WIZ CNAPP 的來源組態 - Amazon CloudWatch

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

WIZ CNAPP 的來源組態

與 Wiz CNAPP 整合

Wiz 是一種雲端原生應用程式保護平台 (CNAPP),可在多雲端環境中提供全面的可見性和安全性。CloudWatch Pipeline 使用 Wiz GraphQL API 從您的雲端基礎設施擷取有關安全狀態、漏洞、錯誤設定、威脅和稽核活動的資訊。Wiz GraphQL API 可透過靈活的 GraphQL 查詢存取安全資料,允許從 Wiz 平台擷取稽核日誌、問題、漏洞問題清單、組態問題清單和偵測。

使用 Wiz CNAPP 驗證

若要讀取 Wiz Cnapp 稽核日誌,管道需要向您的帳戶進行身分驗證。外掛程式支援 OAuth2 身分驗證。請依照這些指示開始使用。

  • 在 Wiz 中建立具有適當許可的服務帳戶。您必須以具有服務帳戶寫入 (W) 許可的 Wiz 使用者身分登入。

  • 設定服務帳戶並取得新建立的用戶端 ID 和用戶端秘密。

  • 在 AWS Secrets Manager 中,建立秘密,並將應用程式 (用戶端) ID 存放在金鑰 下,client_id並將用戶端秘密存放在金鑰 下client_secret

  • 為您的服務帳戶設定 API 許可 (範圍)。

    必要範圍:read:issuesread:detectionsread:cloud_events_cloudread:cloud_events_sensorread:security_scansread:vulnerabilitiesread:cloud_configurationadmin:audit

  • 識別您的 GraphQL API 端點:在 Wiz 入口網站中尋找您的特定端點檢查租用戶資訊。Wiz GraphQL API 端點為 https://api.<region>.app.wiz.io/graphql,其中 <region>對應於 Wiz 租用戶的資料中心 (例如 us1、us2、eu1、eu2)。

設定 CloudWatch 管道

設定管道從 Wiz 讀取稽核日誌時,請選擇 Wiz CNAPP 作為資料來源。填寫必要資訊,例如 區域。建立管道後,資料將可在選取的 CloudWatch Logs 日誌群組中使用。

支援的開放式網路安全結構描述架構事件類別

此整合支援 OCSF 結構描述版本 v1.5.0 和對應至偵測調查結果 (2004)、漏洞調查結果 (2002)、合規調查結果 (2003)、身分驗證 (3002) 和 API 活動 (6003) 的事件。

Detection Finding 包含來自下列來源的所有事件:

  • 問題

  • 偵測

漏洞調查結果包含來自下列來源的所有事件:

  • 漏洞調查結果

合規調查結果包含來自下列來源的所有事件:

  • 雲端組態調查結果

身分驗證包含來自下列來源和指定動作的事件:

  • 稽核日誌

  • DeviceLogin

  • 登入

API 活動包含來自下列來源和指定動作的事件:

  • 稽核日誌

  • AddSecurityScan

  • AddSupportTicketContext

  • AiAssistantSendMessage

  • ApproveCopyResourceForensicsSettings...

  • AssociateServiceTicket

  • CancelReportRun

  • ClearUIUserPreferences

  • CompleteAuthMigration

  • ConvertGitHubAppRegistrationCode

  • CopyResourceForensicsToExternalAccount

  • CreateActionTemplate

  • CreateApplicationServiceDiscoveryRule

  • CreateAutomationRule

  • CreateCICDScanPolicy

  • CreateCloudConfigurationFindingNote

  • CreateCloudConfigurationRule

  • CreateCloudConfigurationRules

  • CreateCloudEventRule

  • CreateComputeGroupTagsSet

  • CreateConnector

  • CreateControl

  • CreateCustomIPRange

  • CreateDashboard

  • CreateDashboardWidget

  • CreateDataClassifier

  • CreateDigitalTrustCustomDomain

  • CreateFileIntegrityMonitoringExclusion

  • CreateHostConfigurationAssessmentNote

  • CreateHostConfigurationRule

  • CreateIgnoreRule

  • CreateImageIntegrityValidator

  • CreateIntegration

  • CreateIssueNote

  • CreateMalwareExclusion

  • CreateMonitoredMetric

  • CreateOutpost

  • CreateOutpostCluster

  • CreatePolicyPackage

  • CreatePortalView

  • CreateProject

  • CreateRemediationAndResponseDeployment

  • CreateRemediationPullRequest

  • CreateReport

  • CreateRuntimeResponsePolicy

  • CreateSAMLIdentityProvider

  • CreateSAMLUser

  • CreateSavedCloudEventFilter

  • CreateSavedGraphQuery

  • CreateScannerAPIRateLimit

  • CreateSecurityFramework

  • CreateServiceAccount

  • CreateSupportTicket

  • CreateTestNode

  • CreateUser

  • CreateUserRole

  • CreateVulnerabilityFindingNote

  • DeleteActionTemplate

  • DeleteApplicationServiceDiscoveryRule

  • DeleteAutomationRule

  • DeleteCICDScan

  • DeleteCICDScanPolicy

  • DeleteCloudConfigurationFindingNote

  • DeleteCloudConfigurationRule

  • DeleteCloudEventRule

  • DeleteComputeGroupTagsSet

  • DeleteConnector

  • DeleteControl

  • DeleteCustomIPRange

  • DeleteDashboard

  • DeleteDashboardWidget

  • DeleteDataClassifier

  • DeleteDigitalTrustCustomDomain

  • DeleteFileIntegrityMonitoringExclusion

  • DeleteHostConfigurationAssessmentNote

  • DeleteHostConfigurationRule

  • DeleteIgnoreRule

  • DeleteImageIntegrityValidator

  • DeleteIntegration

  • DeleteIssueNote

  • DeleteMalwareExclusion

  • DeleteMonitoredMetric

  • DeleteOutpost

  • DeleteOutpostCluster

  • DeletePolicyPackage

  • DeletePortalView

  • DeleteProject

  • DeleteRemediationAndResponseDeployment

  • DeleteReport

  • DeleteRuntimeResponsePolicy

  • DeleteSAMLIdentityProvider

  • DeleteSavedCloudEventFilter

  • DeleteSavedGraphQuery

  • DeleteScannerAPIRateLimit

  • DeleteSecurityFramework

  • DeleteSecurityScan

  • DeleteServiceAccount

  • DeleteTestNode

  • DeleteUser

  • DeleteUserRole

  • DeleteVulnerabilityFindingNote

  • DisassociateServiceTicket

  • DuplicateDashboard

  • DuplicateDataClassifier

  • DuplicateHostConfigurationRule

  • DuplicateSecurityFramework

  • DuplicateUserRole

  • FinalizeCICDScan

  • FinalizeCICDScanTelemetry

  • GenerateWizContainerRegistryToken

  • GraphSearch

  • InitiateCICDScanTelemetry

  • InitiateDiskScanContainerImage

  • InitiateDiskScanDirectory

  • InitiateDiskScanVirtualMachine

  • InitiateDiskScanVirtualMachineImage

  • InitiateIACScan

  • InvokeOutpostClusterUpdate

  • LegalConsent

  • MergeDiscoveredApplicationService

  • MigrateUsers

  • ModifySAMLIdentityProviderGroupMappings

  • ModifySAMLIdentityProviderPortalView...

  • PromoteDiscoveredApplicationService

  • ProvideAiFeedback

  • ProvideAiGraphQueryExample

  • ProvideAiGraphQueryFeedback

  • ProvideIssueFeedback

  • ReassessIssue

  • RefreshResponseActions

  • RegisterAgent

  • ReportIDEActivityHeartbeat

  • ReportIDEAnalytics

  • RequestConnectorEntityScan

  • RequestConnectorScan

  • RerunReport

  • ResetUserPassword

  • RevokeSessions

  • RevokeUserSessions

  • RotateServiceAccountSecret

  • RunAllControls

  • RunCloudConfigurationRule

  • RunControl

  • RunControlsIntegrationAction

  • RunIssuesIntegrationAction

  • RunOutpostClusterUpdate

  • RunResponseAction

  • SAMLUserInitialProvision

  • SendUserEmailInvite

  • TagCICDScan

  • TokenDeviceRefresh

  • TokenRefresh

  • UninstallOutpost

  • UpdateAiSettings

  • UpdateApplicationServiceDiscoveryRule

  • UpdateAutomationRule

  • UpdateBasicAuthSettings

  • UpdateCICDScanPolicy

  • UpdateChampionCenterJourneyItem

  • UpdateCloudConfigurationFinding

  • UpdateCloudConfigurationRule

  • UpdateCloudConfigurationRules

  • UpdateCloudCostSettings

  • UpdateCloudEventRule

  • UpdateCloudEventRules

  • UpdateCloudEventSettings

  • UpdateComputeGroupTagsSet

  • UpdateConnector

  • UpdateContainerRegistryCustomScannin...

  • UpdateContainerRegistryGlobalScannin...

  • UpdateControl

  • UpdateControls

  • UpdateCopyResourceForensicsSettings

  • UpdateCustomIPRange

  • UpdateCustomIPRangesSettings

  • UpdateCustomUserRolesSettings

  • UpdateDashboard

  • UpdateDashboardSettings

  • UpdateDashboardWidget

  • UpdateDataClassifier

  • UpdateDataFinding

  • UpdateDataScannerSettings

  • UpdateDigitalTrustCustomDomain

  • UpdateDigitalTrustDashboardSettings

  • UpdateDigitalTrustSAMLIdentityProvider

  • UpdateDiscoveredApplicationServices

  • UpdateEventTriggeredScanningSettings

  • UpdateExternalExposureScannerSettings

  • UpdateExternalExposureSettings

  • UpdateFileIntegrityMonitoringExclusion

  • UpdateFileIntegrityMonitoringSettings

  • UpdateForensicsPackageSettings

  • UpdateGraphEntity

  • UpdateHostConfigurationRule

  • UpdateHostConfigurationRuleAssessment

  • UpdateHostConfigurationRules

  • UpdateIPRestrictions

  • UpdateIgnoreRule

  • UpdateImageIntegrityValidator

  • UpdateIntegration

  • UpdateInternalExposureSettings

  • UpdateIssue

  • UpdateIssueNote

  • UpdateIssueSettings

  • UpdateIssues

  • UpdateKubernetesGlobalScanningConfig...

  • UpdateLoginSettings

  • UpdateMalwareExclusion

  • UpdateMonitoredMetric

  • UpdateMonitoredMetricSettings

  • UpdateNode

  • UpdateNonOSDiskScanningSettings

  • UpdateNotificationSettings

  • UpdateOutpost

  • UpdateOutpostCluster

  • UpdatePolicyPackage

  • UpdatePortalInactivityTimeoutSettings

  • UpdatePortalSettings

  • UpdatePortalView

  • UpdatePreviewHubItem

  • UpdateProject

  • UpdateRemediationAndResponseDeployment

  • UpdateReport

  • UpdateReportSettings

  • UpdateRepositorySettings

  • UpdateResponseAction

  • UpdateResponseActions

  • UpdateRuntimeResponsePolicy

  • UpdateSAMLIdentityProvider

  • UpdateSavedCloudEventFilter

  • UpdateSavedGraphQuery

  • UpdateScannerAPIRateLimit

  • UpdateScannerExclusionSettingsConstr...

  • UpdateScannerExclusionSettingsTimeLi...

  • UpdateScannerExclusionSizeLimits

  • UpdateScannerExclusionTags

  • UpdateScannerResourceTagSettings

  • UpdateScannerResourceTags

  • UpdateScannerSettings

  • UpdateSecretInstance

  • UpdateSecurityFramework

  • UpdateSecurityScan

  • UpdateServiceAccount

  • UpdateSessionLifetimeSettings

  • UpdateSupportContactList

  • UpdateSystemHealthIssue

  • UpdateSystemHealthIssues

  • UpdateTechnology

  • UpdateTenantNewsletterSettings

  • UpdateUIUserPreferences

  • UpdateUser

  • UpdateUserRole

  • UpdateUserSelectedPortalView

  • UpdateVersionControlOrganizationSett...

  • UpdateVersionControlRepositorySettings

  • UpdateViewerPreferences

  • UpdateVulnerability

  • UpdateVulnerabilityAssessmentSettings

  • UpdateVulnerabilityFinding

  • UpdateVulnerabilityFindingStatus

  • UpsertAgentTelemetry