Set filtering for the Wiz Container Vulnerabilities Integration

  • Release version: Australia
  • Updated May 29, 2026
  • 2 minutes to read

    • Set the filtering values to import the container vulnerability data that you want.

    Before you begin

    Role required: sn_vul_wiz.configure_integration

    Procedure

    1. Navigate to All > Wiz Vulnerability Integration > Administration > Configuration.
    2. Select the Container Vulnerabilities Configuration tab.
    3. Optional: Select the Configure CVR Based VI Granularity link if you want to configure the image granularity keys that create container vulnerable items (CVITs).

      A CVIT is created by default by combining the image repository, vulnerability, and image. You can add components to the key for further granularity in the Configure VI Granularity module. For example, you might create a CVIT is for a combination of image repository, vulnerability, image, and cluster. See Configuring container image granularity keys for Container Vulnerability Response for more information.

    4. Fill in the fields.

      For some fields, you can specify multiple values. --None-- is the (default). If --None-- remains selected for a field, no data is imported for this field.

      If displayed select the lock icons (An closed padlock icon that indicates the field is locked and not editable.) and (An opened padlock icon that indicates the field is unlocked and editable.) to edit and lock your edits.

      Field Description
      First Pagination. Enter a value. You might prefer to start with 1000.
      Has Public Exploit Filter on vulnerability findings for vulnerabilities with an available exploit: (true/false).
      Subscription Import findings from the following strings for external subscription IDs: (AWS Account, Azure Subscription, GCP Project, and OCI Compartment). If you don't provide a value, all subscriptions are returned.
      Has Fix Import vulnerability findings for vulnerabilities with an available fix (true/false).
      Vulnerability Import vulnerability findings with matching external ID(s), for example, CVE-1234-5678,CVE-9110-26117.
      Has CISA KEV Exploit Import only vulnerability findings for vulnerabilities with an available CISA KEV exploit (true/false).
      Project ID Import only vulnerability findings for the given projects (strings).
      Resource Has High Privileges Return only vulnerability findings that have high privileges (true/false).
      Resource Status Return only findings with these statuses. You can specify multiple values:
      • --None--
      • Active
      • Error
      • Inactive
      Resource Has Admin Privileges Return only vulnerability findings that have admin privileges. (true/false)
      Detection Method Filter on vulnerability findings found by these detection methods:
      • --None--
      • DEFAULT_PACKAGE
      • FILE_PATH
      • INSTALLED_PROGRAM
      • INSTALLED_PROGRAM_BY_SERVICE
      • LIBRARY
      • OS
      • PACKAGE
      Resource Has Limited Internet Exposure Filter for vulnerability findings that have low internet exposure
      • --None--
      • TRUE
      • FALSE
      Status Filter findings by status:
      • --None--
      • OPEN
      • RESOLVED
      Vulnerability Severity Filter findings by vulnerability severity:
      • --None--
      • CRITICAL
      • HIGH
      • LOW
      • MEDIUM
      Validated In Runtime
      • --None--
      • Yes- Select Yes to pull in data for resources that have this flag set to Yes in the Runtime field. In Wiz console, the 'Validated in Runtime' status for a finding typically persists for a 48-hour period from the last time the vulnerable package was detected in memory.
      • No. Do not pull data for these resources.
    5. Select Save and test.
      If the credentials have been saved and validated successfully a message is displayed. You can select filtering for another integration import.
    6. Optional: Configure container image granularity keys for Container Vulnerability Response.

      You can configure the granularity of the container vulnerable items (CVITs) by specifying the key combination. For more information about supported keys, system properties, and the scheduled job also required, see Configuring container image granularity keys for Container Vulnerability Response.

      A CVIT is created by default by combining the image repository, vulnerability, and image. You can add components to the key for further granularity. For example, create a CVIT is for a combination of image repository, vulnerability, image, and cluster.