steampipe plugin install wiz

Wiz + Steampipe

Wiz provides direct visibility, risk prioritization, and remediation guidance for development teams to address risks in their own infrastructure and applications so they can ship faster and more securely.

Steampipe is an open-source zero-ETL engine to instantly query cloud APIs using SQL.

List all critical issues:

select
id,
status,
severity,
created_at
from
wiz_issue
where
severity = 'CRITICAL';
+--------------------------------------+----------+----------+---------------------------+
| id | status | severity | created_at |
+--------------------------------------+----------+----------+---------------------------+
| fff8bfc2-c2f2-42ef-bfbc-2f4321ba85fd | OPEN | CRITICAL | 2022-10-06T18:37:35+05:30 |
| fff9b66f-bf5e-1234-b567-8afdded9a0b0 | RESOLVED | CRITICAL | 2022-11-02T21:25:08+05:30 |
| fff1a2f3-4b56-78ac-bf90-12a34da5f67d | OPEN | CRITICAL | 2022-09-28T23:40:49+05:30 |
+--------------------------------------+----------+----------+---------------------------+

Documentation

Quick start

Install

Download and install the latest Wiz plugin:

steampipe plugin install wiz

Credentials

ItemDescription
CredentialsWiz requires your application's Client ID and Client Secret to authenticate all requests. You can find this value on the Settings > Service Accounts page. Also, provide the GraphQL endpoint.
PermissionsAssign read:all scope to your service account.
RadiusEach connection represents a single Wiz installation.
Resolution1. Credentials explicitly set in a steampipe config file (~/.steampipe/config/wiz.spc)
2. Credentials specified in environment variables, e.g., WIZ_AUTH_CLIENT_ID, WIZ_AUTH_CLIENT_SECRET and WIZ_URL.

Configuration

Installing the latest wiz plugin will create a config file (~/.steampipe/config/wiz.spc) with a single connection named wiz:

connection "wiz" {
plugin = "wiz"
# `client_id` (required) - Application's Client ID.
# You can find this value on https://app.wiz.io/settings/service-accounts page.
# This can also be set via the `WIZ_AUTH_CLIENT_ID` environment variable.
# client_id = "8rp38Z6yb2cOSTeaMpPIpepAt99eg3ry"
# `client_secret` (required) - Application's Client Secret.
# You can find this value on https://app.wiz.io/settings/service-accounts page.
# This can also be set via the `WIZ_AUTH_CLIENT_SECRET` environment variable.
# client_secret = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IndJUnZwVWpBTU93WHQ5ZG5CXzRrVCJ9"
# `url` (required) - Wiz API endpoint. This varies for each Wiz deployment.
# See https://docs.wiz.io/wiz-docs/docs/using-the-wiz-api#the-graphql-endpoint.
# This can also be set via the `WIZ_URL` environment variable.
# url = "https://api.us1.app.wiz.io/graphql"
}

Alternatively, you can also use the standard Wiz environment variables to obtain credentials only if other arguments (client_id, client_secret and url) are not specified in the connection:

export WIZ_AUTH_CLIENT_ID=8rp38Z6yb2cOSTeaMpPIpepAt99eg3ry
export WIZ_AUTH_CLIENT_SECRET=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IndJUnZwVWpBTU93WHQ5ZG5CXzRrVCJ9
export WIZ_URL=https://api.us1.app.wiz.io/graphql

Postgres FDW

This plugin is available as a native Postgres FDW. Unlike Steampipe CLI, which ships with an embedded Postgres server instance, the Postgres FDW can be installed in any supported Postgres database version.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_postgres_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/postgres.sh)" -- wiz

The installer will prompt you for the plugin name and version, download and install the appropriate files for your OS, system architecture, and Postgres version.

To configure the Postgres FDW, you will create an extension, foreign server, and schema and import the foreign schema.

CREATE EXTENSION IF NOT EXISTS steampipe_postgres_wiz;
CREATE SERVER steampipe_wiz FOREIGN DATA WRAPPER steampipe_postgres_wiz OPTIONS (config '<your_config>');
CREATE SCHEMA wiz;
IMPORT FOREIGN SCHEMA wiz FROM SERVER steampipe_wiz INTO wiz;

SQLite Extension

This plugin is available as a SQLite Extension, making the tables available as SQLite virtual tables.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_sqlite_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/sqlite.sh)" -- wiz

The installer will prompt you for the plugin name, version, and destination directory. It will then determine the OS and system architecture, and it will download and install the appropriate package.

To configure the SQLite extension, load the extension module and then run the steampipe_configure_wiz function to configure it with plugin-specific options.

$ sqlite3
sqlite> .load ./steampipe_sqlite_extension_wiz.so
sqlite> select steampipe_configure_wiz('<your_config>');

Export

This plugin is available as a standalone Export CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- wiz

You can pass the configuration to the command with the --config argument:

steampipe_export_wiz --config '<your_config>' <table_name>