# Wiz

### Integration Setup

To configure the Wiz Security integration, follow these steps:

#### Create Wiz Service Account

1. In the the Wiz Application, Search "Service Accounts"

<div align="center" data-full-width="true"><figure><img src="https://3084082483-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9X3GhAYjoqbnAMyhHhAr%2Fuploads%2Fgit-blob-97270d05037ae7ce8aebdc0beb9a5f8b16ef801c%2Fwiz_search_service_account.png?alt=media" alt=""><figcaption></figcaption></figure></div>

1. Click "Add Service Account"

<div align="center" data-full-width="true"><figure><img src="https://3084082483-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9X3GhAYjoqbnAMyhHhAr%2Fuploads%2Fgit-blob-fc4eb84bd58dcbb4f81e6049ddf93a60f432e399%2Fwiz_add_service_account.png?alt=media" alt=""><figcaption></figcaption></figure></div>

1. Enter a name, Choose "Custom Integration (GraphQL API)" from the Type drop down.

<div align="center" data-full-width="true"><figure><img src="https://3084082483-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9X3GhAYjoqbnAMyhHhAr%2Fuploads%2Fgit-blob-44740b3ee17665981496b54ce55d367172cd670a%2Fwiz_service_account_custom_integraton.png?alt=media" alt=""><figcaption></figcaption></figure></div>

1. Select Projects you want Gomboc to have access to.

<div align="center" data-full-width="true"><figure><img src="https://3084082483-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9X3GhAYjoqbnAMyhHhAr%2Fuploads%2Fgit-blob-0a6905bf9ede418fdc25acbb8474b68ae5b3d3ab%2Fwiz_service_account_choose_project.png?alt=media" alt=""><figcaption></figcaption></figure></div>

1. Select the following scopes:
   * Read graph resource
   * Issues
   * Issue Comments
   * Integratons
   * Automation Rules
   * Read report
   * Read cloud configuration rules, list cloud configuration rules
   * Detections
   * Issue Status
   * Comments
2. Click "Add Service Account" and collect Client ID and Client Secret. You will need them in future steps.

<div align="center" data-full-width="true"><figure><img src="https://3084082483-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9X3GhAYjoqbnAMyhHhAr%2Fuploads%2Fgit-blob-e993d920fbb91675f74fae1b32b1440825c3be7d%2Fwiz_service_account_credentials.png?alt=media" alt=""><figcaption></figcaption></figure></div>

#### Create Integration in Gomboc Portal

1. In Wiz click your profile icon and "Tenant Info"

<div align="center" data-full-width="true"><figure><img src="https://3084082483-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9X3GhAYjoqbnAMyhHhAr%2Fuploads%2Fgit-blob-7bb7d1819018ba4905bdc8a0fa4e2db81dca76c3%2Fwiz_tenant_info.png?alt=media" alt=""><figcaption></figcaption></figure></div>

2. Collect API Endpoint URL and Authentication URL for future steps

<div align="center" data-full-width="true"><figure><img src="https://3084082483-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9X3GhAYjoqbnAMyhHhAr%2Fuploads%2Fgit-blob-f7d961061740f5dadde107b61d54d83ec099aaf8%2Fwiz_api_urls.png?alt=media" alt=""><figcaption></figcaption></figure></div>

3. Within the Gomboc portal, create an access token, either a personal or organization API token will work. Once the token is created, copy it to your clipboard.

<div align="center" data-full-width="true"><figure><img src="https://3084082483-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9X3GhAYjoqbnAMyhHhAr%2Fuploads%2Fgit-blob-d6ee0a85640310bf0b13b5f11605e4795752d917%2Fgomboc_access_token.png?alt=media" alt=""><figcaption></figcaption></figure></div>

4. Go to Settings > Integrations > Wiz

<div align="center" data-full-width="true"><figure><img src="https://3084082483-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9X3GhAYjoqbnAMyhHhAr%2Fuploads%2Fgit-blob-d956abb7cf0d2c691ece5e04d52bd1ea233d16e5%2Fwiz_security_integration.png?alt=media" alt=""><figcaption></figcaption></figure></div>

5. Insert the Gomboc Token from step 3. Wiz Client ID, Wiz Client Secret from Service Account setup. Wiz API URL, Wiz Auth URL from step 2. Click "Integrate"

<div align="center"><figure><img src="https://3084082483-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9X3GhAYjoqbnAMyhHhAr%2Fuploads%2Fgit-blob-c611c0348ca406e9edf82e5d91ca20af4bb951b9%2Fwiz_gomboc_configurations.png?alt=media" alt=""><figcaption></figcaption></figure></div>

6. Once the integration is complete you will receive an Access token you will need to use to create the webhook on Wiz

<div align="center" data-full-width="true"><figure><img src="https://3084082483-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9X3GhAYjoqbnAMyhHhAr%2Fuploads%2Fgit-blob-a02334c58cf1a48523dccd5e3302ed99e57a75f2%2Fwiz_token.png?alt=media" alt=""><figcaption></figcaption></figure></div>

#### Create Integration in Wiz Application

1. Back on the Wiz Application, search "Integrations"

<div align="center"><figure><img src="https://3084082483-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9X3GhAYjoqbnAMyhHhAr%2Fuploads%2Fgit-blob-ae4081f352912afe537c7a3a66ea91e720b5a2a9%2Fwiz_integrations.png?alt=media" alt=""><figcaption></figcaption></figure></div>

2. Click "Add Integration"

<div align="center"><figure><img src="https://3084082483-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9X3GhAYjoqbnAMyhHhAr%2Fuploads%2Fgit-blob-38313eb8dce7170017a35bed7c793166745c48a4%2Fwiz_add_integration.png?alt=media" alt=""><figcaption></figcaption></figure></div>

3. Search "Webhook"

<div align="center"><figure><img src="https://3084082483-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9X3GhAYjoqbnAMyhHhAr%2Fuploads%2Fgit-blob-9b4d28bfd560e606a542f7a94b42a9168f955499%2Fwiz_search_webhook.png?alt=media" alt=""><figcaption></figcaption></figure></div>

4. Enter a name. Under URL enter "<https://cspm.prod.gcp.gomboc.ai/api/v1/observations/wiz>"
5. Select All projects you want to integrate with, It should be the same as the Service Account
6. Under Authentication select Token, Enter the Token received after creating the integraion in Gomboc portal, click "Add Integration"

<div align="center"><figure><img src="https://3084082483-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9X3GhAYjoqbnAMyhHhAr%2Fuploads%2Fgit-blob-cf35bfb88fd7e2854d6b7b888ea97d1b36a2f353%2Fwiz_add_webhook.png?alt=media" alt=""><figcaption></figcaption></figure></div>

#### Setup Wiz Webhook Rules

1. Search "Automation Rules"

<div align="center"><figure><img src="https://3084082483-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9X3GhAYjoqbnAMyhHhAr%2Fuploads%2Fgit-blob-49ebdf1c87e5cc4f1e70984193bb0f8fe71e0d7a%2Fwiz_automation_rules.png?alt=media" alt=""><figcaption></figcaption></figure></div>

2. Click "Add Rule"

<div align="center"><figure><img src="https://3084082483-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9X3GhAYjoqbnAMyhHhAr%2Fuploads%2Fgit-blob-65046b440149319f04626581116bf6bfaa2e0a01%2Fwiz_automation_rule_add.png?alt=media" alt=""><figcaption></figcaption></figure></div>

3. Enter name "Issue Webhook"
4. Select same projects from Service Account setup
5. Under "When" select Issue
6. Under "IF" click Add Filter, select "Severity", then select all the options.

<div align="center"><figure><img src="https://3084082483-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9X3GhAYjoqbnAMyhHhAr%2Fuploads%2Fgit-blob-831acc5a34f88dd6cfa5c425b85bfc93f2275c42%2Fwiz_automation_rule_filter.png?alt=media" alt=""><figcaption></figcaption></figure></div>

7. Under "THEN" click add Action and select "POST a Webhook" for the created Integration. Click "Continue", then "Add Action"

<div align="center"><figure><img src="https://3084082483-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9X3GhAYjoqbnAMyhHhAr%2Fuploads%2Fgit-blob-faac04352c6e076671e36fceca641c650a207ca1%2Fwiz_automation_rule_add_action.png?alt=media" alt=""><figcaption></figcaption></figure></div>

8. Click "Add Rule"

<div align="center"><figure><img src="https://3084082483-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9X3GhAYjoqbnAMyhHhAr%2Fuploads%2Fgit-blob-0d76c9222a69141d3e1728c0fc5c88f946bf4f51%2Fwiz_automation_add_rule_2.png?alt=media" alt=""><figcaption></figcaption></figure></div>

9. Repeat Steps 2 - 8 changing to "Cloud Configuration Finding" and "Detection" under "WHEN" in step 5

<div align="center"><figure><img src="https://3084082483-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9X3GhAYjoqbnAMyhHhAr%2Fuploads%2Fgit-blob-708ac0e4c825ce2d2e55503b40e41de62fc03173%2Fwiz_finding_rule.png?alt=media" alt=""><figcaption></figcaption></figure></div>

<div align="center"><figure><img src="https://3084082483-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9X3GhAYjoqbnAMyhHhAr%2Fuploads%2Fgit-blob-8894da61dc9433a4f7828e1debb021bf22337f45%2Fwiz_detection_rule.png?alt=media" alt=""><figcaption></figcaption></figure></div>