Skip to content

Add new Wiz Cloud Configuration Finding Full Posture data stream and update misconfig transform to use it #12961

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 27 commits into from
Apr 7, 2025
Merged

Add new Wiz Cloud Configuration Finding Full Posture data stream and update misconfig transform to use it #12961

Show file tree
Hide file tree
Changes from 25 commits
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
7a49e16
add new Wiz Cloud Configuration Finding Full Posture data stream and …
maxcold Mar 5, 2025
d3ad0ea
format and lint
maxcold Mar 5, 2025
02f9ba4
bump major version
maxcold Mar 6, 2025
ee303ca
fix linting
maxcold Mar 6, 2025
1e42085
fix field mapping
maxcold Mar 14, 2025
4133e56
Merge branch 'main' into csp-poc-wiz-full-posture
maxcold Mar 14, 2025
84b7eb0
Revert "format and lint"
maxcold Mar 20, 2025
5bb0ce9
update changelog entry and add missing new line
maxcold Mar 20, 2025
ccf7569
Update resource.tracer settings
maxcold Mar 20, 2025
ceb8604
Update error.message generation logic
maxcold Mar 20, 2025
5cef018
Remove explicit bytes check
maxcold Mar 20, 2025
4f3b74f
Merge branch 'main' into csp-poc-wiz-full-posture
maxcold Mar 20, 2025
5ba9f45
add system tests and update docs
maxcold Mar 20, 2025
deb0241
update readme and test output
maxcold Mar 21, 2025
5ce27a6
make @timestamp dynamic for pipeline tests
maxcold Mar 24, 2025
d85a5ed
fix system tests
maxcold Mar 25, 2025
4b56cd6
Merge branch 'main' into csp-poc-wiz-full-posture
maxcold Mar 25, 2025
70cfe15
fix system tests config
maxcold Mar 25, 2025
cebe47e
Update packages/wiz/_dev/build/docs/README.md
maxcold Mar 26, 2025
4124f36
bump transform version
maxcold Mar 26, 2025
c01cc6b
fix fields in README
maxcold Mar 26, 2025
147e36d
fix code formatting
maxcold Mar 31, 2025
9de6f8e
pretty print json body in system tests
maxcold Mar 31, 2025
538ad66
Merge branch 'main' into csp-poc-wiz-full-posture
maxcold Mar 31, 2025
29c426a
fix special symbols
maxcold Mar 31, 2025
a4cb70a
Fix spelling
maxcold Apr 2, 2025
e696e49
fix nits
maxcold Apr 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions packages/wiz/_dev/build/docs/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ Agentless deployments are only supported in Elastic Serverless and Elastic Cloud
| Issue | read:issues |
| Vulnerability | read:vulnerabilities |
| Cloud Configuration Finding | read:cloud_configuration |
| Cloud Configuration Finding Full Posture | read:cloud_configuration |

### To obtain the Wiz URL
1. Navigate to your user profile and copy the API Endpoint URL.
Expand Down Expand Up @@ -105,6 +106,16 @@ This is the `Cloud Configuration Finding` dataset.

{{fields "cloud_configuration_finding"}}

### Cloud Configuration Finding Full Posture

This is the `Cloud Configuration Finding Full Posture` dataset.

#### Example

{{event "cloud_configuration_finding_full_posture"}}

{{fields "cloud_configuration_finding_full_posture"}}

### Issue

This is the `Issue` dataset.
Expand Down
13 changes: 13 additions & 0 deletions packages/wiz/_dev/deploy/docker/docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,19 @@ services:
- http-server
- --addr=:8090
- --config=/files/config-cloud_configuration_finding.yml
wiz-cloud_configuration_finding_full_posture:
image: docker.elastic.co/observability/stream:v0.15.0
hostname: wiz-cloud_configuration_finding_full_posture
ports:
- 8090
volumes:
- ./files:/files:ro
environment:
PORT: '8090'
command:
- http-server
- --addr=:8090
- --config=/files/config-cloud_configuration_finding_full_posture.yml
wiz-issue:
image: docker.elastic.co/observability/stream:v0.15.0
hostname: wiz-issue
Expand Down
127 changes: 127 additions & 0 deletions packages/wiz/_dev/deploy/docker/files/config-cloud_configuration_finding_full_posture.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,127 @@
rules:
- path: /oauth/token
methods: ['POST']
responses:
- status_code: 200
headers:
Content-Type:
- 'application/json'
body: |
{"access_token":"xxxx","expires_in":3600,"token_type":"Bearer","refresh_token":"yyyy"}
- path: /graphql
methods: ['POST']
request_headers:
Authorization:
- 'Bearer xxxx'
request_body: /.*"after":null.*/
responses:
- status_code: 200
headers:
Content-Type:
- application/json
body: |-
{{ minify_json `
{
"data": {
"configurationFindings": {
"nodes": [
{
"analyzedAt": "2024-08-07T12:55:52.012378Z",
"id": "1243196d-a365-589a-a8aa-13817c9877b2",
"remediation": null,
"resource": {
"id": "f0f4163d-cbd7-517c-ba9e-f96bb90ab5ea",
"name": "Root user",
"nativeType": "rootUser",
"providerId": "arn:aws:iam::998231069301:root",
"region": null,
"cloudPlatform": "EKS",
"subscription": {
"cloudProvider": "AWS",
"externalId": "998231069301",
"id": "94e76baa-85fd-5928-b829-1669a2ca9660",
"name": "wiz-integrations"
},
"tags": [],
"type": "USER_ACCOUNT"
},
"result": "PASS",
"rule": {
"description": "description",
"id": "563ed717-4fb6-47fd-929e-9c794e201d0a",
"name": "Root account access keys should not exist",
"remediationInstructions": "instructions",
"shortId": "IAM-006"
},
"severity": "MEDIUM"
}
],
"pageInfo": {
"hasNextPage": true,
"endCursor": "eyJmaWVsZHMiOlt7IkZpZWxkIjoiVGltZXN0YW1wIiwiVmFsdWUiOiIyMDIzLTA5LTA0VDExOjE5OjM3LjgwMTU0MVoifV19"
}
}
}
}
`}}
- path: /graphql
methods: ['POST']
request_headers:
Authorization:
- 'Bearer xxxx'
request_body: /.*"after":"eyJmaWVsZHMiOlt7IkZpZWxkIjoiVGltZXN0YW1wIiwiVmFsdWUiOiIyMDIzLTA5LTA0VDExOjE5OjM3LjgwMTU0MVoifV19".*/
responses:
- status_code: 200
headers:
Content-Type:
- application/json
body: |-
{{ minify_json `
{
"data": {
"configurationFindings": {
"nodes": [
{
"analyzedAt": "2024-08-15T11:41:17.517926Z",
"id": "6fe49e83-2f3a-5b62-99de-beae16c7bfae",
"remediation": null,
"resource": {
"id": "8a53b2d9-f6c6-59e4-bce0-736a45e9aa3f",
"name": "annam-vm",
"nativeType": "Microsoft.Compute/virtualMachines",
"providerId": "80045425-a0a9-4457-82c2-2c5f47419d83",
"region": "eastus",
"subscription": {
"cloudProvider": "Azure",
"externalId": "434f3cbb-30f2-4bc0-8bba-cb080280652b",
"id": "064ecbb5-19ee-540d-b9f5-99c3a4e2d0db",
"name": "partner integrations"
},
"tags": [],
"type": "VIRTUAL_MACHINE"
},
"result": "PASS",
"rule": {
"description": "description",
"id": "56c8890d-ad68-4659-9414-fb0ed7258c31",
"name": "Virtual Machine should not be stopped (allocated) for more than a week",
"remediationInstructions": "remediation",
"shortId": "VirtualMachines-021"
},
"severity": "LOW",
"evidence": {
"cloudConfigurationLink": "https://learn.microsoft.com/en-us/azure/virtual-machines/states-billing",
"configurationPath": null,
"currentValue": "The VM is stopped(allocated) since 2024-08-15",
"expectedValue": "The VM should be used or deallocated"
}
}
],
"pageInfo": {
"hasNextPage": false,
"endCursor": "eMJmaWVsZIkZpZWxkIjoiVGltZXN0YW1wIiwiVmFsdWUiOiIyMDIzLTA5LTA0VDExOjE5OjM3LjgwMTU0MVoifV19"
}
}
}
}
`}}
5 changes: 5 additions & 0 deletions packages/wiz/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "3.0.0"
changes:
- description: Add new Cloud Configuration Finding Full Posture data stream. If you rely on Findings > Misconfigurations view, enable this new data stream.
type: breaking-change
link: https://github.com/elastic/integrations/pull/12961
- version: "2.10.0"
changes:
- description: Rely on external ecs for ESC fields. event.id changed from text to keyword
Expand Down
Loading