本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
WIZ CNAPP 的來源組態
與 Wiz CNAPP 整合
Wiz 是一種雲端原生應用程式保護平台 (CNAPP),可在多雲端環境中提供全面的可見性和安全性。CloudWatch Pipeline 使用 Wiz GraphQL API 從您的雲端基礎設施擷取有關安全狀態、漏洞、錯誤設定、威脅和稽核活動的資訊。Wiz GraphQL API 可透過靈活的 GraphQL 查詢存取安全資料,允許從 Wiz 平台擷取稽核日誌、問題、漏洞問題清單、組態問題清單和偵測。
使用 Wiz CNAPP 驗證
若要讀取 Wiz Cnapp 稽核日誌,管道需要向您的帳戶進行身分驗證。外掛程式支援 OAuth2 身分驗證。請依照這些指示開始使用。
-
在 Wiz 中建立具有適當許可的服務帳戶。您必須以具有服務帳戶寫入 (W) 許可的 Wiz 使用者身分登入。
-
設定服務帳戶並取得新建立的用戶端 ID 和用戶端秘密。
-
在 AWS Secrets Manager 中,建立秘密,並將應用程式 (用戶端) ID 存放在金鑰 下,
client_id並將用戶端秘密存放在金鑰 下client_secret。 -
為您的服務帳戶設定 API 許可 (範圍)。
必要範圍:
read:issues、read:detections、read:cloud_events_cloud、read:cloud_events_sensor、read:security_scans、read:vulnerabilities、read:cloud_configuration、admin:audit -
識別您的 GraphQL API 端點:在 Wiz 入口網站中尋找您的特定端點檢查租用戶資訊。Wiz GraphQL API 端點為
https://api.<region>.app.wiz.io/graphql,其中<region>對應於 Wiz 租用戶的資料中心 (例如 us1、us2、eu1、eu2)。
設定 CloudWatch 管道
設定管道從 Wiz 讀取稽核日誌時,請選擇 Wiz CNAPP 作為資料來源。填寫必要資訊,例如 區域。建立管道後,資料將可在選取的 CloudWatch Logs 日誌群組中使用。
支援的開放式網路安全結構描述架構事件類別
此整合支援 OCSF 結構描述版本 v1.5.0 和對應至偵測調查結果 (2004)、漏洞調查結果 (2002)、合規調查結果 (2003)、身分驗證 (3002) 和 API 活動 (6003) 的事件。
Detection Finding 包含來自下列來源的所有事件:
問題
偵測
漏洞調查結果包含來自下列來源的所有事件:
漏洞調查結果
合規調查結果包含來自下列來源的所有事件:
雲端組態調查結果
身分驗證包含來自下列來源和指定動作的事件:
稽核日誌
DeviceLogin
登入
API 活動包含來自下列來源和指定動作的事件:
稽核日誌
AddSecurityScan
AddSupportTicketContext
AiAssistantSendMessage
ApproveCopyResourceForensicsSettings...
AssociateServiceTicket
CancelReportRun
ClearUIUserPreferences
CompleteAuthMigration
ConvertGitHubAppRegistrationCode
CopyResourceForensicsToExternalAccount
CreateActionTemplate
CreateApplicationServiceDiscoveryRule
CreateAutomationRule
CreateCICDScanPolicy
CreateCloudConfigurationFindingNote
CreateCloudConfigurationRule
CreateCloudConfigurationRules
CreateCloudEventRule
CreateComputeGroupTagsSet
CreateConnector
CreateControl
CreateCustomIPRange
CreateDashboard
CreateDashboardWidget
CreateDataClassifier
CreateDigitalTrustCustomDomain
CreateFileIntegrityMonitoringExclusion
CreateHostConfigurationAssessmentNote
CreateHostConfigurationRule
CreateIgnoreRule
CreateImageIntegrityValidator
CreateIntegration
CreateIssueNote
CreateMalwareExclusion
CreateMonitoredMetric
CreateOutpost
CreateOutpostCluster
CreatePolicyPackage
CreatePortalView
CreateProject
CreateRemediationAndResponseDeployment
CreateRemediationPullRequest
CreateReport
CreateRuntimeResponsePolicy
CreateSAMLIdentityProvider
CreateSAMLUser
CreateSavedCloudEventFilter
CreateSavedGraphQuery
CreateScannerAPIRateLimit
CreateSecurityFramework
CreateServiceAccount
CreateSupportTicket
CreateTestNode
CreateUser
CreateUserRole
CreateVulnerabilityFindingNote
DeleteActionTemplate
DeleteApplicationServiceDiscoveryRule
DeleteAutomationRule
DeleteCICDScan
DeleteCICDScanPolicy
DeleteCloudConfigurationFindingNote
DeleteCloudConfigurationRule
DeleteCloudEventRule
DeleteComputeGroupTagsSet
DeleteConnector
DeleteControl
DeleteCustomIPRange
DeleteDashboard
DeleteDashboardWidget
DeleteDataClassifier
DeleteDigitalTrustCustomDomain
DeleteFileIntegrityMonitoringExclusion
DeleteHostConfigurationAssessmentNote
DeleteHostConfigurationRule
DeleteIgnoreRule
DeleteImageIntegrityValidator
DeleteIntegration
DeleteIssueNote
DeleteMalwareExclusion
DeleteMonitoredMetric
DeleteOutpost
DeleteOutpostCluster
DeletePolicyPackage
DeletePortalView
DeleteProject
DeleteRemediationAndResponseDeployment
DeleteReport
DeleteRuntimeResponsePolicy
DeleteSAMLIdentityProvider
DeleteSavedCloudEventFilter
DeleteSavedGraphQuery
DeleteScannerAPIRateLimit
DeleteSecurityFramework
DeleteSecurityScan
DeleteServiceAccount
DeleteTestNode
DeleteUser
DeleteUserRole
DeleteVulnerabilityFindingNote
DisassociateServiceTicket
DuplicateDashboard
DuplicateDataClassifier
DuplicateHostConfigurationRule
DuplicateSecurityFramework
DuplicateUserRole
FinalizeCICDScan
FinalizeCICDScanTelemetry
GenerateWizContainerRegistryToken
GraphSearch
InitiateCICDScanTelemetry
InitiateDiskScanContainerImage
InitiateDiskScanDirectory
InitiateDiskScanVirtualMachine
InitiateDiskScanVirtualMachineImage
InitiateIACScan
InvokeOutpostClusterUpdate
LegalConsent
MergeDiscoveredApplicationService
MigrateUsers
ModifySAMLIdentityProviderGroupMappings
ModifySAMLIdentityProviderPortalView...
PromoteDiscoveredApplicationService
ProvideAiFeedback
ProvideAiGraphQueryExample
ProvideAiGraphQueryFeedback
ProvideIssueFeedback
ReassessIssue
RefreshResponseActions
RegisterAgent
ReportIDEActivityHeartbeat
ReportIDEAnalytics
RequestConnectorEntityScan
RequestConnectorScan
RerunReport
ResetUserPassword
RevokeSessions
RevokeUserSessions
RotateServiceAccountSecret
RunAllControls
RunCloudConfigurationRule
RunControl
RunControlsIntegrationAction
RunIssuesIntegrationAction
RunOutpostClusterUpdate
RunResponseAction
SAMLUserInitialProvision
SendUserEmailInvite
TagCICDScan
TokenDeviceRefresh
TokenRefresh
UninstallOutpost
UpdateAiSettings
UpdateApplicationServiceDiscoveryRule
UpdateAutomationRule
UpdateBasicAuthSettings
UpdateCICDScanPolicy
UpdateChampionCenterJourneyItem
UpdateCloudConfigurationFinding
UpdateCloudConfigurationRule
UpdateCloudConfigurationRules
UpdateCloudCostSettings
UpdateCloudEventRule
UpdateCloudEventRules
UpdateCloudEventSettings
UpdateComputeGroupTagsSet
UpdateConnector
UpdateContainerRegistryCustomScannin...
UpdateContainerRegistryGlobalScannin...
UpdateControl
UpdateControls
UpdateCopyResourceForensicsSettings
UpdateCustomIPRange
UpdateCustomIPRangesSettings
UpdateCustomUserRolesSettings
UpdateDashboard
UpdateDashboardSettings
UpdateDashboardWidget
UpdateDataClassifier
UpdateDataFinding
UpdateDataScannerSettings
UpdateDigitalTrustCustomDomain
UpdateDigitalTrustDashboardSettings
UpdateDigitalTrustSAMLIdentityProvider
UpdateDiscoveredApplicationServices
UpdateEventTriggeredScanningSettings
UpdateExternalExposureScannerSettings
UpdateExternalExposureSettings
UpdateFileIntegrityMonitoringExclusion
UpdateFileIntegrityMonitoringSettings
UpdateForensicsPackageSettings
UpdateGraphEntity
UpdateHostConfigurationRule
UpdateHostConfigurationRuleAssessment
UpdateHostConfigurationRules
UpdateIPRestrictions
UpdateIgnoreRule
UpdateImageIntegrityValidator
UpdateIntegration
UpdateInternalExposureSettings
UpdateIssue
UpdateIssueNote
UpdateIssueSettings
UpdateIssues
UpdateKubernetesGlobalScanningConfig...
UpdateLoginSettings
UpdateMalwareExclusion
UpdateMonitoredMetric
UpdateMonitoredMetricSettings
UpdateNode
UpdateNonOSDiskScanningSettings
UpdateNotificationSettings
UpdateOutpost
UpdateOutpostCluster
UpdatePolicyPackage
UpdatePortalInactivityTimeoutSettings
UpdatePortalSettings
UpdatePortalView
UpdatePreviewHubItem
UpdateProject
UpdateRemediationAndResponseDeployment
UpdateReport
UpdateReportSettings
UpdateRepositorySettings
UpdateResponseAction
UpdateResponseActions
UpdateRuntimeResponsePolicy
UpdateSAMLIdentityProvider
UpdateSavedCloudEventFilter
UpdateSavedGraphQuery
UpdateScannerAPIRateLimit
UpdateScannerExclusionSettingsConstr...
UpdateScannerExclusionSettingsTimeLi...
UpdateScannerExclusionSizeLimits
UpdateScannerExclusionTags
UpdateScannerResourceTagSettings
UpdateScannerResourceTags
UpdateScannerSettings
UpdateSecretInstance
UpdateSecurityFramework
UpdateSecurityScan
UpdateServiceAccount
UpdateSessionLifetimeSettings
UpdateSupportContactList
UpdateSystemHealthIssue
UpdateSystemHealthIssues
UpdateTechnology
UpdateTenantNewsletterSettings
UpdateUIUserPreferences
UpdateUser
UpdateUserRole
UpdateUserSelectedPortalView
UpdateVersionControlOrganizationSett...
UpdateVersionControlRepositorySettings
UpdateViewerPreferences
UpdateVulnerability
UpdateVulnerabilityAssessmentSettings
UpdateVulnerabilityFinding
UpdateVulnerabilityFindingStatus
UpsertAgentTelemetry
