Set filtering for the Wiz Container Vulnerabilities Integration

  • Release version: Xanadu
  • Updated December 5, 2025
  • 2 minutes to read

    • Set the filtering values to import the container vulnerability data that you want.

    Before you begin

    Role required: sn_vul_wiz.configure_integration

    Procedure

    1. Navigate to All > Wiz Vulnerability Integration > Administration > Configuration.
    2. Select the Container Vulnerabilities Configuration tab.
    3. Fill in the fields.

      For some fields, you can specify multiple values. --None-- is the (default). If --None-- remains selected for a field, no data is imported for this field.

      If displayed select the lock icons (An closed padlock icon that indicates the field is locked and not editable.) and (An opened padlock icon that indicates the field is unlocked and editable.) to edit and lock your edits.

      Field Description
      First Pagination. Enter a value. You might prefer to start with 1000.
      Has Public Exploit Filter on vulnerability findings for vulnerabilities with an available exploit: (true/false).
      Subscription Import findings from the following strings for external subscription IDs: (AWS Account, Azure Subscription, GCP Project, and OCI Compartment). If you do not provide a value, all subscriptions are returned.
      Has Fix Import vulnerability findings for vulnerabilities with an available fix (true/false).
      Vulnerability Import vulnerability findings with matching external ID(s), for example, CVE-1234-5678,CVE-9110-26117.
      Has CISA KEV Exploit Import only vulnerability findings for vulnerabilities with an available CISA KEV exploit (true/false).
      Project ID Import only vulnerability findings for the given projects (strings).
      Resource Has High Privileges Return only vulnerability findings that have high privileges (true/false).
      Resource Status Return only findings with these statuses. You can specify multiple values:
      • --None--
      • Active
      • Error
      • Inactive
      Resource Has Admin Privileges Return only vulnerability findings that have admin privileges. (true/false)
      Detection Method Filter on vulnerability findings found by these detection methods:
      • --None--
      • DEFAULT_PACKAGE
      • FILE_PATH
      • INSTALLED_PROGRAM
      • INSTALLED_PROGRAM_BY_SERVICE
      • LIBRARY
      • OS
      • PACKAGE
      Resource Has Limited Internet Exposure Filter for vulnerability findings that have low internet exposure
      • --None--
      • TRUE
      • FALSE
      Status Filter findings by status:
      • --None--
      • OPEN
      • RESOLVED
      Vulnerability Severity Filter findings by vulnerability severity:
      • --None--
      • CRITICAL
      • HIGH
      • LOW
      • MEDIUM
      Validated In Runtime
      • --None--
      • Yes- Select Yes to pull in data for resources that have this flag set to Yes in the Runtime field. In Wiz console, the 'Validated in Runtime' status for a finding typically persists for a 48-hour period from the last time the vulnerable package was detected in memory.
      • No. Do not pull data for these resources.
    4. Select Save and test.
      If the credentials have been saved and validated successfully a message is displayed. You can select filtering for another integration import.
    5. Optional: Configure the granularity of the container vulnerable items (CVITs) by specifying the key combination.

      A CVIT is created by default by combining the image repository, vulnerability, and image. You can add components to the key for further granularity. For example, create a CVIT is for a combination of image repository, vulnerability, image, and cluster.

      To configure the granularity, navigate to All > Wiz Vulnerability Integration > Administration > Configure CVR based VI Granularity.

      Select the keys you want to add. If data is imported, keys are considered and CVITs are created.