WebsiteTest Drive

Wiz

Wiz

The Dropzone AI platform integrates with Wiz APIs to ingest security findings and enrich investigations with context from Wiz such as cloud configurations, vulnerabilities, and exposure data.

Integrations Overview

To enable these integrations you will perform the following actions:

  • Locate your Tenant Region

  • Create a new service account

Tenant Region

To locate your Wiz tenant region, do the following:

  • In the upper right corner of your Wiz console, click the User icon

  • Navigate to User Settings

Click User Settings

  • Under "User Settings," click "Tenant"

Click Tenant

  • Copy the value shown under "Tenant Data Center" for use later in the Dropzone UI where it will be called "Tenant Region"

Copy the Tenant Region

Create a Wiz service account

To create a Wiz service account, do the following:

  • In your Wiz console, navigate to Settings > Service Accounts

Navigate to Service Accounts

  • In the upper right, click "+ Add Service Account"

Add Service Account

  • Name the account something memorable, such as "Dropzone AI"

  • Select the projects you want Dropzone to have access to

Create Service Account (pt 1)

  • In the API Scopes section, assign the following scopes to the account:

    • read:excessive_access_findings

    • read:data_findings

    • read:network_exposure

    • read:resources

    • read:cloud_configuration

    • read:vulnerabilities

    • read:issues

Create Service Account (pt 2)

  • At the bottom of the page, click "Add Service Account"

Create Service Account (pt 3)

  • Copy the Client ID and Client Secret values for use later in the Dropzone UI where they are called "Client ID" and "Client Secret," respectively

  • Click "Finish"

Copy the credentials

Enable Wiz

To enable the Alert Source integration, you'll need the following information:

Dropzone Field
Source

Wiz Environment

Your Wiz Environment, e.g. commercial, gov cloud, etc

Wiz Tenant Region

The Wiz Tenant Region value you copied earlier

Client ID

The Client ID value copied earlier

Client Secret

The Client Secret value copied earlier

To enable the Alert Source integration, do the following:

  • Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.app

  • In the bottom left hand corner, navigate to Settings > Integrations

Integrations Dropdown

  • Click "Available"

Click Available

  • In the Search bar, search Wiz, then click "Configure"

The Wiz Tile

  • Under the Alert Source heading, select your Wiz environment type

  • Input the Wiz Tenant Region, Client ID, and Client Secret

The Wiz Alert Source Configuration (pt 1)

  • In the "Wiz Ingestion Types" section, choose what you want Dropzone to ingest from Wiz

Dropzone currently only ingests Issues, but we are working to improve this feature.

The Wiz Alert Source Configuration (pt 2)

  • In the "Issue Types to Ingest" section, select the types of issues you want Dropzone to poll

Dropzone currently only ingests Threat Detection issues, but we are working to improve this feature.

The Wiz Alert Source Configuration (pt 3)

  • Check the severity levels of the Issues you want Dropzone to be able to investigate

The Wiz Alert Source Configuration (pt 4)

  • To have the investigation results commented to each ticket, check the box under the Ticket Sync header

  • Input your desired poll interval and lookback

The Wiz Alert Source Configuration (pt 5)

  • Click "Test & Save" to finish

If you have any errors engage your Dropzone AI support representative.

PreviousSumo LogicNextCommunicators

Last updated

Was this helpful?