regscale-cli 6.21.2.0__py3-none-any.whl → 6.28.2.1__py3-none-any.whl

regscale/integrations/commercial/wizv2/scanner.py

@@ -5,13 +5,16 @@ import json
 import logging
 import os
 import re
-from typing import Any, Dict, Iterator, List, Optional, Union, Tuple
+from collections.abc import Iterator
+from functools import lru_cache
+from typing import Any, Dict, List, Optional, Tuple, Union
 
-from regscale.core.app.utils.app_utils import check_file_path, get_current_datetime, error_and_exit
+from regscale.core.app.utils.app_utils import check_file_path, error_and_exit, get_current_datetime
 from regscale.core.utils import get_base_protocol_from_port
 from regscale.core.utils.date import format_to_regscale_iso
-from regscale.integrations.commercial.wizv2.async_client import run_async_queries
-from regscale.integrations.commercial.wizv2.constants import (
+from regscale.integrations.commercial.wizv2.core.client import run_async_queries
+from regscale.integrations.commercial.wizv2.core.file_operations import FileOperations
+from regscale.integrations.commercial.wizv2.core.constants import (
     END_OF_LIFE_FILE_PATH,
     EXTERNAL_ATTACK_SURFACE_FILE_PATH,
     INVENTORY_FILE_PATH,
@@ -41,11 +44,16 @@ from regscale.integrations.commercial.wizv2.utils import (
     map_category,
 )
 from regscale.integrations.commercial.wizv2.variables import WizVariables
-from regscale.integrations.commercial.wizv2.wiz_auth import wiz_authenticate
-from regscale.integrations.scanner_integration import IntegrationAsset, IntegrationFinding, ScannerIntegration
 from regscale.integrations.variables import ScannerVariables
+from regscale.integrations.commercial.wizv2.core.auth import wiz_authenticate
+from regscale.integrations.scanner_integration import (
+    IntegrationAsset,
+    IntegrationFinding,
+    ScannerIntegration,
+)
 from regscale.models import IssueStatus, regscale_models
 from regscale.models.regscale_models.compliance_settings import ComplianceSettings
+from regscale.models.regscale_models.regscale_model import RegScaleModel
 
 logger = logging.getLogger("regscale")
 
@@ -61,11 +69,21 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         "High": regscale_models.IssueSeverity.High,
         "Medium": regscale_models.IssueSeverity.Moderate,
         "Low": regscale_models.IssueSeverity.Low,
+        "INFORMATIONAL": regscale_models.IssueSeverity.NotAssigned,
+        "INFO": regscale_models.IssueSeverity.NotAssigned,  # Wiz uses "INFO" for informational data findings
+        "None": regscale_models.IssueSeverity.NotAssigned,  # Wiz uses "NONE" for findings without severity
     }
     asset_lookup = "vulnerableAsset"
     wiz_token = None
     _compliance_settings = None
 
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        # Suppress generic asset not found errors but use enhanced diagnostics instead
+        self.suppress_asset_not_found_errors = True
+        # Track unique missing asset types for summary reporting
+        self._missing_asset_types = set()
+
     @staticmethod
     def get_variables() -> Dict[str, Any]:
         """
@@ -79,6 +97,31 @@ class WizVulnerabilityIntegration(ScannerIntegration):
             "filterBy": {},
         }
 
+    def get_finding_identifier(self, finding) -> str:
+        """
+        Gets the finding identifier for Wiz findings.
+        For Wiz integrations, prioritize external_id since plugin_id can be non-unique.
+
+        :param finding: The finding
+        :return: The finding identifier
+        :rtype: str
+        """
+        # We could have a string truncation error platform side on IntegrationFindingId nvarchar(450)
+        prefix = f"{self.plan_id}:"
+
+        # For Wiz, prioritize external_id since plugin_id can be non-unique
+        if finding.external_id:
+            prefix += self.hash_string(finding.external_id).__str__()
+        else:
+            prefix += (
+                finding.cve or finding.plugin_id or finding.rule_id or self.hash_string(finding.external_id).__str__()
+            )
+
+        if ScannerVariables.issueCreation.lower() == "perasset":
+            res = f"{prefix}:{finding.asset_identifier}"
+            return res[:450]
+        return prefix[:450]
+
     def authenticate(self, client_id: Optional[str] = None, client_secret: Optional[str] = None) -> None:
         """
         Authenticates to Wiz using the client ID and client secret
@@ -92,14 +135,16 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         logger.info("Authenticating to Wiz...")
         self.wiz_token = wiz_authenticate(client_id, client_secret)
 
-    def get_query_types(self, project_id: str) -> List[Dict[str, Any]]:
+    def get_query_types(self, project_id: str, filter_by: Optional[Dict[str, Any]] = None) -> List[Dict[str, Any]]:
         """Get the query types for vulnerability scanning.
 
         :param str project_id: The project ID to get queries for
+        :param Optional[Dict[str, Any]] filter_by: Optional filter criteria (used by subclasses)
         :return: List of query types
         :rtype: List[Dict[str, Any]]
         """
-        return get_wiz_vulnerability_queries(project_id=project_id)
+        # Base class ignores filter_by, subclasses can override to use it
+        return get_wiz_vulnerability_queries(project_id=project_id, filter_by=filter_by)
 
     def fetch_findings(self, *args, **kwargs) -> Iterator[IntegrationFinding]:
         """
@@ -119,7 +164,7 @@ class WizVulnerabilityIntegration(ScannerIntegration):
                 # Use async concurrent queries for better performance
                 yield from self.fetch_findings_async(*args, **kwargs)
             except Exception as e:
-                logger.warning(f"Async query failed, falling back to sync: {str(e)}")
+                logger.warning(f"Async query failed, falling back to sync: {e!s}")
                 # Fallback to synchronous method
                 yield from self.fetch_findings_sync(**kwargs)
         else:
@@ -195,8 +240,7 @@ class WizVulnerabilityIntegration(ScannerIntegration):
                 progress_tracker=self.finding_progress,
                 max_concurrent=5,
             )
-        else:
-            return self._load_cached_data_with_progress(query_configs)
+        return self._load_cached_data_with_progress(query_configs)
 
     def _process_query_results(
         self,
@@ -215,35 +259,63 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         :yield: IntegrationFinding objects
         :rtype: Iterator[IntegrationFinding]
         """
-        parse_task = self.finding_progress.add_task("[magenta]Processing fetched findings...", total=len(results))
+        parse_task = self._init_progress_task(len(results))
 
         for query_type_str, nodes, error in results:
             if error:
                 logger.error(f"Error fetching {query_type_str}: {error}")
-                self.finding_progress.advance(parse_task, 1)
+                self._advance_progress(parse_task)
                 continue
 
-            # Find corresponding vulnerability type and config
             vulnerability_type, config = self._find_vulnerability_config(query_type_str, query_configs)
             if not vulnerability_type or not config:
                 logger.warning(f"Could not find vulnerability type for {query_type_str}")
-                self.finding_progress.advance(parse_task, 1)
+                self._advance_progress(parse_task)
                 continue
 
-            # Save fetched data to cache if fresh data was fetched
             if should_fetch_fresh and nodes:
                 self._save_data_to_cache(nodes, config.get("file_path"))
 
-            # Apply project filtering for certain vulnerability types
             nodes = self._apply_project_filtering(nodes, vulnerability_type, project_id, query_type_str)
 
             logger.info(f"Processing {len(nodes)} {query_type_str} findings...")
             yield from self.parse_findings(nodes, vulnerability_type)
+            self._advance_progress(parse_task)
+
+        self._finalize_progress(parse_task)
+
+    def _init_progress_task(self, total_results: int):
+        """
+        Initialize progress tracking task.
+
+        :param int total_results: Total number of results to process
+        :return: Task ID or None
+        """
+        if self.finding_progress is not None and hasattr(self.finding_progress, "add_task"):
+            return self.finding_progress.add_task("[magenta]Processing fetched findings...", total=total_results)
+        return None
+
+    def _advance_progress(self, parse_task) -> None:
+        """
+        Advance progress bar by one step.
+
+        :param parse_task: Progress task ID
+        :rtype: None
+        """
+        if parse_task is not None and self.finding_progress is not None and hasattr(self.finding_progress, "advance"):
             self.finding_progress.advance(parse_task, 1)
 
-        self.finding_progress.update(
-            parse_task, description=f"[green]✓ Processed all findings ({self.num_findings_to_process} total)"
-        )
+    def _finalize_progress(self, parse_task) -> None:
+        """
+        Finalize progress tracking with completion message.
+
+        :param parse_task: Progress task ID
+        :rtype: None
+        """
+        if parse_task is not None and self.finding_progress is not None and hasattr(self.finding_progress, "update"):
+            self.finding_progress.update(
+                parse_task, description=f"[green]✓ Processed all findings ({self.num_findings_to_process} total)"
+            )
 
     def _find_vulnerability_config(
         self, query_type_str: str, query_configs: List[Dict[str, Any]]
@@ -309,11 +381,16 @@ class WizVulnerabilityIntegration(ScannerIntegration):
             # Step 2: Initialize progress tracking
             logger.info("Fetching Wiz findings using async concurrent queries...")
             self.num_findings_to_process = 0
-            query_configs = self.get_query_types(project_id=project_id)
-
-            main_task = self.finding_progress.add_task(
-                "[cyan]Running concurrent GraphQL queries...", total=len(query_configs)
-            )
+            # Pass filter_by_override if provided
+            filter_by = kwargs.get("filter_by_override")
+            query_configs = self.get_query_types(project_id=project_id, filter_by=filter_by)
+
+            # Backwards compatibility: check if finding_progress exists and has add_task method
+            main_task = None
+            if self.finding_progress is not None and hasattr(self.finding_progress, "add_task"):
+                main_task = self.finding_progress.add_task(
+                    "[cyan]Running concurrent GraphQL queries...", total=len(query_configs)
+                )
 
             # Step 3: Setup authentication
             headers = self._setup_authentication_headers()
@@ -323,22 +400,37 @@ class WizVulnerabilityIntegration(ScannerIntegration):
             should_fetch_fresh = self._should_fetch_fresh_data(query_configs)
 
             # Step 5: Update main progress
-            self.finding_progress.update(
-                main_task,
-                description="[green]✓ Completed all concurrent queries",
-                completed=len(query_configs),
-                total=len(query_configs),
-            )
+            # Backwards compatibility: check if finding_progress exists and has update method
+            if main_task is not None and self.finding_progress is not None and hasattr(self.finding_progress, "update"):
+                self.finding_progress.update(
+                    main_task,
+                    description="[green]✓ Completed all concurrent queries",
+                    completed=len(query_configs),
+                    total=len(query_configs),
+                )
 
             # Step 6: Process results
             yield from self._process_query_results(results, query_configs, project_id, should_fetch_fresh)
 
-            # Step 7: Complete main task
-            self.finding_progress.advance(main_task, len(query_configs))
+            # Step 7: Complete main task - ensure it's marked as 100% complete
+            # Backwards compatibility: check if finding_progress exists and has update method
+            if main_task is not None and self.finding_progress is not None and hasattr(self.finding_progress, "update"):
+                self.finding_progress.update(
+                    main_task,
+                    description="[green]✓ Completed processing all Wiz findings",
+                    completed=len(query_configs),
+                    total=len(query_configs),
+                )
 
         except Exception as e:
-            logger.error(f"Error in async findings fetch: {str(e)}", exc_info=True)
-            if "main_task" in locals():
+            logger.error(f"Error in async findings fetch: {e!s}", exc_info=True)
+            # Backwards compatibility: check if finding_progress exists and has update method
+            if (
+                "main_task" in locals()
+                and main_task is not None
+                and self.finding_progress is not None
+                and hasattr(self.finding_progress, "update")
+            ):
                 self.finding_progress.update(
                     main_task, description=f"[red]✗ Error in concurrent queries: {str(e)[:50]}..."
                 )
@@ -346,6 +438,14 @@ class WizVulnerabilityIntegration(ScannerIntegration):
             logger.info("Falling back to synchronous query method...")
             yield from self.fetch_findings_sync(**kwargs)
 
+        # Log summary of missing asset types if any were found
+        if hasattr(self, "_missing_asset_types") and self._missing_asset_types:
+            logger.warning(
+                "Summary: Found references to missing asset types: %s. "
+                "Consider adding these to RECOMMENDED_WIZ_INVENTORY_TYPES in constants.py",
+                ", ".join(sorted(self._missing_asset_types)),
+            )
+
         logger.info(
             "Finished async fetching Wiz findings. Total findings to process: %d", self.num_findings_to_process or 0
         )
@@ -386,34 +486,28 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         :return: Results in the same format as async queries
         :rtype: List[Tuple[str, List[Dict[str, Any]], Optional[Exception]]]
         """
-
-        results = []
-        cache_task = self.finding_progress.add_task("[green]Loading cached Wiz data...", total=len(query_configs))
-
-        for config in query_configs:
-            query_type = config["type"].value
-            file_path = config.get("file_path")
-
-            try:
-                if file_path and os.path.exists(file_path):
-                    with open(file_path, "r", encoding="utf-8") as file:
-                        nodes = json.load(file)
-
-                    logger.info(f"Loaded {len(nodes)} cached {query_type} findings from {file_path}")
-                    results.append((query_type, nodes, None))
-                else:
-                    logger.warning(f"No cached data found for {query_type}")
-                    results.append((query_type, [], None))
-
-            except Exception as e:
-                logger.error(f"Error loading cached data for {query_type}: {e}")
-                results.append((query_type, [], e))
-
-            self.finding_progress.advance(cache_task, 1)
-
-        self.finding_progress.update(
-            cache_task, description=f"[green]✓ Loaded cached data for {len(query_configs)} query types"
-        )
+        # Backwards compatibility: check if finding_progress exists and has add_task method
+        cache_task = None
+        if self.finding_progress is not None and hasattr(self.finding_progress, "add_task"):
+            cache_task = self.finding_progress.add_task("[green]Loading cached Wiz data...", total=len(query_configs))
+
+        def progress_callback(query_type: str, status: str):
+            if status == "loaded":
+                # Backwards compatibility: check if finding_progress exists and has advance method
+                if (
+                    cache_task is not None
+                    and self.finding_progress is not None
+                    and hasattr(self.finding_progress, "advance")
+                ):
+                    self.finding_progress.advance(cache_task, 1)
+
+        results = FileOperations.load_cached_findings(query_configs, progress_callback)
+
+        # Backwards compatibility: check if finding_progress exists and has update method
+        if cache_task is not None and self.finding_progress is not None and hasattr(self.finding_progress, "update"):
+            self.finding_progress.update(
+                cache_task, description=f"[green]✓ Loaded cached data for {len(query_configs)} query types"
+            )
 
         return results
 
@@ -428,21 +522,10 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         if not file_path:
             return
 
-        try:
-            from regscale.core.app.utils.app_utils import check_file_path
-
-            # Ensure directory exists
-            check_file_path(os.path.dirname(file_path))
-
-            # Save data to file
-            with open(file_path, "w", encoding="utf-8") as file:
-                json.dump(nodes, file)
-
+        success = FileOperations.save_json_file(nodes, file_path, create_dir=True)
+        if success:
             logger.debug(f"Saved {len(nodes)} nodes to cache file: {file_path}")
 
-        except Exception as e:
-            logger.warning(f"Failed to save data to cache file {file_path}: {e}")
-
     def fetch_findings_sync(self, **kwargs) -> Iterator[IntegrationFinding]:
         """
         Original synchronous method for fetching findings (renamed for fallback)
@@ -450,81 +533,214 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         :return: Results in the same format as async queries
         :rtype: Iterator[IntegrationFinding]
         """
-        # Use shared validation logic
         project_id = self._validate_project_id(kwargs.get("wiz_project_id"))
-
         logger.info("Fetching Wiz findings using synchronous queries...")
         self.num_findings_to_process = 0
-        query_types = self.get_query_types(project_id=project_id)
 
-        # Create detailed progress tracking for each query type
-        main_task = self.finding_progress.add_task(
-            "[cyan]Fetching Wiz findings across all query types...", total=len(query_types)
-        )
+        filter_by = kwargs.get("filter_by_override")
+        query_types = self.get_query_types(project_id=project_id, filter_by=filter_by)
+
+        main_task = self._create_main_progress_task(len(query_types))
 
         for i, wiz_vulnerability_type in enumerate(query_types, 1):
-            vulnerability_name = self._get_friendly_vulnerability_name(wiz_vulnerability_type["type"])
+            yield from self._process_single_query_type(
+                wiz_vulnerability_type, project_id, i, len(query_types), main_task
+            )
+
+        self._complete_main_progress_task(main_task)
+        self._log_missing_asset_types_summary()
+
+    def _create_main_progress_task(self, total_query_types: int):
+        """
+        Create main progress tracking task.
+
+        :param int total_query_types: Total number of query types
+        :return: Task ID or None
+        """
+        if self.finding_progress is not None and hasattr(self.finding_progress, "add_task"):
+            return self.finding_progress.add_task(
+                "[cyan]Fetching Wiz findings across all query types...", total=total_query_types
+            )
+        return None
+
+    def _process_single_query_type(
+        self, wiz_vulnerability_type: dict, project_id: str, step: int, total_steps: int, main_task
+    ) -> Iterator[IntegrationFinding]:
+        """
+        Process a single query type and yield findings.
+
+        :param dict wiz_vulnerability_type: Query type configuration
+        :param str project_id: Project ID for filtering
+        :param int step: Current step number
+        :param int total_steps: Total number of steps
+        :param main_task: Main progress task ID
+        :yield: IntegrationFinding objects
+        :rtype: Iterator[IntegrationFinding]
+        """
+        vulnerability_name = self._get_friendly_vulnerability_name(wiz_vulnerability_type["type"])
+        self._update_main_progress_description(main_task, step, total_steps, vulnerability_name)
 
-            # Update main progress with current query type
+        query_task = self._create_query_task(vulnerability_name)
+        nodes = self._fetch_query_data(wiz_vulnerability_type, vulnerability_name, query_task)
+        nodes = self._apply_query_filtering(wiz_vulnerability_type, nodes, project_id, vulnerability_name)
+
+        if nodes:
+            yield from self._parse_query_results(nodes, wiz_vulnerability_type["type"], vulnerability_name)
+
+        self._complete_query_tasks(query_task, main_task)
+
+    def _update_main_progress_description(
+        self, main_task, step: int, total_steps: int, vulnerability_name: str
+    ) -> None:
+        """
+        Update main progress task description.
+
+        :param main_task: Main task ID
+        :param int step: Current step
+        :param int total_steps: Total steps
+        :param str vulnerability_name: Vulnerability name
+        :rtype: None
+        """
+        if main_task is not None and self.finding_progress is not None and hasattr(self.finding_progress, "update"):
             self.finding_progress.update(
-                main_task, description=f"[cyan]Step {i}/{len(query_types)}: Fetching {vulnerability_name}..."
+                main_task, description=f"[cyan]Step {step}/{total_steps}: Fetching {vulnerability_name}..."
             )
 
-            # Create subtask for this specific query type
-            query_task = self.finding_progress.add_task(
-                f"[yellow]Querying Wiz API for {vulnerability_name}...", total=None  # Indeterminate while fetching
+    def _create_query_task(self, vulnerability_name: str):
+        """
+        Create query-specific progress task.
+
+        :param str vulnerability_name: Vulnerability name
+        :return: Task ID or None
+        """
+        if self.finding_progress is not None and hasattr(self.finding_progress, "add_task"):
+            return self.finding_progress.add_task(f"[yellow]Querying Wiz API for {vulnerability_name}...", total=None)
+        return None
+
+    def _fetch_query_data(self, wiz_vulnerability_type: dict, vulnerability_name: str, query_task) -> list:
+        """
+        Fetch data for a single query type.
+
+        :param dict wiz_vulnerability_type: Query type configuration
+        :param str vulnerability_name: Vulnerability name
+        :param query_task: Query task ID
+        :return: List of nodes
+        :rtype: list
+        """
+        variables = wiz_vulnerability_type.get("variables", self.get_variables())
+        nodes = self.fetch_wiz_data_if_needed(
+            query=wiz_vulnerability_type["query"],
+            variables=variables,
+            topic_key=wiz_vulnerability_type["topic_key"],
+            file_path=wiz_vulnerability_type["file_path"],
+        )
+
+        if query_task is not None and self.finding_progress is not None and hasattr(self.finding_progress, "update"):
+            self.finding_progress.update(
+                query_task, description=f"[green]✓ Fetched {len(nodes)} {vulnerability_name} from Wiz API"
             )
 
-            # Use the variables from the query type configuration
-            variables = wiz_vulnerability_type.get("variables", self.get_variables())
+        return nodes
 
-            nodes = self.fetch_wiz_data_if_needed(
-                query=wiz_vulnerability_type["query"],
-                variables=variables,
-                topic_key=wiz_vulnerability_type["topic_key"],
-                file_path=wiz_vulnerability_type["file_path"],
+    def _apply_query_filtering(
+        self, wiz_vulnerability_type: dict, nodes: list, project_id: str, vulnerability_name: str
+    ) -> list:
+        """
+        Apply project filtering if needed for the query type.
+
+        :param dict wiz_vulnerability_type: Query type configuration
+        :param list nodes: Nodes to filter
+        :param str project_id: Project ID
+        :param str vulnerability_name: Vulnerability name
+        :return: Filtered nodes
+        :rtype: list
+        """
+        if wiz_vulnerability_type["type"] not in [
+            WizVulnerabilityType.EXCESSIVE_ACCESS_FINDING,
+            WizVulnerabilityType.NETWORK_EXPOSURE_FINDING,
+            WizVulnerabilityType.EXTERNAL_ATTACH_SURFACE,
+        ]:
+            return nodes
+
+        filter_task = None
+        if self.finding_progress is not None and hasattr(self.finding_progress, "add_task"):
+            filter_task = self.finding_progress.add_task(
+                f"[blue]Filtering {vulnerability_name} by project...", total=len(nodes)
             )
 
-            # Update query task to show data fetched
+        nodes = self._filter_findings_by_project_with_progress(nodes, project_id, filter_task)
+
+        if filter_task is not None and self.finding_progress is not None and hasattr(self.finding_progress, "update"):
             self.finding_progress.update(
-                query_task, description=f"[green]✓ Fetched {len(nodes)} {vulnerability_name} from Wiz API"
+                filter_task, description=f"[green]✓ Filtered to {len(nodes)} {vulnerability_name} for project"
             )
 
-            # Filter findings by project for queries that don't support API-level project filtering
-            if wiz_vulnerability_type["type"] in [
-                WizVulnerabilityType.EXCESSIVE_ACCESS_FINDING,
-                WizVulnerabilityType.NETWORK_EXPOSURE_FINDING,
-                WizVulnerabilityType.EXTERNAL_ATTACH_SURFACE,
-            ]:
-                filter_task = self.finding_progress.add_task(
-                    f"[blue]Filtering {vulnerability_name} by project...", total=len(nodes)
-                )
-                nodes = self._filter_findings_by_project_with_progress(nodes, project_id, filter_task)
-                self.finding_progress.update(
-                    filter_task, description=f"[green]✓ Filtered to {len(nodes)} {vulnerability_name} for project"
-                )
+        return nodes
 
-            # Create parsing task
-            if nodes:
-                parse_task = self.finding_progress.add_task(
-                    f"[magenta]Parsing {len(nodes)} {vulnerability_name}...", total=len(nodes)
-                )
+    def _parse_query_results(
+        self, nodes: list, vulnerability_type, vulnerability_name: str
+    ) -> Iterator[IntegrationFinding]:
+        """
+        Parse nodes and yield findings.
 
-                yield from self.parse_findings_with_progress(nodes, wiz_vulnerability_type["type"], parse_task)
+        :param list nodes: Nodes to parse
+        :param vulnerability_type: Vulnerability type
+        :param str vulnerability_name: Vulnerability name
+        :yield: IntegrationFinding objects
+        :rtype: Iterator[IntegrationFinding]
+        """
+        parse_task = None
+        if self.finding_progress is not None and hasattr(self.finding_progress, "add_task"):
+            parse_task = self.finding_progress.add_task(
+                f"[magenta]Parsing {len(nodes)} {vulnerability_name}...", total=len(nodes)
+            )
 
-                self.finding_progress.update(
-                    parse_task, description=f"[green]✓ Parsed {len(nodes)} {vulnerability_name} successfully"
-                )
+        yield from self.parse_findings_with_progress(nodes, vulnerability_type, parse_task)
 
-            # Mark query complete and advance main progress
+        if parse_task is not None and self.finding_progress is not None and hasattr(self.finding_progress, "update"):
+            self.finding_progress.update(
+                parse_task, description=f"[green]✓ Parsed {len(nodes)} {vulnerability_name} successfully"
+            )
+
+    def _complete_query_tasks(self, query_task, main_task) -> None:
+        """
+        Mark query and main tasks as progressing.
+
+        :param query_task: Query task ID
+        :param main_task: Main task ID
+        :rtype: None
+        """
+        if query_task is not None and self.finding_progress is not None and hasattr(self.finding_progress, "update"):
             self.finding_progress.update(query_task, completed=1, total=1)
+
+        if main_task is not None and self.finding_progress is not None and hasattr(self.finding_progress, "advance"):
             self.finding_progress.advance(main_task, 1)
 
-        # Update main task completion
-        self.finding_progress.update(
-            main_task,
-            description=f"[green]✓ Completed fetching all Wiz findings ({self.num_findings_to_process or 0} total)",
-        )
+    def _complete_main_progress_task(self, main_task) -> None:
+        """
+        Complete main progress task with final message.
+
+        :param main_task: Main task ID
+        :rtype: None
+        """
+        if main_task is not None and self.finding_progress is not None and hasattr(self.finding_progress, "update"):
+            self.finding_progress.update(
+                main_task,
+                description=f"[green]✓ Completed fetching all Wiz findings ({self.num_findings_to_process or 0} total)",
+            )
+
+    def _log_missing_asset_types_summary(self) -> None:
+        """
+        Log summary of missing asset types if any were found.
+
+        :rtype: None
+        """
+        if hasattr(self, "_missing_asset_types") and self._missing_asset_types:
+            logger.warning(
+                "Summary: Found references to missing asset types: %s. "
+                "Consider adding these to RECOMMENDED_WIZ_INVENTORY_TYPES in constants.py",
+                ", ".join(sorted(self._missing_asset_types)),
+            )
 
         logger.info(
             "Finished synchronous fetching Wiz findings. Total findings to process: %d",
@@ -574,7 +790,8 @@ class WizVulnerabilityIntegration(ScannerIntegration):
                 yield finding
 
             # Update progress if task_id provided
-            if task_id is not None:
+            # Backwards compatibility: check if finding_progress exists and has advance method
+            if task_id is not None and self.finding_progress is not None and hasattr(self.finding_progress, "advance"):
                 self.finding_progress.advance(task_id, 1)
 
         # Log parsing results for this type
@@ -612,7 +829,8 @@ class WizVulnerabilityIntegration(ScannerIntegration):
                 filtered_nodes.append(node)
 
             # Update progress if task_id provided
-            if task_id is not None:
+            # Backwards compatibility: check if finding_progress exists and has advance method
+            if task_id is not None and self.finding_progress is not None and hasattr(self.finding_progress, "advance"):
                 self.finding_progress.advance(task_id, 1)
 
         filtered_count = len(filtered_nodes)
@@ -660,16 +878,233 @@ class WizVulnerabilityIntegration(ScannerIntegration):
     ) -> Iterator[IntegrationFinding]:
         """
         Parses a list of Wiz finding nodes into IntegrationFinding objects.
-
-        This is a compatibility wrapper that calls the progress-aware version.
+        Groups findings by rule and scope for consolidation when appropriate.
 
         :param List[Dict[str, Any]] nodes: List of Wiz finding nodes
         :param WizVulnerabilityType vulnerability_type: The type of vulnerability
         :yield: IntegrationFinding objects
         :rtype: Iterator[IntegrationFinding]
         """
-        # Delegate to the progress-aware version without progress tracking
-        yield from self.parse_findings_with_progress(nodes, vulnerability_type, task_id=None)
+        logger.debug(f"VULNERABILITY PROCESSING ANALYSIS: Received {len(nodes)} raw Wiz vulnerabilities for processing")
+
+        # Count issues by severity for analysis
+        severity_counts: dict[str, int] = {}
+        status_counts: dict[str, int] = {}
+        for node in nodes:
+            severity = node.get("severity", "Low")
+            status = node.get("status", "OPEN")
+            severity_counts[severity] = severity_counts.get(severity, 0) + 1
+            status_counts[status] = status_counts.get(status, 0) + 1
+
+        logger.debug(f"Raw vulnerability breakdown by severity: {severity_counts}")
+        logger.debug(f"Raw vulnerability breakdown by status: {status_counts}")
+
+        # Filter nodes by minimum severity configuration
+        filtered_nodes = []
+        filtered_out_count = 0
+        for node in nodes:
+            wiz_severity = node.get("severity", "Low")
+            wiz_id = node.get("id", "unknown")
+
+            # Log sample record for NONE severity (only first occurrence per session)
+            if wiz_severity and wiz_severity.upper() == "NONE":
+                if not hasattr(self, "_none_severity_sample_logged"):
+                    logger.info(
+                        f"SAMPLE RECORD - Vulnerability with NONE severity (treating as informational): "
+                        f"ID={node.get('id', 'Unknown')}, "
+                        f"Name={node.get('name', 'Unknown')}, "
+                        f"Type={node.get('type', 'Unknown')}, "
+                        f"Severity={wiz_severity}"
+                    )
+                    self._none_severity_sample_logged = True
+
+            if self.should_process_finding_by_severity(wiz_severity):
+                filtered_nodes.append(node)
+            else:
+                filtered_out_count += 1
+                logger.debug(
+                    f"FILTERED BY SEVERITY: Vulnerability {wiz_id} with severity '{wiz_severity}' "
+                    f"filtered due to minimumSeverity configuration"
+                )
+
+        logger.info(
+            f"After severity filtering: {len(filtered_nodes)} vulnerabilities kept, {filtered_out_count} filtered out"
+        )
+
+        if not filtered_nodes:
+            logger.warning(
+                "All vulnerabilities filtered out by severity configuration - check your minimumSeverity setting"
+            )
+            return
+
+        # Apply consolidation logic for findings that support it
+        if self._should_apply_consolidation(vulnerability_type):
+            yield from self._parse_findings_with_consolidation(filtered_nodes, vulnerability_type)
+        else:
+            # Use original parsing for vulnerability types that shouldn't be consolidated
+            yield from self.parse_findings_with_progress(filtered_nodes, vulnerability_type, task_id=None)
+
+    def _should_apply_consolidation(self, vulnerability_type: WizVulnerabilityType) -> bool:
+        """
+        Determine if consolidation should be applied for this vulnerability type.
+
+        :param WizVulnerabilityType vulnerability_type: The vulnerability type
+        :return: True if consolidation should be applied
+        :rtype: bool
+        """
+        # Apply consolidation to finding types that commonly affect multiple assets
+        consolidation_types = {
+            WizVulnerabilityType.HOST_FINDING,
+            WizVulnerabilityType.DATA_FINDING,
+            WizVulnerabilityType.VULNERABILITY,
+        }
+        return vulnerability_type in consolidation_types
+
+    def _parse_findings_with_consolidation(
+        self, nodes: List[Dict[str, Any]], vulnerability_type: WizVulnerabilityType
+    ) -> Iterator[IntegrationFinding]:
+        """
+        Parse findings with consolidation logic applied.
+
+        :param List[Dict[str, Any]] nodes: List of Wiz finding nodes
+        :param WizVulnerabilityType vulnerability_type: The vulnerability type
+        :yield: Consolidated IntegrationFinding objects
+        :rtype: Iterator[IntegrationFinding]
+        """
+        # Group nodes for potential consolidation
+        grouped_nodes = self._group_findings_for_consolidation(nodes)
+
+        # Process each group
+        for group_key, group_nodes in grouped_nodes.items():
+            if len(group_nodes) > 1:
+                # Multiple nodes with same rule - attempt consolidation
+                if consolidated_finding := self._create_consolidated_scanner_finding(group_nodes, vulnerability_type):
+                    yield consolidated_finding
+            else:
+                # Single node - process normally
+                if finding := self.parse_finding(group_nodes[0], vulnerability_type):
+                    yield finding
+
+    def _group_findings_for_consolidation(self, nodes: List[Dict[str, Any]]) -> Dict[str, List[Dict[str, Any]]]:
+        """
+        Group findings by rule and appropriate scope for consolidation.
+        - Database findings: group by server
+        - App Configuration findings: group by resource group
+        - Other findings: group by full resource path
+
+        :param List[Dict[str, Any]] nodes: List of Wiz finding nodes
+        :return: Dictionary mapping group keys to lists of nodes
+        :rtype: Dict[str, List[Dict[str, Any]]]
+        """
+        groups = {}
+
+        for node in nodes:
+            # Create a grouping key based on rule and appropriate scope
+            rule_name = self._get_rule_name_from_node(node)
+            provider_id = self._get_provider_id_from_node(node)
+
+            # Determine the appropriate grouping scope based on resource type
+            grouping_scope = self._determine_grouping_scope(provider_id, rule_name)
+
+            # Group key combines rule name and scope
+            group_key = f"{rule_name}|{grouping_scope}"
+
+            if group_key not in groups:
+                groups[group_key] = []
+            groups[group_key].append(node)
+
+        return groups
+
+    def _get_rule_name_from_node(self, node: Dict[str, Any]) -> str:
+        """Get rule name from various node structures."""
+        # Try different ways to get rule name
+        if source_rule := node.get("sourceRule"):
+            return source_rule.get("name", "")
+        return node.get("name", node.get("title", ""))
+
+    def _get_provider_id_from_node(self, node: Dict[str, Any]) -> str:
+        """Get provider ID from various node structures."""
+        # Try different ways to get provider ID
+        if entity_snapshot := node.get("entitySnapshot"):
+            return entity_snapshot.get("providerId", "")
+
+        # Try other asset lookup patterns
+        asset_fields = ["vulnerableAsset", "entity", "resource", "relatedEntity", "sourceEntity", "target"]
+        for field in asset_fields:
+            if asset_obj := node.get(field):
+                if provider_id := asset_obj.get("providerId"):
+                    return provider_id
+                # For vulnerability nodes, use asset ID if providerId is not available
+                if field == "vulnerableAsset" and (asset_id := asset_obj.get("id")):
+                    return asset_id
+
+        return ""
+
+    def _determine_grouping_scope(self, provider_id: str, rule_name: str) -> str:
+        """
+        Determine the appropriate grouping scope for consolidation.
+
+        :param str provider_id: The provider ID
+        :param str rule_name: The rule name
+        :return: The grouping scope (server, resource group, or full path)
+        :rtype: str
+        """
+        # For database issues, group by server
+        if "/databases/" in provider_id:
+            return provider_id.split("/databases/")[0]
+
+        # For App Configuration issues, group by resource group to consolidate multiple stores
+        if (
+            "app configuration" in rule_name.lower()
+            and "/microsoft.appconfiguration/configurationstores/" in provider_id
+        ):
+            # Extract resource group path: /subscriptions/.../resourcegroups/rg_name
+            parts = provider_id.split("/resourcegroups/")
+            if len(parts) >= 2:
+                rg_part = parts[1].split("/")[0]  # Get just the resource group name
+                return f"{parts[0]}/resourcegroups/{rg_part}"
+
+        # For other resources, use the full provider path (no consolidation)
+        return provider_id
+
+    def _create_consolidated_scanner_finding(
+        self, nodes: List[Dict[str, Any]], vulnerability_type: WizVulnerabilityType
+    ) -> Optional[IntegrationFinding]:
+        """
+        Create a consolidated finding from multiple nodes with the same rule.
+
+        :param List[Dict[str, Any]] nodes: List of nodes to consolidate
+        :param WizVulnerabilityType vulnerability_type: The vulnerability type
+        :return: Consolidated IntegrationFinding or None
+        :rtype: Optional[IntegrationFinding]
+        """
+        # Use the first node as the base
+        base_node = nodes[0]
+
+        # Collect all asset identifiers and provider IDs
+        asset_ids = []
+        provider_ids = []
+
+        for node in nodes:
+            if asset_id := self.get_asset_id_from_node(node, vulnerability_type):
+                asset_ids.append(asset_id)
+            if provider_id := self.get_provider_unique_id_from_node(node, vulnerability_type):
+                provider_ids.append(provider_id)
+
+        # If we couldn't extract asset info, fall back to normal parsing
+        if not asset_ids:
+            return self.parse_finding(base_node, vulnerability_type)
+
+        # Create the finding using normal parsing, then override asset identifiers
+        base_finding = self.parse_finding(base_node, vulnerability_type)
+        if not base_finding:
+            return None
+
+        # Override with consolidated asset information
+        base_finding.asset_identifier = asset_ids[0]  # Use first asset as primary
+        base_finding.issue_asset_identifier_value = "\n".join(provider_ids) if provider_ids else None
+
+        return base_finding
 
     @classmethod
     def get_issue_severity(cls, severity: str) -> regscale_models.IssueSeverity:
@@ -682,6 +1117,44 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         """
         return cls.finding_severity_map.get(severity.capitalize(), regscale_models.IssueSeverity.Low)
 
+    def should_process_finding_by_severity(self, wiz_severity: str) -> bool:
+        """
+        Check if finding should be processed based on minimum severity configuration.
+
+        :param str wiz_severity: The Wiz severity level (e.g., "INFORMATIONAL", "Low", "Medium", etc.)
+        :return: True if finding should be processed, False if it should be filtered out
+        :rtype: bool
+        """
+        # Get minimum severity from configuration, default to "low"
+        min_severity = self.app.config.get("scanners", {}).get("wiz", {}).get("minimumSeverity", "low").lower()
+
+        # Log the configuration being used (only once to avoid spam)
+        if not hasattr(self, "_severity_config_logged"):
+            logger.debug(f"SEVERITY FILTER CONFIG: minimumSeverity = '{min_severity}'")
+            self._severity_config_logged = True
+
+        # Define severity hierarchy (lower index = higher severity)
+        # Note: "info", "informational", and "none" are all treated as informational
+        severity_hierarchy = ["critical", "high", "medium", "low", "informational", "info", "none"]
+
+        try:
+            wiz_severity_lower = wiz_severity.lower()
+
+            # Handle empty or None severity values - treat as informational
+            # Normalize "info" to "informational" for consistent processing
+            if not wiz_severity_lower or wiz_severity_lower == "none" or wiz_severity_lower == "info":
+                wiz_severity_lower = "informational"
+
+            min_severity_index = severity_hierarchy.index(min_severity)
+            finding_severity_index = severity_hierarchy.index(wiz_severity_lower)
+
+            # Process if finding severity is equal or higher (lower index) than minimum
+            return finding_severity_index <= min_severity_index
+        except ValueError:
+            # If severity not found in hierarchy, default to processing it
+            logger.warning(f"Unknown severity level: {wiz_severity}, processing anyway")
+            return True
+
     def process_comments(self, comments_dict: Dict) -> Optional[str]:
         """
         Processes comments from Wiz findings to match RegScale's comment format.
@@ -694,7 +1167,8 @@ class WizVulnerabilityIntegration(ScannerIntegration):
 
         if comments := comments_dict.get("comments", {}).get("edges", []):
             formatted_comments = [
-                f"{edge.get('node', {}).get('author', {}).get('name', 'Unknown')}: {edge.get('node', {}).get('body', 'No comment')}"
+                f"{edge.get('node', {}).get('author', {}).get('name', 'Unknown')}: "
+                f"{edge.get('node', {}).get('body', 'No comment')}"
                 for edge in comments
             ]
             # Join with newlines
@@ -712,10 +1186,10 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         """
         # Define asset lookup patterns for different vulnerability types
         asset_lookup_patterns = {
-            # WizVulnerabilityType.VULNERABILITY: "vulnerableAsset",
-            # WizVulnerabilityType.CONFIGURATION: "resource",
-            # WizVulnerabilityType.HOST_FINDING: "resource",
-            # WizVulnerabilityType.DATA_FINDING: "resource",
+            WizVulnerabilityType.VULNERABILITY: "vulnerableAsset",
+            WizVulnerabilityType.CONFIGURATION: "resource",
+            WizVulnerabilityType.HOST_FINDING: "resource",
+            WizVulnerabilityType.DATA_FINDING: "resource",
             WizVulnerabilityType.SECRET_FINDING: "resource",
             WizVulnerabilityType.NETWORK_EXPOSURE_FINDING: "exposedEntity",
             WizVulnerabilityType.END_OF_LIFE_FINDING: "vulnerableAsset",
@@ -733,8 +1207,81 @@ class WizVulnerabilityIntegration(ScannerIntegration):
             return graph_entity.get("id")
 
         # Standard case - direct id access
-        asset_container = node.get(asset_lookup_key, {})
-        return asset_container.get("id")
+        asset_container = node.get(asset_lookup_key) or {}
+        asset_id = asset_container.get("id") if isinstance(asset_container, dict) else None
+
+        # Add debug logging to help diagnose missing assets
+        if not asset_id:
+            logger.debug(
+                f"No asset ID found for {vulnerability_type.value} using key '{asset_lookup_key}'. "
+                f"Available keys in node: {list(node.keys())}"
+            )
+            # Try alternative lookup patterns as fallback
+            fallback_keys = ["vulnerableAsset", "resource", "exposedEntity", "entitySnapshot"]
+            for fallback_key in fallback_keys:
+                if fallback_key != asset_lookup_key and fallback_key in node:
+                    fallback_asset = node.get(fallback_key) or {}
+                    if isinstance(fallback_asset, dict) and (fallback_id := fallback_asset.get("id")):
+                        logger.debug(
+                            f"Found asset ID using fallback key '{fallback_key}' for {vulnerability_type.value}"
+                        )
+                        return fallback_id
+
+        return asset_id
+
+    def get_provider_unique_id_from_node(
+        self, node: Dict[str, Any], vulnerability_type: WizVulnerabilityType
+    ) -> Optional[str]:
+        """
+        Get the providerUniqueId from a node based on the vulnerability type.
+        This provides more meaningful asset identification for eMASS exports.
+
+        :param Dict[str, Any] node: The Wiz finding node
+        :param WizVulnerabilityType vulnerability_type: The type of vulnerability
+        :return: The providerUniqueId or fallback to asset name/ID
+        :rtype: Optional[str]
+        """
+        # Define asset lookup patterns for different vulnerability types - aligned with get_asset_id_from_node
+        asset_lookup_patterns = {
+            WizVulnerabilityType.VULNERABILITY: "vulnerableAsset",
+            WizVulnerabilityType.CONFIGURATION: "resource",
+            WizVulnerabilityType.HOST_FINDING: "resource",
+            WizVulnerabilityType.DATA_FINDING: "resource",
+            WizVulnerabilityType.SECRET_FINDING: "resource",
+            WizVulnerabilityType.NETWORK_EXPOSURE_FINDING: "exposedEntity",
+            WizVulnerabilityType.END_OF_LIFE_FINDING: "vulnerableAsset",
+            WizVulnerabilityType.EXTERNAL_ATTACH_SURFACE: "exposedEntity",
+            WizVulnerabilityType.EXCESSIVE_ACCESS_FINDING: "scope",
+            WizVulnerabilityType.ISSUE: "entitySnapshot",
+        }
+
+        asset_lookup_key = asset_lookup_patterns.get(vulnerability_type, "entitySnapshot")
+
+        if asset_lookup_key == "scope":
+            # Handle special case for excessive access findings where ID is nested
+            scope = node.get("scope", {})
+            graph_entity = scope.get("graphEntity", {})
+            # Try providerUniqueId first, fallback to name, then id
+            return graph_entity.get("providerUniqueId") or graph_entity.get("name") or graph_entity.get("id")
+
+        # Standard case - get asset container and extract provider identifier
+        asset_container = node.get(asset_lookup_key) or {}
+
+        # Ensure asset_container is a dict before accessing
+        if not isinstance(asset_container, dict):
+            return None
+
+        # For Issue queries, the field is called 'providerId' instead of 'providerUniqueId'
+        if vulnerability_type == WizVulnerabilityType.ISSUE:
+            return (
+                asset_container.get("providerId")
+                or asset_container.get("providerUniqueId")
+                or asset_container.get("name")
+                or asset_container.get("id")
+            )
+
+        # For other queries, try providerUniqueId first
+        return asset_container.get("providerUniqueId") or asset_container.get("name") or asset_container.get("id")
 
     def parse_finding(
         self, node: Dict[str, Any], vulnerability_type: WizVulnerabilityType
@@ -751,43 +1298,30 @@ class WizVulnerabilityIntegration(ScannerIntegration):
             # Route to specific parsing method based on vulnerability type
             if vulnerability_type == WizVulnerabilityType.SECRET_FINDING:
                 return self._parse_secret_finding(node)
-            elif vulnerability_type == WizVulnerabilityType.NETWORK_EXPOSURE_FINDING:
+            if vulnerability_type == WizVulnerabilityType.NETWORK_EXPOSURE_FINDING:
                 return self._parse_network_exposure_finding(node)
-            elif vulnerability_type == WizVulnerabilityType.EXTERNAL_ATTACH_SURFACE:
+            if vulnerability_type == WizVulnerabilityType.EXTERNAL_ATTACH_SURFACE:
                 return self._parse_external_attack_surface_finding(node)
-            elif vulnerability_type == WizVulnerabilityType.EXCESSIVE_ACCESS_FINDING:
+            if vulnerability_type == WizVulnerabilityType.EXCESSIVE_ACCESS_FINDING:
                 return self._parse_excessive_access_finding(node)
-            elif vulnerability_type == WizVulnerabilityType.END_OF_LIFE_FINDING:
+            if vulnerability_type == WizVulnerabilityType.END_OF_LIFE_FINDING:
                 return self._parse_end_of_life_finding(node)
-            else:
-                # Fallback to generic parsing for any other types
-                return self._parse_generic_finding(node, vulnerability_type)
+            # Fallback to generic parsing for any other types
+            return self._parse_generic_finding(node, vulnerability_type)
         except (KeyError, TypeError, ValueError) as e:
             logger.error("Error parsing Wiz finding: %s", str(e), exc_info=True)
             return None
 
-    def _parse_secret_finding(self, node: Dict[str, Any]) -> Optional[IntegrationFinding]:
+    def _get_secret_finding_data(self, node: Dict[str, Any]) -> Dict[str, Any]:
         """
-        Parse secret finding from Wiz.
+        Extract data specific to secret findings.
 
         :param Dict[str, Any] node: The Wiz finding node to parse
-        :return: The parsed IntegrationFinding or None if parsing fails
-        :rtype: Optional[IntegrationFinding]
+        :return: Dictionary containing secret-specific data
+        :rtype: Dict[str, Any]
         """
-        asset_id = node.get("resource", {}).get("id")
-        if not asset_id:
-            return None
-
-        first_seen = node.get("firstSeenAt") or get_current_datetime()
-        first_seen = format_to_regscale_iso(first_seen)
-        severity = self.get_issue_severity(node.get("severity", "Low"))
-        due_date = regscale_models.Issue.get_due_date(severity, self.app.config, "wiz", first_seen)
-
-        # Create meaningful title for secret findings
         secret_type = node.get("type", "Unknown Secret")
         resource_name = node.get("resource", {}).get("name", "Unknown Resource")
-        title = f"Secret Detected: {secret_type} in {resource_name}"
-
         # Build description with secret details
         description_parts = [
             f"Secret type: {secret_type}",
@@ -799,52 +1333,152 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         if rule := node.get("rule", {}):
             description_parts.append(f"Detection rule: {rule.get('name', 'Unknown')}")
 
-        description = "\n".join(description_parts)
-
-        return IntegrationFinding(
-            control_labels=[],
-            category="Wiz Secret Detection",
-            title=title,
-            description=description,
-            severity=severity,
-            status=self.map_status_to_issue_status(node.get("status", "Open")),
-            asset_identifier=asset_id,
-            external_id=node.get("id"),
-            first_seen=first_seen,
-            date_created=first_seen,
-            last_seen=format_to_regscale_iso(node.get("lastSeenAt") or get_current_datetime()),
-            remediation=f"Remove or properly secure the {secret_type} secret found in {resource_name}",
-            plugin_name=f"Wiz Secret Detection - {secret_type}",
-            vulnerability_type=WizVulnerabilityType.SECRET_FINDING.value,
-            due_date=due_date,
-            date_last_updated=format_to_regscale_iso(get_current_datetime()),
-            identification="Secret Scanning",
-        )
+        return {
+            "category": "Wiz Secret Detection",
+            "title": f"Secret Detected: {secret_type} in {resource_name}",
+            "description": "\n".join(description_parts),
+            "remediation": f"Remove or properly secure the {secret_type} secret found in {resource_name}",
+            "plugin_name": f"Wiz Secret Detection - {secret_type}",
+            "identification": "Secret Scanning",
+        }
 
-    def _parse_network_exposure_finding(self, node: Dict[str, Any]) -> Optional[IntegrationFinding]:
-        """Parse network exposure finding from Wiz.
+    def _parse_secret_finding(self, node: Dict[str, Any]) -> Optional[IntegrationFinding]:
+        """
+        Parse secret finding from Wiz.
+
+        :param Dict[str, Any] node: The Wiz finding node to parse
+        :return: The parsed IntegrationFinding or None if parsing fails
+        :rtype: Optional[IntegrationFinding]
+        """
+        finding_data = self._get_secret_finding_data(node)
+        return self._create_integration_finding(node, WizVulnerabilityType.SECRET_FINDING, finding_data)
+
+    def _create_integration_finding(
+        self, node: Dict[str, Any], vulnerability_type: WizVulnerabilityType, finding_data: Dict[str, Any]
+    ) -> Optional[IntegrationFinding]:
+        """
+        Unified method to create IntegrationFinding objects from Wiz data.
 
         :param Dict[str, Any] node: The Wiz finding node to parse
+        :param WizVulnerabilityType vulnerability_type: The type of vulnerability
+        :param Dict[str, Any] finding_data: Finding-specific data (title, description, etc.)
         :return: The parsed IntegrationFinding or None if parsing fails
         :rtype: Optional[IntegrationFinding]
         """
-        asset_id = node.get("exposedEntity", {}).get("id")
+        # Get asset identifier
+        asset_id = self.get_asset_id_from_node(node, vulnerability_type)
         if not asset_id:
+            logger.debug(
+                f"Skipping {vulnerability_type.value} finding '{node.get('name', 'Unknown')}' "
+                f"(ID: {node.get('id', 'Unknown')}) - no asset identifier found"
+            )
             return None
 
-        first_seen = node.get("firstSeenAt") or get_current_datetime()
-        first_seen = format_to_regscale_iso(first_seen)
+        # Get meaningful asset identifier for eMASS exports
+        provider_unique_id = self.get_provider_unique_id_from_node(node, vulnerability_type)
 
-        # Network exposures typically don't have explicit severity, assume Medium
-        severity = regscale_models.IssueSeverity.Moderate
+        # Parse dates
+        first_seen = self._get_first_seen_date(node)
+        last_seen = self._get_last_seen_date(node, first_seen)
+        # Get severity and calculate due date
+        severity = self.get_issue_severity(finding_data.get("severity") or node.get("severity", "Low"))
         due_date = regscale_models.Issue.get_due_date(severity, self.app.config, "wiz", first_seen)
 
-        # Create meaningful title for network exposure
+        # Get status with diagnostic logging
+        wiz_status = node.get("status", "Open")
+        logger.debug(f"Processing Wiz finding {node.get('id', 'Unknown')}: raw status from node = '{wiz_status}'")
+        status = self.map_status_to_issue_status(wiz_status)
+
+        # Add diagnostic logging for unexpected issue closure
+        if status == regscale_models.IssueStatus.Closed and wiz_status.upper() not in ["RESOLVED", "REJECTED"]:
+            logger.warning(
+                f"Unexpected issue closure: Wiz status '{wiz_status}' mapped to Closed status "
+                f"for finding {node.get('id', 'Unknown')} - '{finding_data.get('title', 'Unknown')}'. "
+                f"This may indicate a mapping configuration issue."
+            )
+
+        # Process comments if available
+        comments_dict = node.get("commentThread", {})
+        formatted_comments = self.process_comments(comments_dict) if comments_dict else None
+
+        # Build IntegrationFinding with unified data structure
+        integration_finding_data = {
+            "control_labels": [],
+            "category": finding_data.get("category", "Wiz Vulnerability"),
+            "title": finding_data.get("title", node.get("name", "Unknown vulnerability")),
+            "description": finding_data.get("description", node.get("description", "")),
+            "severity": severity,
+            "status": status,
+            "asset_identifier": asset_id,
+            "issue_asset_identifier_value": provider_unique_id,
+            "external_id": finding_data.get("external_id", node.get("id")),
+            "first_seen": first_seen,
+            "date_created": first_seen,
+            "last_seen": last_seen,
+            "remediation": finding_data.get("remediation", node.get("description", "")),
+            "plugin_name": finding_data.get("plugin_name", node.get("name", "Unknown")),
+            "vulnerability_type": vulnerability_type.value,
+            "due_date": due_date,
+            "date_last_updated": format_to_regscale_iso(get_current_datetime()),
+            "identification": finding_data.get("identification", "Vulnerability Assessment"),
+        }
+
+        # Add optional fields if present
+        if formatted_comments:
+            integration_finding_data["comments"] = formatted_comments
+            integration_finding_data["poam_comments"] = formatted_comments
+
+        # Add CVE-specific fields for generic findings
+        if finding_data.get("cve"):
+            integration_finding_data["cve"] = finding_data["cve"]
+        if finding_data.get("cvss_score"):
+            integration_finding_data["cvss_score"] = finding_data["cvss_score"]
+            integration_finding_data["cvss_v3_base_score"] = finding_data["cvss_score"]
+        if finding_data.get("source_rule_id"):
+            integration_finding_data["source_rule_id"] = finding_data["source_rule_id"]
+
+        return IntegrationFinding(**integration_finding_data)
+
+    def _get_first_seen_date(self, node: Dict[str, Any]) -> str:
+        """
+        Get the first seen date from a Wiz node, with fallbacks.
+
+        :param Dict[str, Any] node: The Wiz finding node
+        :return: ISO formatted first seen date
+        :rtype: str
+        """
+        first_seen = node.get("firstSeenAt") or node.get("firstDetectedAt") or get_current_datetime()
+        return format_to_regscale_iso(first_seen)
+
+    def _get_last_seen_date(self, node: Dict[str, Any], first_seen_fallback: str) -> str:
+        """
+        Get the last seen date from a Wiz node, with fallbacks.
+
+        :param Dict[str, Any] node: The Wiz finding node
+        :param str first_seen_fallback: Fallback date if no last seen available
+        :return: ISO formatted last seen date
+        :rtype: str
+        """
+        last_seen = (
+            node.get("lastSeenAt")
+            or node.get("lastDetectedAt")
+            or node.get("analyzedAt")
+            or first_seen_fallback
+            or get_current_datetime()
+        )
+        return format_to_regscale_iso(last_seen)
+
+    def _get_network_exposure_finding_data(self, node: Dict[str, Any]) -> Dict[str, Any]:
+        """
+        Extract data specific to network exposure findings.
+
+        :param Dict[str, Any] node: The Wiz finding node to parse
+        :return: Dictionary containing network exposure-specific data
+        :rtype: Dict[str, Any]
+        """
         exposed_entity = node.get("exposedEntity", {})
         entity_name = exposed_entity.get("name", "Unknown Entity")
         port_range = node.get("portRange", "Unknown Port")
-        title = f"Network Exposure: {entity_name} on {port_range}"
-
         # Build description with network details
         description_parts = [
             f"Exposed entity: {entity_name} ({exposed_entity.get('type', 'Unknown Type')})",
@@ -858,52 +1492,37 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         if net_protocols := node.get("networkProtocols"):
             description_parts.append(f"Network protocols: {', '.join(net_protocols)}")
 
-        description = "\n".join(description_parts)
-
-        return IntegrationFinding(
-            control_labels=[],
-            category="Wiz Network Exposure",
-            title=title,
-            description=description,
-            severity=severity,
-            status=IssueStatus.Open,
-            asset_identifier=asset_id,
-            external_id=node.get("id"),
-            first_seen=first_seen,
-            date_created=first_seen,
-            last_seen=first_seen,  # Network exposures may not have lastSeen
-            remediation=f"Review and restrict network access to {entity_name} on {port_range}",
-            plugin_name=f"Wiz Network Exposure - {port_range}",
-            vulnerability_type=WizVulnerabilityType.NETWORK_EXPOSURE_FINDING.value,
-            due_date=due_date,
-            date_last_updated=format_to_regscale_iso(get_current_datetime()),
-            identification="Network Security Assessment",
-        )
+        return {
+            "category": "Wiz Network Exposure",
+            "title": f"Network Exposure: {entity_name} on {port_range}",
+            "description": "\n".join(description_parts),
+            "severity": "Medium",  # Network exposures typically don't have explicit severity
+            "remediation": f"Review and restrict network access to {entity_name} on {port_range}",
+            "plugin_name": f"Wiz Network Exposure - {port_range}",
+            "identification": "Network Security Assessment",
+        }
 
-    def _parse_external_attack_surface_finding(self, node: Dict[str, Any]) -> Optional[IntegrationFinding]:
-        """Parse external attack surface finding from Wiz.
+    def _parse_network_exposure_finding(self, node: Dict[str, Any]) -> Optional[IntegrationFinding]:
+        """Parse network exposure finding from Wiz.
 
         :param Dict[str, Any] node: The Wiz finding node to parse
         :return: The parsed IntegrationFinding or None if parsing fails
         :rtype: Optional[IntegrationFinding]
         """
-        asset_id = node.get("exposedEntity", {}).get("id")
-        if not asset_id:
-            return None
+        finding_data = self._get_network_exposure_finding_data(node)
+        return self._create_integration_finding(node, WizVulnerabilityType.NETWORK_EXPOSURE_FINDING, finding_data)
 
-        first_seen = node.get("firstSeenAt") or get_current_datetime()
-        first_seen = format_to_regscale_iso(first_seen)
-
-        # External attack surface findings are typically high severity
-        severity = regscale_models.IssueSeverity.High
-        due_date = regscale_models.Issue.get_due_date(severity, self.app.config, "wiz", first_seen)
+    def _get_external_attack_surface_finding_data(self, node: Dict[str, Any]) -> Dict[str, Any]:
+        """
+        Extract data specific to external attack surface findings.
 
-        # Create meaningful title for external attack surface
+        :param Dict[str, Any] node: The Wiz finding node to parse
+        :return: Dictionary containing external attack surface-specific data
+        :rtype: Dict[str, Any]
+        """
         exposed_entity = node.get("exposedEntity", {})
         entity_name = exposed_entity.get("name", "Unknown Entity")
         port_range = node.get("portRange", "Unknown Port")
-        title = f"External Attack Surface: {entity_name} exposed on {port_range}"
-
         # Build description with attack surface details
         description_parts = [
             f"Externally exposed entity: {entity_name} ({exposed_entity.get('type', 'Unknown Type')})",
@@ -917,49 +1536,34 @@ class WizVulnerabilityIntegration(ScannerIntegration):
             endpoint_names = [ep.get("name", "Unknown") for ep in endpoints[:3]]  # Limit to first 3
             description_parts.append(f"Application endpoints: {', '.join(endpoint_names)}")
 
-        description = "\n".join(description_parts)
-
-        return IntegrationFinding(
-            control_labels=[],
-            category="Wiz External Attack Surface",
-            title=title,
-            description=description,
-            severity=severity,
-            status=IssueStatus.Open,
-            asset_identifier=asset_id,
-            external_id=node.get("id"),
-            first_seen=first_seen,
-            date_created=first_seen,
-            last_seen=first_seen,
-            remediation=f"Review external exposure of {entity_name} and implement proper access controls",
-            plugin_name=f"Wiz External Attack Surface - {port_range}",
-            vulnerability_type=WizVulnerabilityType.EXTERNAL_ATTACH_SURFACE.value,
-            due_date=due_date,
-            date_last_updated=format_to_regscale_iso(get_current_datetime()),
-            identification="External Attack Surface Assessment",
-        )
+        return {
+            "category": "Wiz External Attack Surface",
+            "title": f"External Attack Surface: {entity_name} exposed on {port_range}",
+            "description": "\n".join(description_parts),
+            "severity": "High",  # External attack surface findings are typically high severity
+            "remediation": f"Review external exposure of {entity_name} and implement proper access controls",
+            "plugin_name": f"Wiz External Attack Surface - {port_range}",
+            "identification": "External Attack Surface Assessment",
+        }
 
-    def _parse_excessive_access_finding(self, node: Dict[str, Any]) -> Optional[IntegrationFinding]:
-        """Parse excessive access finding from Wiz.
+    def _parse_external_attack_surface_finding(self, node: Dict[str, Any]) -> Optional[IntegrationFinding]:
+        """Parse external attack surface finding from Wiz.
 
         :param Dict[str, Any] node: The Wiz finding node to parse
         :return: The parsed IntegrationFinding or None if parsing fails
         :rtype: Optional[IntegrationFinding]
         """
-        scope = node.get("scope", {})
-        asset_id = scope.get("graphEntity", {}).get("id")
-        if not asset_id:
-            return None
+        finding_data = self._get_external_attack_surface_finding_data(node)
+        return self._create_integration_finding(node, WizVulnerabilityType.EXTERNAL_ATTACH_SURFACE, finding_data)
 
-        first_seen = get_current_datetime()  # Excessive access findings may not have firstSeen
-        first_seen = format_to_regscale_iso(first_seen)
-        severity = self.get_issue_severity(node.get("severity", "Medium"))
-        due_date = regscale_models.Issue.get_due_date(severity, self.app.config, "wiz", first_seen)
-
-        # Use the finding name directly as it's descriptive
-        title = node.get("name", "Excessive Access Detected")
-        description = node.get("description", "")
+    def _get_excessive_access_finding_data(self, node: Dict[str, Any]) -> Dict[str, Any]:
+        """
+        Extract data specific to excessive access findings.
 
+        :param Dict[str, Any] node: The Wiz finding node to parse
+        :return: Dictionary containing excessive access-specific data
+        :rtype: Dict[str, Any]
+        """
         # Add remediation details
         remediation_parts = [node.get("description", "")]
         if remediation_instructions := node.get("remediationInstructions"):
@@ -967,42 +1571,34 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         if policy_name := node.get("builtInPolicyRemediationName"):
             remediation_parts.append(f"Built-in policy: {policy_name}")
 
-        remediation = "\n".join(filter(None, remediation_parts))
-
-        return IntegrationFinding(
-            control_labels=[],
-            category="Wiz Excessive Access",
-            title=title,
-            description=description,
-            severity=severity,
-            status=self.map_status_to_issue_status(node.get("status", "Open")),
-            asset_identifier=asset_id,
-            external_id=node.get("id"),
-            first_seen=first_seen,
-            date_created=first_seen,
-            last_seen=first_seen,
-            remediation=remediation,
-            plugin_name=f"Wiz Excessive Access - {node.get('remediationType', 'Unknown')}",
-            vulnerability_type=WizVulnerabilityType.EXCESSIVE_ACCESS_FINDING.value,
-            due_date=due_date,
-            date_last_updated=format_to_regscale_iso(get_current_datetime()),
-            identification="Access Control Assessment",
-        )
+        return {
+            "category": "Wiz Excessive Access",
+            "title": node.get("name", "Excessive Access Detected"),
+            "description": node.get("description", ""),
+            "remediation": "\n".join(filter(None, remediation_parts)),
+            "plugin_name": f"Wiz Excessive Access - {node.get('remediationType', 'Unknown')}",
+            "identification": "Access Control Assessment",
+        }
 
-    def _parse_end_of_life_finding(self, node: Dict[str, Any]) -> Optional[IntegrationFinding]:
-        """Parse end of life finding from Wiz."""
-        asset_id = node.get("vulnerableAsset", {}).get("id")
-        if not asset_id:
-            return None
+    def _parse_excessive_access_finding(self, node: Dict[str, Any]) -> Optional[IntegrationFinding]:
+        """Parse excessive access finding from Wiz.
 
-        first_seen = node.get("firstDetectedAt") or get_current_datetime()
-        first_seen = format_to_regscale_iso(first_seen)
-        severity = self.get_issue_severity(node.get("severity", "High"))
-        due_date = regscale_models.Issue.get_due_date(severity, self.app.config, "wiz", first_seen)
+        :param Dict[str, Any] node: The Wiz finding node to parse
+        :return: The parsed IntegrationFinding or None if parsing fails
+        :rtype: Optional[IntegrationFinding]
+        """
+        finding_data = self._get_excessive_access_finding_data(node)
+        return self._create_integration_finding(node, WizVulnerabilityType.EXCESSIVE_ACCESS_FINDING, finding_data)
 
-        # Create meaningful title for end-of-life findings
+    def _get_end_of_life_finding_data(self, node: Dict[str, Any]) -> Dict[str, Any]:
+        """
+        Extract data specific to end of life findings.
+
+        :param Dict[str, Any] node: The Wiz finding node to parse
+        :return: Dictionary containing end of life-specific data
+        :rtype: Dict[str, Any]
+        """
         name = node.get("name", "Unknown Technology")
-        title = f"End of Life: {name}"
 
         # Build description with EOL details
         description_parts = [node.get("description", "")]
@@ -1011,42 +1607,30 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         if recommended_version := node.get("recommendedVersion"):
             description_parts.append(f"Recommended version: {recommended_version}")
 
-        description = "\n".join(filter(None, description_parts))
-
-        return IntegrationFinding(
-            control_labels=[],
-            category="Wiz End of Life",
-            title=title,
-            description=description,
-            severity=severity,
-            status=self.map_status_to_issue_status(node.get("status", "Open")),
-            asset_identifier=asset_id,
-            external_id=node.get("id"),
-            first_seen=first_seen,
-            date_created=first_seen,
-            last_seen=format_to_regscale_iso(node.get("lastDetectedAt") or get_current_datetime()),
-            remediation=f"Upgrade {name} to a supported version",
-            plugin_name=f"Wiz End of Life - {name}",
-            vulnerability_type=WizVulnerabilityType.END_OF_LIFE_FINDING.value,
-            due_date=due_date,
-            date_last_updated=format_to_regscale_iso(get_current_datetime()),
-            identification="Technology Lifecycle Assessment",
-        )
+        return {
+            "category": "Wiz End of Life",
+            "title": f"End of Life: {name}",
+            "description": "\n".join(filter(None, description_parts)),
+            "severity": "High",  # End of life findings are typically high severity
+            "remediation": f"Upgrade {name} to a supported version",
+            "plugin_name": f"Wiz End of Life - {name}",
+            "identification": "Technology Lifecycle Assessment",
+        }
 
-    def _parse_generic_finding(
-        self, node: Dict[str, Any], vulnerability_type: WizVulnerabilityType
-    ) -> Optional[IntegrationFinding]:
-        """Generic parsing method for fallback cases."""
-        asset_id = self.get_asset_id_from_node(node, vulnerability_type)
-        if not asset_id:
-            return None
+    def _parse_end_of_life_finding(self, node: Dict[str, Any]) -> Optional[IntegrationFinding]:
+        """Parse end of life finding from Wiz."""
+        finding_data = self._get_end_of_life_finding_data(node)
+        return self._create_integration_finding(node, WizVulnerabilityType.END_OF_LIFE_FINDING, finding_data)
 
-        first_seen = node.get("firstDetectedAt") or node.get("firstSeenAt") or get_current_datetime()
-        first_seen = format_to_regscale_iso(first_seen)
-        severity = self.get_issue_severity(node.get("severity", "Low"))
-        due_date = regscale_models.Issue.get_due_date(severity, self.app.config, "wiz", first_seen)
+    def _get_generic_finding_data(self, node: Dict[str, Any]) -> Dict[str, Any]:
+        """
+        Extract data specific to generic findings.
 
-        status = self.map_status_to_issue_status(node.get("status", "Open"))
+        :param Dict[str, Any] node: The Wiz finding node to parse
+        :param WizVulnerabilityType vulnerability_type: The type of vulnerability
+        :return: Dictionary containing generic finding-specific data
+        :rtype: Dict[str, Any]
+        """
         name: str = node.get("name", "")
         cve = (
             name
@@ -1054,36 +1638,25 @@ class WizVulnerabilityIntegration(ScannerIntegration):
             else node.get("cve", name)
         )
 
-        comments_dict = node.get("commentThread", {})
-        formatted_comments = self.process_comments(comments_dict)
-
-        return IntegrationFinding(
-            control_labels=[],
-            category="Wiz Vulnerability",
-            title=node.get("name", "Unknown vulnerability"),
-            description=node.get("description", ""),
-            severity=severity,
-            status=status,
-            asset_identifier=asset_id,
-            external_id=f"{node.get('sourceRule', {'id': cve}).get('id')}",
-            first_seen=first_seen,
-            date_created=first_seen,
-            last_seen=format_to_regscale_iso(
-                node.get("lastDetectedAt") or node.get("analyzedAt") or get_current_datetime()
-            ),
-            remediation=node.get("description", ""),
-            cvss_score=node.get("score"),
-            cve=cve,
-            plugin_name=cve,
-            cvss_v3_base_score=node.get("score"),
-            source_rule_id=node.get("sourceRule", {}).get("id"),
-            vulnerability_type=vulnerability_type.value,
-            due_date=due_date,
-            date_last_updated=format_to_regscale_iso(get_current_datetime()),
-            identification="Vulnerability Assessment",
-            comments=formatted_comments,
-            poam_comments=formatted_comments,
-        )
+        return {
+            "category": "Wiz Vulnerability",
+            "title": node.get("name", "Unknown vulnerability"),
+            "description": node.get("description", ""),
+            "external_id": f"{node.get('sourceRule', {'id': cve}).get('id')}",
+            "remediation": node.get("description", ""),
+            "plugin_name": cve,
+            "identification": "Vulnerability Assessment",
+            "cve": cve,
+            "cvss_score": node.get("score"),
+            "source_rule_id": node.get("sourceRule", {}).get("id"),
+        }
+
+    def _parse_generic_finding(
+        self, node: Dict[str, Any], vulnerability_type: WizVulnerabilityType
+    ) -> Optional[IntegrationFinding]:
+        """Generic parsing method for fallback cases."""
+        finding_data = self._get_generic_finding_data(node)
+        return self._create_integration_finding(node, vulnerability_type, finding_data)
 
     def get_compliance_settings(self):
         """
@@ -1161,12 +1734,22 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         """
         label_lower = label.lower()
 
-        # Check for open status mappings
-        if status_lower == "open" and label_lower in ["open", "active", "new"]:
+        logger.debug(f"Checking compliance label matching: status='{status_lower}', label='{label_lower}'")
+
+        # Check for open status mappings (including IN_PROGRESS)
+        if status_lower in ["open", "in_progress"] and label_lower in [
+            "open",
+            "active",
+            "new",
+            "in progress",
+            "in_progress",
+        ]:
+            logger.debug(f"Matched status '{status_lower}' with label '{label_lower}' -> IssueStatus.Open")
             return IssueStatus.Open
 
         # Check for closed status mappings
         if status_lower in ["resolved", "rejected"] and label_lower in ["closed", "resolved", "rejected", "completed"]:
+            logger.debug(f"Matched status '{status_lower}' with label '{label_lower}' -> IssueStatus.Closed")
             return IssueStatus.Closed
 
         return None
@@ -1181,12 +1764,20 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         """
         status_lower = status.lower()
 
-        if status_lower == "open":
+        # Add debug logging to trace status mapping
+        logger.debug(f"Mapping Wiz status: original='{status}', lowercase='{status_lower}'")
+
+        # Map open and in-progress statuses to Open
+        if status_lower in ["open", "in_progress"]:
+            logger.debug(f"Wiz status '{status}' mapped to IssueStatus.Open")
             return IssueStatus.Open
-        elif status_lower in ["resolved", "rejected"]:
+        # Map resolved and rejected statuses to Closed
+        if status_lower in ["resolved", "rejected"]:
+            logger.debug(f"Wiz status '{status}' mapped to IssueStatus.Closed")
             return IssueStatus.Closed
-        else:
-            return IssueStatus.Open
+        # Default to Open for any unknown status
+        logger.debug(f"Unknown Wiz status '{status}' encountered, defaulting to Open")
+        return IssueStatus.Open
 
     def fetch_assets(self, *args, **kwargs) -> Iterator[IntegrationAsset]:
         """
@@ -1296,6 +1887,13 @@ class WizVulnerabilityIntegration(ScannerIntegration):
 
         return software_version, software_vendor, software_name
 
+    @lru_cache()
+    def get_user_id(self) -> str:
+        """Function to return the default user ID
+        :return: The default user ID as a string
+        """
+        return RegScaleModel.get_user_id()
+
     def parse_asset(self, node: Dict[str, Any]) -> Optional[IntegrationAsset]:
         """
         Parses Wiz assets
@@ -1304,8 +1902,9 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         :return: The parsed IntegrationAsset
         :rtype: Optional[IntegrationAsset]
         """
-        name = node.get("name", "")
+
         wiz_entity = node.get("graphEntity", {})
+        name = wiz_entity.get("providerUniqueId") or node.get("name", "")
         if not wiz_entity:
             logger.warning("No graph entity found for asset %s", name)
             return None
@@ -1334,7 +1933,7 @@ class WizVulnerabilityIntegration(ScannerIntegration):
             other_tracking_number=node.get("id", ""),
             identifier=node.get("id", ""),
             asset_type=create_asset_type(node.get("type", "")),
-            asset_owner_id=ScannerVariables.userId,
+            asset_owner_id=self.get_user_id(),
             parent_id=self.plan_id,
             parent_module=regscale_models.SecurityPlan.get_module_slug(),
             asset_category=map_category(node),
@@ -1435,6 +2034,7 @@ class WizVulnerabilityIntegration(ScannerIntegration):
     def get_software_name(software_name_dict: dict, wiz_entity_properties: dict, node: dict) -> Optional[str]:
         """
         Gets the software name from the software name dictionary or Wiz entity properties.
+        If no software name is present, assigns a name based on the parent asset and assigned component type.
 
         :param dict software_name_dict: Dictionary containing software name and vendor
         :param dict wiz_entity_properties: Properties of the Wiz entity
@@ -1442,9 +2042,32 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         :return: Software name
         :rtype: Optional[str]
         """
-        if map_category(node) == regscale_models.AssetCategory.Software:
-            return software_name_dict.get("software_name") or wiz_entity_properties.get("nativeType")
-        return None
+        if map_category(node) != regscale_models.AssetCategory.Software:
+            return None
+
+        # First try CPE-derived software name
+        if software_name := software_name_dict.get("software_name"):
+            return software_name
+
+        # Then try nativeType if it exists and looks meaningful
+        native_type = wiz_entity_properties.get("nativeType")
+        if native_type and not native_type.startswith(("Microsoft.", "AWS::", "Google.")):
+            return native_type
+
+        # Finally, generate a name based on parent asset and component type
+        parent_name = node.get("name", "")
+        component_type = node.get("type", "").replace("_", " ").title()
+
+        if not parent_name:
+            return component_type
+
+        # Clean up parent name for better readability by removing
+        # common prefixes/suffixes that aren't meaningful
+        cleaned_parent = parent_name
+        for prefix in ["1-", "temp-", "test-"]:
+            if cleaned_parent.lower().startswith(prefix):
+                cleaned_parent = cleaned_parent[len(prefix) :]
+        return f"{cleaned_parent} - {component_type}" if cleaned_parent else component_type
 
     # Pre-compiled regex for better performance (ReDoS-safe pattern)
     _PACKAGE_PATTERN = re.compile(r"([^()]+) \(([^()]+)\)")
@@ -1481,37 +2104,27 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         :return: List of nodes as dictionaries
         :rtype: List[Dict]
         """
-        fetch_interval = datetime.timedelta(hours=WizVariables.wizFullPullLimitHours or 8)  # Interval to fetch new data
-        current_time = datetime.datetime.now()
-        check_file_path(os.path.dirname(file_path))
-
-        if os.path.exists(file_path):
-            file_mod_time = datetime.datetime.fromtimestamp(os.path.getmtime(file_path))
-            if current_time - file_mod_time < fetch_interval:
-                logger.info("File %s is newer than %s hours. Using cached data...", file_path, fetch_interval)
-                with open(file_path, "r", encoding="utf-8") as file:
-                    return json.load(file)
-            else:
-                logger.info("File %s is older than %s hours. Fetching new data...", file_path, fetch_interval)
-        else:
-            logger.info("File %s does not exist. Fetching new data...", file_path)
+        max_age_hours = WizVariables.wizFullPullLimitHours or 8
 
-        self.authenticate(WizVariables.wizClientId, WizVariables.wizClientSecret)
+        def fetch_fresh_data():
+            # Ensure we have a valid token (should already be set by caller)
+            if not self.wiz_token:
+                error_and_exit("Wiz token is not set. Please authenticate before calling fetch_wiz_data_if_needed.")
 
-        if not self.wiz_token:
-            error_and_exit("Wiz token is not set. Please authenticate first.")
+            return fetch_wiz_data(
+                query=query,
+                variables=variables,
+                api_endpoint_url=WizVariables.wizUrl,
+                token=self.wiz_token,
+                topic_key=topic_key,
+            )
 
-        nodes = fetch_wiz_data(
-            query=query,
-            variables=variables,
-            api_endpoint_url=WizVariables.wizUrl,
-            token=self.wiz_token,
-            topic_key=topic_key,
+        return FileOperations.load_cache_or_fetch(
+            file_path=file_path,
+            fetch_fn=fetch_fresh_data,
+            max_age_hours=max_age_hours,
+            save_cache=True,
         )
-        with open(file_path, "w", encoding="utf-8") as file:
-            json.dump(nodes, file)
-
-        return nodes
 
     def get_asset_by_identifier(self, identifier: str) -> Optional[regscale_models.Asset]:
         """
@@ -1546,7 +2159,11 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         :param str identifier: The missing asset identifier
         :rtype: None
         """
-        logger.info("🔍 Analyzing missing asset: %s", identifier)
+        # Only log detailed diagnostics for the first occurrence of each asset
+        if identifier in self.alerted_assets:
+            return
+
+        logger.debug("Analyzing missing asset: %s", identifier)
 
         # Define inventory files to search (constant moved up for clarity)
         inventory_files = (
@@ -1575,39 +2192,11 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         :return: Tuple of (asset_info, source_file) or (None, None)
         :rtype: tuple[Optional[Dict], Optional[str]]
         """
-        for file_path in file_paths:
-            if not os.path.exists(file_path):
-                continue
-
-            try:
-                asset_info = self._search_single_file(identifier, file_path)
-                if asset_info:
-                    return asset_info, file_path
-            except (json.JSONDecodeError, IOError) as e:
-                logger.debug("Error reading %s: %s", file_path, e)
-                continue
-
-        return None, None
-
-    def _search_single_file(self, identifier: str, file_path: str) -> Optional[Dict]:
-        """
-        Search for asset in a single JSON file
-
-        :param str identifier: Asset identifier to search for
-        :param str file_path: Path to JSON file
-        :return: Asset data if found, None otherwise
-        :rtype: Optional[Dict]
-        """
-        logger.debug("Searching for asset %s in %s", identifier, file_path)
-
-        with open(file_path, "r", encoding="utf-8") as f:
-            data = json.load(f)
-
-        if not isinstance(data, list):
-            return None
-
-        # Use generator expression for memory efficiency
-        return next((item for item in data if self._find_asset_in_node(item, identifier)), None)
+        return FileOperations.search_json_files(
+            identifier=identifier,
+            file_paths=list(file_paths),
+            match_fn=self._find_asset_in_node,
+        )
 
     def _log_found_asset_details(self, identifier: str, asset_info: Dict, source_file: str) -> None:
         """
@@ -1621,10 +2210,13 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         asset_type = self._extract_asset_type_from_node(asset_info)
         asset_name = self._extract_asset_name_from_node(asset_info)
 
-        logger.warning(
-            "🚨 MISSING ASSET FOUND: ID=%s, Type=%s, Name='%s', Source=%s\n"
-            "   💡 SOLUTION: Add '%s' to RECOMMENDED_WIZ_INVENTORY_TYPES in constants.py\n"
-            "   📍 Then re-run: regscale wiz inventory -id <plan_id> -p <project_id>",
+        # Track missing asset types for summary reporting
+        self._missing_asset_types.add(asset_type)
+
+        logger.info(
+            "Missing asset found in cached data - ID: %s, Type: %s, Name: '%s', Source: %s\n"
+            "   Action: Consider adding '%s' to RECOMMENDED_WIZ_INVENTORY_TYPES in constants.py\n"
+            "   Then re-run: regscale wiz inventory --wiz_project_id <project_id> -id <plan_id>",
             identifier,
             asset_type,
             asset_name,
@@ -1639,13 +2231,11 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         :param str identifier: Asset identifier
         :rtype: None
         """
-        logger.warning(
-            "❓ MISSING ASSET ANALYSIS: ID=%s\n"
-            "   Asset not found in any cached data files.\n"
-            "   This may indicate:\n"
-            "   - Asset from different Wiz project\n"
-            "   - Asset type not included in current queries\n"
-            "   - Asset deleted from Wiz but finding still exists",
+        logger.debug(
+            "Asset not found in cached data - ID: %s. Possible reasons: "
+            "(1) Asset from different Wiz project, "
+            "(2) Asset type not included in queries, "
+            "(3) Asset deleted from Wiz",
             identifier,
         )