Configure the Wiz Vulnerability Response Integration

  • Release version: Zurich
  • Updated April 7, 2026
  • 3 minutes to read

    • Configure the integration in your Wiz service account and assign roles in your ServiceNow AI Platform instance.

    Before you begin

    You must configure the integration tile in your Wiz account that was created for this integration with the permissions pre-selected. See the Wiz product documentation for more information.

    The following Wiz API permissions are required:

    • [read:resources]
    • [read:host_configuration]
    • [read:issues read:threat_issues]
    • [read:cloud_configuration]
    • [read:vulnerabilities]
    Role required:
    • admin to assign roles in your ServiceNow AI Platform instance.

    Procedure

    1. Assign roles to users for the Wiz integration and for the applications that support the in integration in your ServiceNow AI Platform instance.
      1. Navigate to User administration > Users
      2. Assign the following roles.
        • sn_vul.vulnerability_admin to configure the Vulnerability Response and Container Vulnerability Response applications.
        • sn_vulc.admin
        • sn_vul_wiz.configure_integration to set up the integration.
        • sn_vul_wiz.read_integration for the users in your organization who you want to view data and records for this integration.
      3. See User administration for more information about creating users and managing roles.
    2. As a user with the sn_vul_wiz.configure_integration role, navigate to All > Wiz Vulnerability Integration > Administration > Configuration in your instance.
    3. Verify your Application scope [Globe icon] is set for the Vulnerability Response Integration with Wiz
    4. Fill in the fields.
      Field Description
      Integration instance Vulnerability Response Integration with Wiz.
      Auth URL Authentication URL you entered in your Wiz environment.
      Api URL API URL you entered in your Wiz environment.
      Client ID Client ID you want to use for this integration you entered in your Wiz environment.
      Client Secret Client Secret you want to use for this integration you entered in your Wiz environment.
    5. Select Save and test.
      A message is displayed if the credentials have been saved and validated successfully.
    6. Optional: Verify the detection key combination for the Host Vulnerability integration is populating data on findings.
      • Starting with versions 30.3 (USEM workspace-compatible) and 1.3 (legacy workspace), the detection key uses the Universally Unique Identifier (UUID) to identify unique detections for the Wiz Host Vulnerability integration. New detections generated by the Host Vulnerability integration use this key field.
        Note:
        You must run a full import to view the detections that are updated by the new key.
      • Prior to versions 30.3 (USEM-workspace-compatible) and 1.3, the detection key combination for the Wiz Host Vulnerability integration by default consisted of vulnerability, asset_id, and proof.
        Note:
        To view detection information populated with the enhanced key after import, navigate to the Vulnerable Items [sn_vul_vulnerable_item] table, select the Gear icon to configure column display. icon on findings record (VIT), locate the UUID column, and move it from Available toSelected.

      To view the key and modify its properties, follow these steps.

      Note:
      You must have the sn_vul.vulnerability_admin role to modify the detection key.
      1. Navigate to All > Vulnerability Response > Administration > Configure Detection Granularity.
      2. Select the Wiz link in the Source column.
      3. Make any edits and select Apply Changes.
        You must run a full import to view the detection data populated by any changes to the key.
    7. Optional: Configure Image Vulnerability Keys.
      You must have the Container Vulnerability Response application installed. You can modify the keys to help you determine how findings (container vulnerable items) for container vulnerabilities are created. For more information about supported keys, system properties, and the scheduled job also required for this step, see Configuring container image granularity keys for Container Vulnerability Response and Configure container image granularity keys for Container Vulnerability Response.

      Return to this page after you modify keys to continue with the configuration.

    8. Navigate to All > Wiz Vulnerability Integration > Administration > Integrations.
    9. Verify the integrations you want to import data with are activated (Active column set to true).
    10. Select a record to open it and activate or deactivate the integrations.
    11. Optional: Select the Schedule tab to modify the run schedule.

      By default, all the integrations except the Host Test Results Integration are set to run daily. The Host Test Results Integration is set to run on-demand.

    12. Optional: Backdate an integration run.
      Select the timestamp link in the Import since column. Select the Import since field and modify the date. Select Update. Select Execute now if you want to run the integration on demand with your new since date.
    13. Select Update to save your changes on the integration record.
    14. See Activate the Wiz Asset Integration and identify resource types for import to identify the asset types that you want to import.