@rawdash/connector-wiz 0.26.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +144 -0
- package/dist/index.d.ts +474 -0
- package/dist/index.js +727 -0
- package/dist/index.js.map +1 -0
- package/package.json +43 -0
package/README.md
ADDED
|
@@ -0,0 +1,144 @@
|
|
|
1
|
+
<!-- This file is generated from connector metadata by scripts/generate-connector-docs.ts. Do not edit by hand. -->
|
|
2
|
+
|
|
3
|
+
# @rawdash/connector-wiz
|
|
4
|
+
|
|
5
|
+
[](https://www.npmjs.com/package/@rawdash/connector-wiz)
|
|
6
|
+
[](https://github.com/rawdash/rawdash/blob/main/LICENSE)
|
|
7
|
+
|
|
8
|
+
Sync cloud-security issues, issue lifecycle events, and vulnerability findings from a Wiz tenant for open-critical, MTTR, and posture dashboards.
|
|
9
|
+
|
|
10
|
+
## Install
|
|
11
|
+
|
|
12
|
+
```sh
|
|
13
|
+
npm install @rawdash/connector-wiz
|
|
14
|
+
```
|
|
15
|
+
|
|
16
|
+
## Authentication
|
|
17
|
+
|
|
18
|
+
OAuth 2.0 client-credentials flow against a Wiz service account. The connector mints an access token, refreshes it on expiry, and sends it as a Bearer header on every GraphQL request.
|
|
19
|
+
|
|
20
|
+
1. In the Wiz portal, open Settings -> Service Accounts and create a new service account.
|
|
21
|
+
2. Grant it the read scopes for the resources you intend to sync (typically read:issues and read:vulnerabilities).
|
|
22
|
+
3. Copy the Client ID, Client Secret, and Token Endpoint shown on the service-account page.
|
|
23
|
+
4. Copy the GraphQL API endpoint shown on the same page (e.g. "https://api.us1.app.wiz.io/graphql"); the region segment is tenant-specific.
|
|
24
|
+
5. Store the client secret as a rawdash secret and reference it from the connector config as `clientSecret: secret("WIZ_CLIENT_SECRET")`.
|
|
25
|
+
|
|
26
|
+
## Configuration
|
|
27
|
+
|
|
28
|
+
| Field | Type | Required | Description |
|
|
29
|
+
| --------------- | ------ | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
|
30
|
+
| `apiEndpoint` | string | Yes | Tenant-specific Wiz GraphQL endpoint shown on the Wiz service-account page (e.g. "https://api.us1.app.wiz.io/graphql"). The region segment changes per data residency. |
|
|
31
|
+
| `clientId` | string | Yes | Client ID of the Wiz service account authorized for the API. |
|
|
32
|
+
| `clientSecret` | secret | Yes | Client secret of the Wiz service account. Stored as a secret. |
|
|
33
|
+
| `tokenEndpoint` | string | No | Override the OAuth 2.0 token endpoint. Defaults to https://auth.app.wiz.io/oauth/token; use the gov / fed equivalent for non-commercial deployments. |
|
|
34
|
+
| `audience` | string | No | OAuth audience claim requested when minting the access token. Defaults to "wiz-api"; some legacy tenants require "beyond-api". |
|
|
35
|
+
| `resources` | array | No | Which Wiz resources to sync. Omit to sync all of them. The issues and issue_events resources share the same underlying GraphQL query. |
|
|
36
|
+
|
|
37
|
+
## Resources
|
|
38
|
+
|
|
39
|
+
- **`wiz_issue`** _(entity)_ - Wiz issues (cloud-configuration, toxic-combination, and threat-detection findings) keyed by issue id, with severity, status, the offending entity snapshot, and lifecycle timestamps.
|
|
40
|
+
- Endpoint: `GraphQL query: issues { nodes { ... } }`
|
|
41
|
+
- Paginated via the GraphQL connection cursor; incremental syncs filter on updatedAt.after and stop once a page is entirely older than options.since.
|
|
42
|
+
- `severity`: CRITICAL, HIGH, MEDIUM, LOW, or INFORMATIONAL.
|
|
43
|
+
- `status`: OPEN, IN_PROGRESS, RESOLVED, REJECTED.
|
|
44
|
+
- `issueType`: Issue category (e.g. CLOUD_CONFIGURATION, TOXIC_COMBINATION).
|
|
45
|
+
- `ruleName`: Name of the source rule that produced the issue.
|
|
46
|
+
- `resourceName`: Name of the cloud resource the issue applies to.
|
|
47
|
+
- `resourceType`: Type of the cloud resource (e.g. EC2_INSTANCE, S3_BUCKET).
|
|
48
|
+
- `cloudProvider`: AWS, GCP, AZURE, etc.
|
|
49
|
+
- `createdAt`: When Wiz first opened the issue (Unix ms).
|
|
50
|
+
- `resolvedAt`: When the issue was resolved (Unix ms; null if open).
|
|
51
|
+
- `dueAt`: Remediation due date as configured by SLA (Unix ms).
|
|
52
|
+
- **`wiz_issue_event`** _(event)_ - Issue lifecycle events derived from each Wiz issue: one event at createdAt (kind="opened") and, when present, one at resolvedAt (kind="resolved"). Used to build open-rate, resolution-rate, and MTTR widgets.
|
|
53
|
+
- Endpoint: `GraphQL query: issues { nodes { ... } } (derived)`
|
|
54
|
+
- Events are derived from the same issues GraphQL query; enabling issue_events without issues still triggers the query but skips the entity write.
|
|
55
|
+
- `kind`: "opened" or "resolved".
|
|
56
|
+
- `issueId`: The Wiz issue id this lifecycle event belongs to.
|
|
57
|
+
- `severity`: Severity of the originating issue at sync time.
|
|
58
|
+
- `cloudProvider`: Cloud provider of the affected resource.
|
|
59
|
+
- **`wiz_vulnerability`** _(entity)_ - Wiz vulnerability findings keyed by finding id, with CVE id, severity, status, first / last detection timestamps, and the affected asset.
|
|
60
|
+
- Endpoint: `GraphQL query: vulnerabilityFindings { nodes { ... } }`
|
|
61
|
+
- Paginated via the GraphQL connection cursor; incremental syncs filter on lastDetectedAt.after.
|
|
62
|
+
- `severity`: CRITICAL, HIGH, MEDIUM, LOW, or INFORMATIONAL.
|
|
63
|
+
- `status`: OPEN, RESOLVED, IGNORED, IN_PROGRESS.
|
|
64
|
+
- `name`: Vulnerability name as reported by Wiz.
|
|
65
|
+
- `cve`: Vulnerability external id, typically a CVE identifier.
|
|
66
|
+
- `assetName`: Name of the affected asset.
|
|
67
|
+
- `assetType`: Type of the affected asset.
|
|
68
|
+
- `cloudPlatform`: Cloud platform hosting the affected asset.
|
|
69
|
+
- `firstDetectedAt`: When the vulnerability was first detected (Unix ms).
|
|
70
|
+
- `lastDetectedAt`: When the vulnerability was last detected (Unix ms).
|
|
71
|
+
- `resolvedAt`: When the vulnerability was resolved (Unix ms; null if open).
|
|
72
|
+
|
|
73
|
+
## Example
|
|
74
|
+
|
|
75
|
+
```ts
|
|
76
|
+
import {
|
|
77
|
+
defineConfig,
|
|
78
|
+
defineDashboard,
|
|
79
|
+
defineMetric,
|
|
80
|
+
secret,
|
|
81
|
+
} from '@rawdash/core';
|
|
82
|
+
|
|
83
|
+
const wiz = {
|
|
84
|
+
name: 'wiz',
|
|
85
|
+
connectorId: 'wiz',
|
|
86
|
+
config: {
|
|
87
|
+
apiEndpoint: 'https://api.us1.app.wiz.io/graphql',
|
|
88
|
+
clientId: 'aaaa-bbbb-cccc-dddd',
|
|
89
|
+
clientSecret: secret('WIZ_CLIENT_SECRET'),
|
|
90
|
+
},
|
|
91
|
+
};
|
|
92
|
+
|
|
93
|
+
export default defineConfig({
|
|
94
|
+
connectors: [wiz],
|
|
95
|
+
dashboards: {
|
|
96
|
+
security: defineDashboard({
|
|
97
|
+
widgets: {
|
|
98
|
+
open_criticals: {
|
|
99
|
+
kind: 'stat',
|
|
100
|
+
title: 'Open critical issues',
|
|
101
|
+
metric: defineMetric({
|
|
102
|
+
connector: wiz,
|
|
103
|
+
shape: 'entity',
|
|
104
|
+
entityType: 'wiz_issue',
|
|
105
|
+
fn: 'count',
|
|
106
|
+
filter: [
|
|
107
|
+
{ field: 'status', op: 'eq', value: 'OPEN' },
|
|
108
|
+
{ field: 'severity', op: 'eq', value: 'CRITICAL' },
|
|
109
|
+
],
|
|
110
|
+
}),
|
|
111
|
+
},
|
|
112
|
+
resolved_per_day: {
|
|
113
|
+
kind: 'timeseries',
|
|
114
|
+
title: 'Issues resolved per day',
|
|
115
|
+
window: '30d',
|
|
116
|
+
metric: defineMetric({
|
|
117
|
+
connector: wiz,
|
|
118
|
+
shape: 'event',
|
|
119
|
+
name: 'wiz_issue_event',
|
|
120
|
+
fn: 'count',
|
|
121
|
+
filter: [{ field: 'kind', op: 'eq', value: 'resolved' }],
|
|
122
|
+
}),
|
|
123
|
+
},
|
|
124
|
+
},
|
|
125
|
+
}),
|
|
126
|
+
},
|
|
127
|
+
});
|
|
128
|
+
```
|
|
129
|
+
|
|
130
|
+
## Limitations
|
|
131
|
+
|
|
132
|
+
- Issue lifecycle events are derived from each issue's createdAt / resolvedAt timestamps, not from a dedicated audit-log endpoint, so administrative reopen / re-resolve transitions inside the same sync window are collapsed to the latest state.
|
|
133
|
+
- Service-account auth only; per-user OAuth is out of scope.
|
|
134
|
+
- Cloud-configuration and threat-detection issues are returned by the same /issues query and are not segmented at the connector layer; filter on the `issueType` attribute downstream.
|
|
135
|
+
|
|
136
|
+
## Links
|
|
137
|
+
|
|
138
|
+
- [Rawdash docs](https://rawdash.dev/docs/connectors)
|
|
139
|
+
- [Wiz API docs](https://win.wiz.io/reference/welcome)
|
|
140
|
+
- [GitHub](https://github.com/rawdash/rawdash)
|
|
141
|
+
|
|
142
|
+
## License
|
|
143
|
+
|
|
144
|
+
Apache-2.0
|
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,474 @@
|
|
|
1
|
+
import { BaseConnector, ConnectorContext, SyncOptions, StorageHandle, SyncResult, ConnectorDoc } from '@rawdash/core';
|
|
2
|
+
import { z } from 'zod';
|
|
3
|
+
|
|
4
|
+
declare const configFields: z.ZodObject<{
|
|
5
|
+
apiEndpoint: z.ZodString;
|
|
6
|
+
clientId: z.ZodString;
|
|
7
|
+
clientSecret: z.ZodObject<{
|
|
8
|
+
$secret: z.ZodString;
|
|
9
|
+
}, z.core.$strip>;
|
|
10
|
+
tokenEndpoint: z.ZodOptional<z.ZodString>;
|
|
11
|
+
audience: z.ZodOptional<z.ZodString>;
|
|
12
|
+
resources: z.ZodOptional<z.ZodArray<z.ZodEnum<{
|
|
13
|
+
issues: "issues";
|
|
14
|
+
issue_events: "issue_events";
|
|
15
|
+
vulnerabilities: "vulnerabilities";
|
|
16
|
+
}>>>;
|
|
17
|
+
}, z.core.$strip>;
|
|
18
|
+
declare const doc: ConnectorDoc;
|
|
19
|
+
type WizResource = 'issues' | 'issue_events' | 'vulnerabilities';
|
|
20
|
+
interface WizSettings {
|
|
21
|
+
apiEndpoint: string;
|
|
22
|
+
tokenEndpoint?: string;
|
|
23
|
+
audience?: string;
|
|
24
|
+
resources?: readonly WizResource[];
|
|
25
|
+
}
|
|
26
|
+
declare const wizCredentials: {
|
|
27
|
+
clientId: {
|
|
28
|
+
description: string;
|
|
29
|
+
auth: "required";
|
|
30
|
+
};
|
|
31
|
+
clientSecret: {
|
|
32
|
+
description: string;
|
|
33
|
+
auth: "required";
|
|
34
|
+
};
|
|
35
|
+
};
|
|
36
|
+
type WizCredentials = typeof wizCredentials;
|
|
37
|
+
declare const wizResources: {
|
|
38
|
+
readonly wiz_issue: {
|
|
39
|
+
readonly shape: "entity";
|
|
40
|
+
readonly filterable: [{
|
|
41
|
+
readonly field: "severity";
|
|
42
|
+
readonly ops: ["eq"];
|
|
43
|
+
readonly values: ["CRITICAL", "HIGH", "MEDIUM", "LOW", "INFORMATIONAL"];
|
|
44
|
+
}, {
|
|
45
|
+
readonly field: "status";
|
|
46
|
+
readonly ops: ["eq"];
|
|
47
|
+
readonly values: ["OPEN", "IN_PROGRESS", "RESOLVED", "REJECTED"];
|
|
48
|
+
}, {
|
|
49
|
+
readonly field: "cloudProvider";
|
|
50
|
+
readonly ops: ["eq"];
|
|
51
|
+
}, {
|
|
52
|
+
readonly field: "resourceType";
|
|
53
|
+
readonly ops: ["eq"];
|
|
54
|
+
}];
|
|
55
|
+
readonly description: "Wiz issues (cloud-configuration, toxic-combination, and threat-detection findings) keyed by issue id, with severity, status, the offending entity snapshot, and lifecycle timestamps.";
|
|
56
|
+
readonly endpoint: "GraphQL query: issues { nodes { ... } }";
|
|
57
|
+
readonly notes: "Paginated via the GraphQL connection cursor; incremental syncs filter on updatedAt.after and stop once a page is entirely older than options.since.";
|
|
58
|
+
readonly fields: [{
|
|
59
|
+
readonly name: "severity";
|
|
60
|
+
readonly description: "CRITICAL, HIGH, MEDIUM, LOW, or INFORMATIONAL.";
|
|
61
|
+
}, {
|
|
62
|
+
readonly name: "status";
|
|
63
|
+
readonly description: "OPEN, IN_PROGRESS, RESOLVED, REJECTED.";
|
|
64
|
+
}, {
|
|
65
|
+
readonly name: "issueType";
|
|
66
|
+
readonly description: "Issue category (e.g. CLOUD_CONFIGURATION, TOXIC_COMBINATION).";
|
|
67
|
+
}, {
|
|
68
|
+
readonly name: "ruleName";
|
|
69
|
+
readonly description: "Name of the source rule that produced the issue.";
|
|
70
|
+
}, {
|
|
71
|
+
readonly name: "resourceName";
|
|
72
|
+
readonly description: "Name of the cloud resource the issue applies to.";
|
|
73
|
+
}, {
|
|
74
|
+
readonly name: "resourceType";
|
|
75
|
+
readonly description: "Type of the cloud resource (e.g. EC2_INSTANCE, S3_BUCKET).";
|
|
76
|
+
}, {
|
|
77
|
+
readonly name: "cloudProvider";
|
|
78
|
+
readonly description: "AWS, GCP, AZURE, etc.";
|
|
79
|
+
}, {
|
|
80
|
+
readonly name: "createdAt";
|
|
81
|
+
readonly description: "When Wiz first opened the issue (Unix ms).";
|
|
82
|
+
}, {
|
|
83
|
+
readonly name: "resolvedAt";
|
|
84
|
+
readonly description: "When the issue was resolved (Unix ms; null if open).";
|
|
85
|
+
}, {
|
|
86
|
+
readonly name: "dueAt";
|
|
87
|
+
readonly description: "Remediation due date as configured by SLA (Unix ms).";
|
|
88
|
+
}];
|
|
89
|
+
readonly responses: {
|
|
90
|
+
readonly oauth_token: z.ZodObject<{
|
|
91
|
+
access_token: z.ZodString;
|
|
92
|
+
token_type: z.ZodOptional<z.ZodString>;
|
|
93
|
+
expires_in: z.ZodOptional<z.ZodNumber>;
|
|
94
|
+
}, z.core.$strip>;
|
|
95
|
+
readonly issues: z.ZodArray<z.ZodObject<{
|
|
96
|
+
id: z.ZodString;
|
|
97
|
+
severity: z.ZodString;
|
|
98
|
+
status: z.ZodString;
|
|
99
|
+
type: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
100
|
+
resolutionReason: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
101
|
+
createdAt: z.ZodString;
|
|
102
|
+
updatedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
103
|
+
resolvedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
104
|
+
dueAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
105
|
+
sourceRule: z.ZodOptional<z.ZodNullable<z.ZodObject<{
|
|
106
|
+
id: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
107
|
+
name: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
108
|
+
}, z.core.$strip>>>;
|
|
109
|
+
entitySnapshot: z.ZodOptional<z.ZodNullable<z.ZodObject<{
|
|
110
|
+
id: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
111
|
+
name: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
112
|
+
type: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
113
|
+
cloudProvider: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
114
|
+
externalId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
115
|
+
}, z.core.$strip>>>;
|
|
116
|
+
}, z.core.$strip>>;
|
|
117
|
+
};
|
|
118
|
+
};
|
|
119
|
+
readonly wiz_issue_event: {
|
|
120
|
+
readonly shape: "event";
|
|
121
|
+
readonly filterable: [{
|
|
122
|
+
readonly field: "kind";
|
|
123
|
+
readonly ops: ["eq"];
|
|
124
|
+
readonly values: ["opened", "resolved"];
|
|
125
|
+
}, {
|
|
126
|
+
readonly field: "severity";
|
|
127
|
+
readonly ops: ["eq"];
|
|
128
|
+
readonly values: ["CRITICAL", "HIGH", "MEDIUM", "LOW", "INFORMATIONAL"];
|
|
129
|
+
}];
|
|
130
|
+
readonly description: "Issue lifecycle events derived from each Wiz issue: one event at createdAt (kind=\"opened\") and, when present, one at resolvedAt (kind=\"resolved\"). Used to build open-rate, resolution-rate, and MTTR widgets.";
|
|
131
|
+
readonly endpoint: "GraphQL query: issues { nodes { ... } } (derived)";
|
|
132
|
+
readonly notes: "Events are derived from the same issues GraphQL query; enabling issue_events without issues still triggers the query but skips the entity write.";
|
|
133
|
+
readonly fields: [{
|
|
134
|
+
readonly name: "kind";
|
|
135
|
+
readonly description: "\"opened\" or \"resolved\".";
|
|
136
|
+
}, {
|
|
137
|
+
readonly name: "issueId";
|
|
138
|
+
readonly description: "The Wiz issue id this lifecycle event belongs to.";
|
|
139
|
+
}, {
|
|
140
|
+
readonly name: "severity";
|
|
141
|
+
readonly description: "Severity of the originating issue at sync time.";
|
|
142
|
+
}, {
|
|
143
|
+
readonly name: "cloudProvider";
|
|
144
|
+
readonly description: "Cloud provider of the affected resource.";
|
|
145
|
+
}];
|
|
146
|
+
};
|
|
147
|
+
readonly wiz_vulnerability: {
|
|
148
|
+
readonly shape: "entity";
|
|
149
|
+
readonly filterable: [{
|
|
150
|
+
readonly field: "severity";
|
|
151
|
+
readonly ops: ["eq"];
|
|
152
|
+
readonly values: ["CRITICAL", "HIGH", "MEDIUM", "LOW", "INFORMATIONAL"];
|
|
153
|
+
}, {
|
|
154
|
+
readonly field: "status";
|
|
155
|
+
readonly ops: ["eq"];
|
|
156
|
+
readonly values: ["OPEN", "RESOLVED", "IGNORED", "IN_PROGRESS"];
|
|
157
|
+
}, {
|
|
158
|
+
readonly field: "cloudPlatform";
|
|
159
|
+
readonly ops: ["eq"];
|
|
160
|
+
}];
|
|
161
|
+
readonly description: "Wiz vulnerability findings keyed by finding id, with CVE id, severity, status, first / last detection timestamps, and the affected asset.";
|
|
162
|
+
readonly endpoint: "GraphQL query: vulnerabilityFindings { nodes { ... } }";
|
|
163
|
+
readonly notes: "Paginated via the GraphQL connection cursor; incremental syncs filter on lastDetectedAt.after.";
|
|
164
|
+
readonly fields: [{
|
|
165
|
+
readonly name: "severity";
|
|
166
|
+
readonly description: "CRITICAL, HIGH, MEDIUM, LOW, or INFORMATIONAL.";
|
|
167
|
+
}, {
|
|
168
|
+
readonly name: "status";
|
|
169
|
+
readonly description: "OPEN, RESOLVED, IGNORED, IN_PROGRESS.";
|
|
170
|
+
}, {
|
|
171
|
+
readonly name: "name";
|
|
172
|
+
readonly description: "Vulnerability name as reported by Wiz.";
|
|
173
|
+
}, {
|
|
174
|
+
readonly name: "cve";
|
|
175
|
+
readonly description: "Vulnerability external id, typically a CVE identifier.";
|
|
176
|
+
}, {
|
|
177
|
+
readonly name: "assetName";
|
|
178
|
+
readonly description: "Name of the affected asset.";
|
|
179
|
+
}, {
|
|
180
|
+
readonly name: "assetType";
|
|
181
|
+
readonly description: "Type of the affected asset.";
|
|
182
|
+
}, {
|
|
183
|
+
readonly name: "cloudPlatform";
|
|
184
|
+
readonly description: "Cloud platform hosting the affected asset.";
|
|
185
|
+
}, {
|
|
186
|
+
readonly name: "firstDetectedAt";
|
|
187
|
+
readonly description: "When the vulnerability was first detected (Unix ms).";
|
|
188
|
+
}, {
|
|
189
|
+
readonly name: "lastDetectedAt";
|
|
190
|
+
readonly description: "When the vulnerability was last detected (Unix ms).";
|
|
191
|
+
}, {
|
|
192
|
+
readonly name: "resolvedAt";
|
|
193
|
+
readonly description: "When the vulnerability was resolved (Unix ms; null if open).";
|
|
194
|
+
}];
|
|
195
|
+
readonly responses: {
|
|
196
|
+
readonly vulnerabilities: z.ZodArray<z.ZodObject<{
|
|
197
|
+
id: z.ZodString;
|
|
198
|
+
name: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
199
|
+
severity: z.ZodString;
|
|
200
|
+
status: z.ZodString;
|
|
201
|
+
vulnerabilityExternalId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
202
|
+
firstDetectedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
203
|
+
lastDetectedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
204
|
+
resolvedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
205
|
+
vulnerableAsset: z.ZodOptional<z.ZodNullable<z.ZodObject<{
|
|
206
|
+
id: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
207
|
+
name: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
208
|
+
type: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
209
|
+
cloudPlatform: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
210
|
+
}, z.core.$strip>>>;
|
|
211
|
+
}, z.core.$strip>>;
|
|
212
|
+
};
|
|
213
|
+
};
|
|
214
|
+
};
|
|
215
|
+
declare const id = "wiz";
|
|
216
|
+
declare class WizConnector extends BaseConnector<WizSettings, WizCredentials> {
|
|
217
|
+
static readonly id = "wiz";
|
|
218
|
+
static readonly resources: {
|
|
219
|
+
readonly wiz_issue: {
|
|
220
|
+
readonly shape: "entity";
|
|
221
|
+
readonly filterable: [{
|
|
222
|
+
readonly field: "severity";
|
|
223
|
+
readonly ops: ["eq"];
|
|
224
|
+
readonly values: ["CRITICAL", "HIGH", "MEDIUM", "LOW", "INFORMATIONAL"];
|
|
225
|
+
}, {
|
|
226
|
+
readonly field: "status";
|
|
227
|
+
readonly ops: ["eq"];
|
|
228
|
+
readonly values: ["OPEN", "IN_PROGRESS", "RESOLVED", "REJECTED"];
|
|
229
|
+
}, {
|
|
230
|
+
readonly field: "cloudProvider";
|
|
231
|
+
readonly ops: ["eq"];
|
|
232
|
+
}, {
|
|
233
|
+
readonly field: "resourceType";
|
|
234
|
+
readonly ops: ["eq"];
|
|
235
|
+
}];
|
|
236
|
+
readonly description: "Wiz issues (cloud-configuration, toxic-combination, and threat-detection findings) keyed by issue id, with severity, status, the offending entity snapshot, and lifecycle timestamps.";
|
|
237
|
+
readonly endpoint: "GraphQL query: issues { nodes { ... } }";
|
|
238
|
+
readonly notes: "Paginated via the GraphQL connection cursor; incremental syncs filter on updatedAt.after and stop once a page is entirely older than options.since.";
|
|
239
|
+
readonly fields: [{
|
|
240
|
+
readonly name: "severity";
|
|
241
|
+
readonly description: "CRITICAL, HIGH, MEDIUM, LOW, or INFORMATIONAL.";
|
|
242
|
+
}, {
|
|
243
|
+
readonly name: "status";
|
|
244
|
+
readonly description: "OPEN, IN_PROGRESS, RESOLVED, REJECTED.";
|
|
245
|
+
}, {
|
|
246
|
+
readonly name: "issueType";
|
|
247
|
+
readonly description: "Issue category (e.g. CLOUD_CONFIGURATION, TOXIC_COMBINATION).";
|
|
248
|
+
}, {
|
|
249
|
+
readonly name: "ruleName";
|
|
250
|
+
readonly description: "Name of the source rule that produced the issue.";
|
|
251
|
+
}, {
|
|
252
|
+
readonly name: "resourceName";
|
|
253
|
+
readonly description: "Name of the cloud resource the issue applies to.";
|
|
254
|
+
}, {
|
|
255
|
+
readonly name: "resourceType";
|
|
256
|
+
readonly description: "Type of the cloud resource (e.g. EC2_INSTANCE, S3_BUCKET).";
|
|
257
|
+
}, {
|
|
258
|
+
readonly name: "cloudProvider";
|
|
259
|
+
readonly description: "AWS, GCP, AZURE, etc.";
|
|
260
|
+
}, {
|
|
261
|
+
readonly name: "createdAt";
|
|
262
|
+
readonly description: "When Wiz first opened the issue (Unix ms).";
|
|
263
|
+
}, {
|
|
264
|
+
readonly name: "resolvedAt";
|
|
265
|
+
readonly description: "When the issue was resolved (Unix ms; null if open).";
|
|
266
|
+
}, {
|
|
267
|
+
readonly name: "dueAt";
|
|
268
|
+
readonly description: "Remediation due date as configured by SLA (Unix ms).";
|
|
269
|
+
}];
|
|
270
|
+
readonly responses: {
|
|
271
|
+
readonly oauth_token: z.ZodObject<{
|
|
272
|
+
access_token: z.ZodString;
|
|
273
|
+
token_type: z.ZodOptional<z.ZodString>;
|
|
274
|
+
expires_in: z.ZodOptional<z.ZodNumber>;
|
|
275
|
+
}, z.core.$strip>;
|
|
276
|
+
readonly issues: z.ZodArray<z.ZodObject<{
|
|
277
|
+
id: z.ZodString;
|
|
278
|
+
severity: z.ZodString;
|
|
279
|
+
status: z.ZodString;
|
|
280
|
+
type: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
281
|
+
resolutionReason: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
282
|
+
createdAt: z.ZodString;
|
|
283
|
+
updatedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
284
|
+
resolvedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
285
|
+
dueAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
286
|
+
sourceRule: z.ZodOptional<z.ZodNullable<z.ZodObject<{
|
|
287
|
+
id: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
288
|
+
name: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
289
|
+
}, z.core.$strip>>>;
|
|
290
|
+
entitySnapshot: z.ZodOptional<z.ZodNullable<z.ZodObject<{
|
|
291
|
+
id: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
292
|
+
name: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
293
|
+
type: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
294
|
+
cloudProvider: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
295
|
+
externalId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
296
|
+
}, z.core.$strip>>>;
|
|
297
|
+
}, z.core.$strip>>;
|
|
298
|
+
};
|
|
299
|
+
};
|
|
300
|
+
readonly wiz_issue_event: {
|
|
301
|
+
readonly shape: "event";
|
|
302
|
+
readonly filterable: [{
|
|
303
|
+
readonly field: "kind";
|
|
304
|
+
readonly ops: ["eq"];
|
|
305
|
+
readonly values: ["opened", "resolved"];
|
|
306
|
+
}, {
|
|
307
|
+
readonly field: "severity";
|
|
308
|
+
readonly ops: ["eq"];
|
|
309
|
+
readonly values: ["CRITICAL", "HIGH", "MEDIUM", "LOW", "INFORMATIONAL"];
|
|
310
|
+
}];
|
|
311
|
+
readonly description: "Issue lifecycle events derived from each Wiz issue: one event at createdAt (kind=\"opened\") and, when present, one at resolvedAt (kind=\"resolved\"). Used to build open-rate, resolution-rate, and MTTR widgets.";
|
|
312
|
+
readonly endpoint: "GraphQL query: issues { nodes { ... } } (derived)";
|
|
313
|
+
readonly notes: "Events are derived from the same issues GraphQL query; enabling issue_events without issues still triggers the query but skips the entity write.";
|
|
314
|
+
readonly fields: [{
|
|
315
|
+
readonly name: "kind";
|
|
316
|
+
readonly description: "\"opened\" or \"resolved\".";
|
|
317
|
+
}, {
|
|
318
|
+
readonly name: "issueId";
|
|
319
|
+
readonly description: "The Wiz issue id this lifecycle event belongs to.";
|
|
320
|
+
}, {
|
|
321
|
+
readonly name: "severity";
|
|
322
|
+
readonly description: "Severity of the originating issue at sync time.";
|
|
323
|
+
}, {
|
|
324
|
+
readonly name: "cloudProvider";
|
|
325
|
+
readonly description: "Cloud provider of the affected resource.";
|
|
326
|
+
}];
|
|
327
|
+
};
|
|
328
|
+
readonly wiz_vulnerability: {
|
|
329
|
+
readonly shape: "entity";
|
|
330
|
+
readonly filterable: [{
|
|
331
|
+
readonly field: "severity";
|
|
332
|
+
readonly ops: ["eq"];
|
|
333
|
+
readonly values: ["CRITICAL", "HIGH", "MEDIUM", "LOW", "INFORMATIONAL"];
|
|
334
|
+
}, {
|
|
335
|
+
readonly field: "status";
|
|
336
|
+
readonly ops: ["eq"];
|
|
337
|
+
readonly values: ["OPEN", "RESOLVED", "IGNORED", "IN_PROGRESS"];
|
|
338
|
+
}, {
|
|
339
|
+
readonly field: "cloudPlatform";
|
|
340
|
+
readonly ops: ["eq"];
|
|
341
|
+
}];
|
|
342
|
+
readonly description: "Wiz vulnerability findings keyed by finding id, with CVE id, severity, status, first / last detection timestamps, and the affected asset.";
|
|
343
|
+
readonly endpoint: "GraphQL query: vulnerabilityFindings { nodes { ... } }";
|
|
344
|
+
readonly notes: "Paginated via the GraphQL connection cursor; incremental syncs filter on lastDetectedAt.after.";
|
|
345
|
+
readonly fields: [{
|
|
346
|
+
readonly name: "severity";
|
|
347
|
+
readonly description: "CRITICAL, HIGH, MEDIUM, LOW, or INFORMATIONAL.";
|
|
348
|
+
}, {
|
|
349
|
+
readonly name: "status";
|
|
350
|
+
readonly description: "OPEN, RESOLVED, IGNORED, IN_PROGRESS.";
|
|
351
|
+
}, {
|
|
352
|
+
readonly name: "name";
|
|
353
|
+
readonly description: "Vulnerability name as reported by Wiz.";
|
|
354
|
+
}, {
|
|
355
|
+
readonly name: "cve";
|
|
356
|
+
readonly description: "Vulnerability external id, typically a CVE identifier.";
|
|
357
|
+
}, {
|
|
358
|
+
readonly name: "assetName";
|
|
359
|
+
readonly description: "Name of the affected asset.";
|
|
360
|
+
}, {
|
|
361
|
+
readonly name: "assetType";
|
|
362
|
+
readonly description: "Type of the affected asset.";
|
|
363
|
+
}, {
|
|
364
|
+
readonly name: "cloudPlatform";
|
|
365
|
+
readonly description: "Cloud platform hosting the affected asset.";
|
|
366
|
+
}, {
|
|
367
|
+
readonly name: "firstDetectedAt";
|
|
368
|
+
readonly description: "When the vulnerability was first detected (Unix ms).";
|
|
369
|
+
}, {
|
|
370
|
+
readonly name: "lastDetectedAt";
|
|
371
|
+
readonly description: "When the vulnerability was last detected (Unix ms).";
|
|
372
|
+
}, {
|
|
373
|
+
readonly name: "resolvedAt";
|
|
374
|
+
readonly description: "When the vulnerability was resolved (Unix ms; null if open).";
|
|
375
|
+
}];
|
|
376
|
+
readonly responses: {
|
|
377
|
+
readonly vulnerabilities: z.ZodArray<z.ZodObject<{
|
|
378
|
+
id: z.ZodString;
|
|
379
|
+
name: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
380
|
+
severity: z.ZodString;
|
|
381
|
+
status: z.ZodString;
|
|
382
|
+
vulnerabilityExternalId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
383
|
+
firstDetectedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
384
|
+
lastDetectedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
385
|
+
resolvedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
386
|
+
vulnerableAsset: z.ZodOptional<z.ZodNullable<z.ZodObject<{
|
|
387
|
+
id: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
388
|
+
name: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
389
|
+
type: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
390
|
+
cloudPlatform: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
391
|
+
}, z.core.$strip>>>;
|
|
392
|
+
}, z.core.$strip>>;
|
|
393
|
+
};
|
|
394
|
+
};
|
|
395
|
+
};
|
|
396
|
+
static readonly schemas: object & {
|
|
397
|
+
readonly oauth_token: z.ZodObject<{
|
|
398
|
+
access_token: z.ZodString;
|
|
399
|
+
token_type: z.ZodOptional<z.ZodString>;
|
|
400
|
+
expires_in: z.ZodOptional<z.ZodNumber>;
|
|
401
|
+
}, z.core.$strip>;
|
|
402
|
+
readonly issues: z.ZodArray<z.ZodObject<{
|
|
403
|
+
id: z.ZodString;
|
|
404
|
+
severity: z.ZodString;
|
|
405
|
+
status: z.ZodString;
|
|
406
|
+
type: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
407
|
+
resolutionReason: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
408
|
+
createdAt: z.ZodString;
|
|
409
|
+
updatedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
410
|
+
resolvedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
411
|
+
dueAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
412
|
+
sourceRule: z.ZodOptional<z.ZodNullable<z.ZodObject<{
|
|
413
|
+
id: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
414
|
+
name: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
415
|
+
}, z.core.$strip>>>;
|
|
416
|
+
entitySnapshot: z.ZodOptional<z.ZodNullable<z.ZodObject<{
|
|
417
|
+
id: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
418
|
+
name: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
419
|
+
type: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
420
|
+
cloudProvider: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
421
|
+
externalId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
422
|
+
}, z.core.$strip>>>;
|
|
423
|
+
}, z.core.$strip>>;
|
|
424
|
+
} & {
|
|
425
|
+
readonly vulnerabilities: z.ZodArray<z.ZodObject<{
|
|
426
|
+
id: z.ZodString;
|
|
427
|
+
name: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
428
|
+
severity: z.ZodString;
|
|
429
|
+
status: z.ZodString;
|
|
430
|
+
vulnerabilityExternalId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
431
|
+
firstDetectedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
432
|
+
lastDetectedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
433
|
+
resolvedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
434
|
+
vulnerableAsset: z.ZodOptional<z.ZodNullable<z.ZodObject<{
|
|
435
|
+
id: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
436
|
+
name: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
437
|
+
type: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
438
|
+
cloudPlatform: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
439
|
+
}, z.core.$strip>>>;
|
|
440
|
+
}, z.core.$strip>>;
|
|
441
|
+
} & Readonly<Record<string, z.ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>>>;
|
|
442
|
+
static create(input: unknown, ctx?: ConnectorContext): WizConnector;
|
|
443
|
+
readonly id = "wiz";
|
|
444
|
+
readonly credentials: {
|
|
445
|
+
clientId: {
|
|
446
|
+
description: string;
|
|
447
|
+
auth: "required";
|
|
448
|
+
};
|
|
449
|
+
clientSecret: {
|
|
450
|
+
description: string;
|
|
451
|
+
auth: "required";
|
|
452
|
+
};
|
|
453
|
+
};
|
|
454
|
+
private accessToken;
|
|
455
|
+
private accessTokenExpiry;
|
|
456
|
+
private tokenEndpoint;
|
|
457
|
+
private audience;
|
|
458
|
+
private resourceAllowed;
|
|
459
|
+
private refreshAccessToken;
|
|
460
|
+
private getAccessToken;
|
|
461
|
+
private graphql;
|
|
462
|
+
private issuesFilter;
|
|
463
|
+
private vulnerabilitiesFilter;
|
|
464
|
+
private isPageAllOlderThan;
|
|
465
|
+
private fetchIssuesPage;
|
|
466
|
+
private fetchVulnerabilitiesPage;
|
|
467
|
+
private writeIssues;
|
|
468
|
+
private writeVulnerabilities;
|
|
469
|
+
private clearScopeOnFirstPage;
|
|
470
|
+
private resolveCursor;
|
|
471
|
+
sync(options: SyncOptions, storage: StorageHandle, signal?: AbortSignal): Promise<SyncResult>;
|
|
472
|
+
}
|
|
473
|
+
|
|
474
|
+
export { WizConnector, type WizResource, type WizSettings, configFields, WizConnector as default, doc, id, wizResources as resources };
|