Understanding the Wiz Vulnerability Response Integration
Import vulnerability and compliance data from Wiz scanners into your ServiceNow® AI Platform instance to help you get deeper insights into your cloud infrastructure risks. These integrations provide you with a comprehensive assessment of your overall cloud security posture and help you drive remediation actions directly from your instance.
Integrations included with the Vulnerability Response Integration with Wiz
The Vulnerability Response Integration with Wiz includes the following integrations that import your asset, vulnerability, and compliance data:
- Wiz Asset Integration
- Wiz Container Vulnerability Response Integration
- Wiz Host Test Results Integration
- Wiz Host Vulnerability Integration
- Wiz Configuration Compliance (test results) Integration and Issues integration
Please review more information about the Wiz integration at SecOps articles on the Security Operations Community.
Starting with v1.1, the Missing Assets [sn_vul_wiz_missing_asset] table for storing assets from the backfill integrations is deprecated. After upgrading to version 1.1, you must backdate your primary Wiz integrations by three days and run them.
After you upgrade to v1.1, the following backfill integrations are no longer required:
- Host Vulnerability Backfill Integration
- Test Results Backfill Integration
- Host Test Results Backfill Integration
- Issues Backfill Integration
You identify the specific Resource Types (assets) that you want to import on the Wiz Vulnerability Integration Configuration module in your ServiceNow AI Platform instance.
Benefits and users for the integrations
| Benefit | Wiz Integration | Users |
|---|---|---|
| Import data about your cloud assets reported by the Wiz scanner. Create and update discovered item records for cloud assets in your ServiceNow AI Platform instance. Note: Activating the Wiz Asset Integration is optional. You are no longer required to schedule or run it so it runs before the other
integrations. |
Wiz Asset Integration | Vulnerability managers, analysts, and Cloud security teams |
| Import and evaluate early detections vulnerabilities on running hosts. The host vulnerability integration imports findings related to virtual machines and serverless assets in your cloud environment. These findings are mapped to Host Vulnerable Items (VITs) within the Vulnerability Response application to support remediation workflows. |
Wiz Host Vulnerability Integration. | Vulnerability managers, analysts, and Cloud security teams |
| Import test results associated with the resource type, VIRTUAL MACHINE. | Wiz Host Test Result Integration | Vulnerability managers, analysts, and Cloud security teams |
| Import and evaluate container image vulnerability data for vulnerable and non-compliant assets in your cloud infrastructure. Findings are mapped to container vulnerable items (CVITs) to support triage, risk prioritization, and targeted remediation workflows for container-based workloads. |
Wiz Container Vulnerability Integration. | Vulnerability managers, analysts, and Cloud security teams |
| Import and evaluate configuration test results from Wiz to detect non-compliant cloud configurations. Findings are mapped to cloud test results (CTRs) in the Configuration Compliance application to help you enforce security policies and standards across your cloud environment. |
Wiz Configuration Compliance Integration (Wiz Test Results). | Vulnerability managers, analysts, and Cloud security teams |
| Import Wiz Issues that identify assets involved in toxic combinations of vulnerabilities and misconfigurations. These findings are mapped to CTRs and labeled with Wiz Issues as the source to help you track and remediate assets that might pose complex, multi-vector risks. |
Wiz Issues Integration. | Vulnerability managers, analysts, and Cloud security teams |
Note: The Wiz Backfill integrations retrieve and process data for missing assets that were not processed by the primary vulnerability and compliance integrations.Starting with v1.1, the Missing Assets [sn_vul_wiz_missing_asset] table for storing assets is deprecated. After upgrading to version 1.1, you must backdate and run your primary integrations by three days. See Backfill integrations and upgrading to version 1.1 for more information. |
Wiz Backfill integrations:
|
Vulnerability admins |
| Apply remediation steps across host vulnerable items (VITs), container vulnerable items (CVTs), cloud test results (CTRs) and CTRs labeled Wiz Issues. | Vulnerability Response, Container Vulnerability Response, and the Configuration Compliance applications. | Remediation owners |
What to explore next
- Activate the Wiz Vulnerability Response Integration application
- Configure the Wiz Vulnerability Response Integration
- Identify Wiz Resource types for the Wiz Vulnerability Integrations
- Set filtering for the Wiz Host Vulnerabilities Integration
- Set filtering for the Wiz Container Vulnerabilities Integration
- Set filtering for the Wiz Test Results Integration
- Set filtering for the Wiz Issues Integration
- Set filtering for the Wiz Host Test Results Integration
- Wiz Backfill Integrations
- Field mapping for the Wiz Vulnerability Response Integrations