Wiz

On this page

Wiz is a Security input connector. Connect to your Wiz instance to start collecting vulnerability data. Create a Wiz service user, and get an oauth client_id and secret before connecting.

IP Allowlists

You might need to add the Monad IP range of 34.210.32.104/32 to your Wiz allowlist, so Monad can connect to it.

Set up a Wiz service account

Before you set up a Wiz connector, create a service account and token so that Monad can connect to Wiz.

This service account must contain the following scopes of access:

  • read:issues
  • read:vulnerabilities
  • read:cloud_configuration
  • create:reports

Tip: You can set up a service account either with access to all projects, or one that is scoped to a specific project. To create a project-scoped account, log in to Wiz as a Project Member or Project Admin. To create a service user that all projects can use, log in as a Global Contributor or Global Admin.

To create a new Monad service user for Wiz:

  1. Log in to Wiz as Project Member or Project Admin or as a Global Contributor or Global Admin.
  2. Navigate to Settings > Service Accounts page, then click Add Service Account.
  3. Give the service account a meaningful name, for example “Monad Service”.
  4. Scroll down to the Vulnerabilities section and enable the read:resources and create:reports permissions.
  5. Click Add Service Account.
  6. Save the Client ID and Client Secret to a safe place such as a secrets manager.
  7. Click Finish.

Set up a Wiz input connector in Monad

To set up a Wiz connector, you need a service account with a client ID and an API token. Once you have this information, you set up the connector:

  1. Log in to your Monad account, and click Add connector.
  2. Select the Wiz connector.
  3. Optionally, change the default name for the connector. This name serves as a label for the connector in the Monad app, and you can change it later.
  4. If your Wiz instance uses different API and OAuth endpoints, or a different OAuth audience, edit the defaults provided in the dialog. If you’re not sure, you can check your OAuth provider by navigating to user settings, then check “Auth Provider”. If the auth provider is “incognito”, then your oauth audience should be “wiz-api”, if it’s “auth0”, then the audience should be “beyond-api”.
  5. Enter the Client ID and Client Secret you created.
  6. (Optional) - Specify your Severity Level, Asset Type, Status, Entity Type and Cloud Platform type filters. These scope the data ingested to a smaller set.
  7. (Optional) - set your connector schedule
  8. Click Connect.

If the Oauth endpoint or Audience are incorrect, then Monad will attempt to find the correct Audience. If none is found, then an error message will display the issue.

That’s it! Monad tests the connection to Wiz. If the connector is configured correctly, you’re ready to sync your data!

This page was last modified: 9 Oct 2023