# Wiz

## Wiz

The Dropzone AI platform integrates with Wiz to ingest security findings and enrich investigations with context from [Wiz](https://www.wiz.io/about) such as cloud configurations, vulnerabilities, and exposure data via webhook automation rules.

## Integrations Overview

To enable these integrations you will perform the following actions:

* Create an API Key (within Dropzone AI)
* Configure a webhook integration in Wiz
* Create a custom automation rule in Wiz

### Create an API Key

To create a Dropzone API key, do the following:

* Navigate to your Dropzone AI tenant home page e.g. https\://*mycompany*.dropzone.app
* In the bottom left hand corner, navigate to Settings > API Keys

<figure><img src="/files/wXhlH88IlseWhKBegxue" alt=""><figcaption><p>API Keys Dropdown</p></figcaption></figure>

* In the "Add New API Key" section, name the API key something memorable, such as "Wiz Webhook Integration"
* If you want to assign an expiration date to the API Key, select your desired expiration date in the "Expiration" section
* Click "Create Key"

<figure><img src="/files/gwlDqQdE4ZpTkbTvzq9R" alt=""><figcaption><p>Create API Key</p></figcaption></figure>

* Copy the value shown for use later in the Wiz UI

<figure><img src="/files/6l4ImgOi1urcfZKBNSGW" alt=""><figcaption><p>Copy the API Key</p></figcaption></figure>

### Create a Wiz Webhook Integration

Follow instructions on Wiz's [documentation site](https://docs.wiz.io/wiz-docs/docs/dropzone-ai-webhook-integration) to create a Wiz Webhook integration, or contact your Wiz/Dropzone support representative.

In the URL section of your webhook integration, paste in your Dropzone webhook URL, e.g. https\:///app/api/v1/investigation/create. Use the API key you generated earlier as your API Key value.

### Create an Automation Rule

Contact your Wiz/Dropzone support representative for instructions on how to create an Automation Rule.

You must create an automation rule with the "Post Webhook" feature. In the "Request Body" section of your webhook, replace the default action template with the JSON below:

```

{
  "schema_key": "wiz_webhook_detection",
  "raw_alert_content": {
    "trigger": {
      "source": "{{triggerSource}}",
      "type": "{{triggerType}}",
      "ruleId": "{{ruleId}}",
      "ruleName": "{{ruleName}}"
    },
    "id": "{{detection.id}}",
    "threatId": "{{detection.issue.id}}",
    "threatURL": {{#detection.issue.url}}"{{detection.issue.url}}"{{/detection.issue.url}}{{^detection.issue.url}}null{{/detection.issue.url}},
    "title": "{{detection.rule.name}}",
    "description": {{#detection.description}}"{{detection.description}}"{{/detection.description}}{{^detection.description}}null{{/detection.description}},
    "severity": "{{detection.severity}}",
    "createdAt": "{{detection.createdAt}}",
    "tdrId": "{{detection.rule.id}}",
    "tdrSource": "{{detection.rule.sourceType}}",
    "mitreTactics": {{detection.rule.MITRETactics}}{{^detection.rule}}null{{/detection.rule}},
    "mitreTechniques": {{detection.rule.MITRETechniques}}{{^detection.rule}}null{{/detection.rule}},
    "cloudAccounts": {{detection.cloudAccounts}},
    "cloudOrganizations": {{detection.cloudOrganizations}},
    "timeframe": {
      "start": "{{detection.startedAt}}",
      "end": "{{detection.endedAt}}"
    },
    "actors": {{detection.actors}},
    "primaryActor": {{#detection.primaryActor}}{{detection.primaryActor}}{{/detection.primaryActor}}{{^detection.primaryActor}}null{{/detection.primaryActor}},
    "resources": {{detection.resources}},
    "primaryResource": {{#detection.primaryResource}}{{detection.primaryResource}}{{/detection.primaryResource}}{{^detection.primaryResource}}null{{/detection.primaryResource}},
    "triggeringEventsCount": {{detection.triggeringEventsCount}},
    "triggeringEvents": {{detection.triggeringEvents}}
  },
  "force_reinvestigation": false
}

```

Once this step has been committed, Wiz will start sending its alerts directly to Dropzone.

If you have any errors engage your Dropzone AI support representative.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.dropzone.ai/integrations/alert/wiz_alert.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.