Skip to content

Commit d510cc9

Browse files
authored
Merge pull request #253632 from cwatson-cat/10-3-23-dc-rfrsh-wiz
Sentinel auto-gen data connectors: Add Wiz data connector
2 parents eb13fe2 + df65dfa commit d510cc9

File tree

3 files changed

+93
-0
lines changed

3 files changed

+93
-0
lines changed

articles/sentinel/TOC.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -749,6 +749,8 @@
749749
href: data-connectors/wirex-network-forensics-platform.md
750750
- name: WithSecure Elements via Connector
751751
href: data-connectors/withsecure-elements-via-connector.md
752+
- name: Wiz
753+
href: data-connectors/wiz.md
752754
- name: Workplace from Facebook (using Azure Functions)
753755
href: data-connectors/workplace-from-facebook-using-azure-function.md
754756
- name: Zero Networks Segment Audit

articles/sentinel/data-connectors-reference.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -657,6 +657,10 @@ Data connectors are available as part of the following offerings:
657657

658658
- [WithSecure Elements via Connector](data-connectors/withsecure-elements-via-connector.md)
659659

660+
## Wiz, Inc.
661+
662+
- [Wiz](data-connectors/wiz.md)
663+
660664
## ZERO NETWORKS LTD
661665

662666
- [Zero Networks Segment Audit](data-connectors/zero-networks-segment-audit.md)
Lines changed: 87 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,87 @@
1+
---
2+
title: "Wiz connector for Microsoft Sentinel"
3+
description: "Learn how to install the connector Wiz to connect your data source to Microsoft Sentinel."
4+
author: cwatson-cat
5+
ms.topic: how-to
6+
ms.date: 09/26/2023
7+
ms.service: microsoft-sentinel
8+
ms.author: cwatson
9+
---
10+
11+
# Wiz connector for Microsoft Sentinel
12+
13+
The Wiz connector allows you to easily send Wiz Issues, Vulnerability Findinsg, and Audit logs to Microsoft Sentinel.
14+
15+
## Connector attributes
16+
17+
| Connector attribute | Description |
18+
| --- | --- |
19+
| **Log Analytics table(s)** | WizIssues_CL<br/> WizVulnerabilities_CL<br/> WizAuditLogs_CL<br/> |
20+
| **Data collection rules support** | Not currently supported |
21+
| **Supported by** | [Wiz](https://support.wiz.io/) |
22+
23+
## Query samples
24+
25+
**Summary by Issues's severity**
26+
```kusto
27+
WizIssues_CL
28+
29+
| summarize Count=count() by severity_s
30+
```
31+
32+
33+
34+
## Prerequisites
35+
36+
To integrate with Wiz make sure you have:
37+
38+
- **Microsoft.Web/sites permissions**: Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](/azure/azure-functions/).
39+
- **Wiz Service Account credentials**: Ensure you have your Wiz service account client ID and client secret, API endpoint URL, and auth URL. Instructions can be found on [Wiz documentation](https://docs.wiz.io/wiz-docs/docs/azure-sentinel-native-integration#collect-authentication-info-from-wiz).
40+
41+
42+
## Vendor installation instructions
43+
44+
45+
> [!NOTE]
46+
> This connector: Uses Azure Functions to connect to Wiz API to pull Wiz Issues, Vulnerability Findings, and Audit Logs into Microsoft Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details.
47+
Creates an Azure Key Vault with all the required parameters stored as secrets.
48+
49+
STEP 1 - Get your Wiz credentials
50+
51+
52+
Follow the instructions on [Wiz documentation](https://docs.wiz.io/wiz-docs/docs/azure-sentinel-native-integration#collect-authentication-info-from-wiz) to get the erquired credentials.
53+
54+
STEP 2 - Deploy the connector and the associated Azure Function
55+
56+
57+
>**IMPORTANT:** Before deploying the Wiz Connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Wiz credentials from the previous step.
58+
59+
60+
61+
Option 1: Deploy using the Azure Resource Manager (ARM) Template
62+
63+
1. Click the **Deploy to Azure** button below.
64+
65+
[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-wiz-azuredeploy)
66+
2. Select the preferred **Subscription**, **Resource Group** and **Location**.
67+
3. Enter the following parameters:
68+
> - Choose **KeyVaultName** and **FunctionName** for the new resources
69+
>- Enter the following Wiz credentials from step 1: **WizAuthUrl**, **WizEndpointUrl**, **WizClientId**, and **WizClientSecret**
70+
>- Enter the Workspace credentials **AzureLogsAnalyticsWorkspaceId** and **AzureLogAnalyticsWorkspaceSharedKey**
71+
>- Choose the Wiz data types you want to send to Microsoft Sentinel, choose at least one from **Wiz Issues**, **Vulnerability Findings**, and **Audit Logs**.
72+
73+
>- (optional) follow [Wiz documentation](https://docs.wiz.io/wiz-docs/docs/azure-sentinel-native-integration#optional-create-a-filter-for-wiz-queries) to add **IssuesQueryFilter**, **VulnerbailitiesQueryFilter**, and **AuditLogsQueryFilter**.
74+
75+
4. Mark the checkbox labeled **I agree to the terms and conditions stated above**.
76+
5. Click **Purchase** to deploy.
77+
78+
79+
Option 2: Manual Deployment of the Azure Function
80+
81+
>Follow [Wiz documentation](https://docs.wiz.io/wiz-docs/docs/azure-sentinel-native-integration#manual-deployment) to deploy the connector manually.
82+
83+
84+
85+
## Next steps
86+
87+
For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/wizinc1627338511749.wizinc1627338511749_wiz_mss-sentinel?tab=Overview) in the Azure Marketplace.

0 commit comments

Comments
 (0)