Configure the Wiz Vulnerability Response Integration

  • Freigeben Version: Australia
  • Aktualisiert 12. März 2026
  • 2 Minuten Lesedauer

    • Configure the integration in your Wiz service account and assign roles in your ServiceNow AI Platform instance.

    Vorbereitungen

    You must configure the integration tile in your Wiz account that was created for this integration with the permissions pre-selected. See the Wiz product documentation for more information.

    The following Wiz API permissions are required:

    • [read:resources]
    • [read:host_configuration]
    • [read:issues read:threat_issues]
    • [read:cloud_configuration]
    • [read:vulnerabilities]
    Role required:
    • admin to assign roles in your ServiceNow AI Platform instance.

    Prozedur

    1. Assign roles to users for the Wiz integration and for the applications that support the in integration in your ServiceNow AI Platform instance.
      1. Navigate to User administration > Users
      2. Assign the following roles.
        • sn_vul.vulnerability_admin to configure the Vulnerability Response and Container Vulnerability Response applications.
        • sn_vulc.admin
        • sn_vul_wiz.configure_integration to set up the integration.
        • sn_vul_wiz.read_integration for the users in your organization who you want to view data and records for this integration.
      3. See User administration for more information about creating users and managing roles.
    2. As a user with the sn_vul_wiz.configure_integration role, navigate to All > Wiz Vulnerability Integration > Administration > Configuration in your instance.
    3. Fill in the fields.
      Field Description
      Integration instance Vulnerability Response Integration with Wiz.
      Auth URL Authentication URL you entered in your Wiz environment.
      Api URL API URL you entered in your Wiz environment.
      Client ID Client ID you want to use for this integration you entered in your Wiz environment.
      Client Secret Client Secret you want to use for this integration you entered in your Wiz environment.
    4. Select Save and test.
      A message is displayed if the credentials have been saved and validated successfully.
    5. Wahlweise: Verify the detection key combination for the Host Vulnerability integration is populating data on findings.
      • Starting with versions 30.3 (USEM workspace-compatible) and 1.3 (legacy workspace), the detection key uses the Universally Unique Identifier (UUID) to identify unique detections for the Wiz Host Vulnerability integration. New detections generated by the Host Vulnerability integration use this key field.
        Hinweis:
        You must run a full import to view the detections that are updated by the new key.
      • Prior to versions 30.3 (USEM-workspace-compatible) and 1.3, the detection key combination for the Wiz Host Vulnerability integration by default consisted of vulnerability, asset_id, and proof.
        Hinweis:
        After you upgrade, detections that used the key combination of vulnerability, asset_id, and proof are automatically closed? Are updated to include the new UUID and maintain the vulnerability, asset_id, and proof properties? .... Or....To view detection information populated with the enhanced key after import, navigate to the Vulnerable Items [sn_vul_vulnerable_item] table, select the Gear icon to configure column display. icon on findings record (VIT), locate the UUID column, and move it from Available toSelected.

      To view the key and modify its properties, follow these steps.

      Hinweis:
      You must have the sn_vul.vulnerability_admin role to modify the detection key.
      1. Navigate to All > Vulnerability Response > Detection Key Configurations.
      2. Select the Wiz link in the Source column.
      3. Make any edits and select Apply Changes.
        You must run a full import to view the detection data populated by any changes to the key.
    6. Navigate to All > Wiz Vulnerability Integration > Administration > Integrations.
    7. Verify the integrations you want to import data with are activated (Active column set to true).
    8. Select a record to open it and activate or deactivate the integrations.
    9. Wahlweise: Select the Schedule tab to modify the run schedule.

      By default, all the integrations except the Host Test Results Integration are set to run daily. The Host Test Results Integration is set to run on-demand.

    10. Select Update to save your changes.
    11. See Identify Wiz Resource types for the Wiz Vulnerability Integrations to identify the asset types that you want to import.