# Wiz

## Wiz

The Dropzone AI platform integrates with Wiz to ingest security findings and enrich investigations with context from [Wiz](https://www.wiz.io/about) such as cloud configurations, vulnerabilities, and exposure data via webhook automation rules.

## Integrations Overview

To enable these integrations you will perform the following actions:

* Create an API Key (within Dropzone AI)
* Configure a webhook integration in Wiz
* Create a custom automation rule in Wiz

### Create an API Key

To create a Dropzone API key, do the following:

* Navigate to your Dropzone AI tenant home page e.g. https\://*mycompany*.dropzone.app
* In the bottom left hand corner, navigate to Settings > API Keys

<figure><img src="https://435022081-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FmBVcKuiytGCsIDpL70BC%2Fuploads%2Fgit-blob-9a7940e975598b1d0a1b4c99ea4f28d115442f64%2Fui-apikeys-dropdown.png?alt=media" alt=""><figcaption><p>API Keys Dropdown</p></figcaption></figure>

* In the "Add New API Key" section, name the API key something memorable, such as "Wiz Webhook Integration"
* If you want to assign an expiration date to the API Key, select your desired expiration date in the "Expiration" section
* Click "Create Key"

<figure><img src="https://435022081-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FmBVcKuiytGCsIDpL70BC%2Fuploads%2Fgit-blob-9111ad3873948ff727003bc7bf8eba479b6ed135%2Fui-add-new-api-key.png?alt=media" alt=""><figcaption><p>Create API Key</p></figcaption></figure>

* Copy the value shown for use later in the Wiz UI

<figure><img src="https://435022081-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FmBVcKuiytGCsIDpL70BC%2Fuploads%2Fgit-blob-d82a57d486d3b68eb5f0dcdcaf90663e43f625f2%2Fui-new-api-key-value.png?alt=media" alt=""><figcaption><p>Copy the API Key</p></figcaption></figure>

### Create a Wiz Webhook Integration

Contact your Wiz/Dropzone support representative for instructions on how to set up a webhook integration.

In the URL section of your webhook integration, paste in your Dropzone webhook URL, e.g. https\:///app/api/v1/investigation/create. Use the API key you generated earlier as your API Key value.

### Create an Automation Rule

Contact your Wiz/Dropzone support representative for instructions on how to create an Automation Rule.

You must create an automation rule with the "Post Webhook" feature. In the "Request Body" section of your webhook, replace the default action template with the JSON below:

```

{
  "schema_key": "wiz_webhook_detection",
  "raw_alert_content": {
    "trigger": {
      "source": "{{triggerSource}}",
      "type": "{{triggerType}}",
      "ruleId": "{{ruleId}}",
      "ruleName": "{{ruleName}}"
    },
    "id": "{{detection.id}}",
    "threatId": "{{detection.issue.id}}",
    "threatURL": {{#detection.issue.url}}"{{detection.issue.url}}"{{/detection.issue.url}}{{^detection.issue.url}}null{{/detection.issue.url}},
    "title": "{{detection.rule.name}}",
    "description": {{#detection.description}}"{{detection.description}}"{{/detection.description}}{{^detection.description}}null{{/detection.description}},
    "severity": "{{detection.severity}}",
    "createdAt": "{{detection.createdAt}}",
    "tdrId": "{{detection.rule.id}}",
    "tdrSource": "{{detection.rule.sourceType}}",
    "mitreTactics": {{detection.rule.MITRETactics}}{{^detection.rule}}null{{/detection.rule}},
    "mitreTechniques": {{detection.rule.MITRETechniques}}{{^detection.rule}}null{{/detection.rule}},
    "cloudAccounts": {{detection.cloudAccounts}},
    "cloudOrganizations": {{detection.cloudOrganizations}},
    "timeframe": {
      "start": "{{detection.startedAt}}",
      "end": "{{detection.endedAt}}"
    },
    "actors": {{detection.actors}},
    "primaryActor": {{#detection.primaryActor}}{{detection.primaryActor}}{{/detection.primaryActor}}{{^detection.primaryActor}}null{{/detection.primaryActor}},
    "resources": {{detection.resources}},
    "primaryResource": {{#detection.primaryResource}}{{detection.primaryResource}}{{/detection.primaryResource}}{{^detection.primaryResource}}null{{/detection.primaryResource}},
    "triggeringEventsCount": {{detection.triggeringEventsCount}},
    "triggeringEvents": {{detection.triggeringEvents}}
  },
  "force_reinvestigation": false
}

```

Once this step has been committed, Wiz will start sending its alerts directly to Dropzone.

If you have any errors engage your Dropzone AI support representative.