- Rule description — The security finding explanation from the source rule.
- Projects — Wiz project names, with business unit in parentheses if present.
- Resource details — Resource name, type, cloud platform, region, subscription, and Kubernetes cluster/namespace.
- Resource tags — Cloud resource tags shown as key-value pairs.
- Resolution context — Only shown for resolved or rejected issues: resolution reason, resolution note, and rejection expiry date.
- Service tickets — Links to external tickets (e.g. Jira, ServiceNow) associated with the Wiz issue.
- Notes — Analyst notes from Wiz, with author and timestamp.
- View in Wiz — Direct links to the rule definition and the issue in the Wiz console.
| Adversarial Field | Source |
|---|---|
| Discovered Date | Wiz issue created date, or updated date for reopened issues (see below) |
| Closed Date | Wiz resolved date (for Resolved and non-Exception Rejected issues) |
| Expected Date | Wiz rejection expiry (Exception rejections only) |
Reopened issues
Section titled “Reopened issues”When a previously closed Wiz issue is reopened, the Discovered Date is reset to the reopen timestamp (updated_at from Wiz) instead of the original created date. This prevents the time the issue spent closed from inflating time-to-remediate on the Remediation Agility chart.
The following Wiz open reasons are treated as reopens:
- Issue Resurfaced — a resolved issue has reappeared
- Reopened by User — a user manually reopened the issue
- Rejection Expired — a rejection/exception expired, reopening the issue
All other open reasons (e.g. first seen, resource created) continue to use the original created date.