Is anyone using the Wiz Integration for Security Operations 1.0.2?

Josh_M
Giga Contributor

‎01-04-2023 08:10 AM

We're trying to get the Wiz Integration for Security Operations version 1.0.2 plugin up and running, but I'm getting a setAbortAction cross-scope access error when I try to hit submit on the Wiz Record Producer:

Josh_M_0-1672848309271.png

If I try to skip this step and run the integration I get an invalid authentication header error:

Josh_M_1-1672848440476.png

When I check the Wiz audit logs it doesn't even look like the service account we're using for the integration is attempting to authenticate. I think the initial 'setAbortAction' error is causing the plugin to crash before authentication takes place. Is this an issue with the plugin, or an issue with our configuration? Is anyone else successfully using this version of the plugin and if so, did you encounter this issue? 

0 Helpfuls
  • 1,379 Views
2 REPLIES 2

sushant06251
ServiceNow Employee
ServiceNow Employee

‎03-25-2023 06:19 AM

Hi @Josh_M ,

 

The error is not relevant. The Authentication error you are getting is because of a KMF issue with the client's secret. I also faced the issue and was able to resolve it as follows: 

 

  1. Assign sn_kmf.cryptographic_manager role to your user if you don't have it already. Note: The user should have security_admin and sn_kmf.admin roles to perform this activity.
  2. Navigate to Key Management > Module Access Policies > All.
  3. Filter the list view with Crypto Module = com_snc_security_support_core_glideencrypter.
  4. You can skip this step if you have already run the Integrations once. Execute any Wiz scheduler to test the connectivity. If the feature executed has the requirement of decrypting the value from the Integration Item Configurations (sn_sec_core_integraiton_item_config) table and the caller entity does not have access to decrypt, the system will create a corresponding MAP record.
  5. This record is created with Result = Reject and Crypto Module = com_snc_security_support_core_glideencrypter and you can view this log as Access Denied to cryptographic module 'global.com_snc_security_support_core_glideencrypter': no thrown error in System Logs.
  6. Name the MAP record created appropriately and set Result = Track. This will set the record to track or grant access for the crypto module to the target mentioned in the MAP record.
0 Helpfuls

j_martin
Tera Guru

‎07-22-2024 09:46 AM

@Josh_M  - were you able to resolve this? I am encountering the same issue.

0 Helpfuls