Table: wiz_cloud_config_rule - Query Wiz Cloud Config Rules using SQL
Wiz Cloud Config Rules is a resource within Wiz that allows you to monitor and manage the configuration rules associated with your cloud resources. It provides a centralized way to set up and manage rules for various cloud resources, including virtual machines, databases, web applications, and more. Wiz Cloud Config Rules helps you ensure compliance and maintain desired configurations for your cloud resources.
Table Usage Guide
The wiz_cloud_config_rule table provides insights into configuration rules within Wiz Cloud Config Rules. As a cloud engineer, explore rule-specific details through this table, including rule identifiers, descriptions, compliance types, and associated metadata. Utilize it to uncover information about rules, such as those related to specific resources, the compliance status of resources, and the verification of rule compliance.
Examples
Basic info
Gain insights into the status and severity of your cloud configuration rules across different providers. This can help you assess the robustness of your cloud security and compliance measures.
select name, enabled, severity, cloud_provider, target_native_types, created_atfrom wiz_cloud_config_rule;select name, enabled, severity, cloud_provider, target_native_types, created_atfrom wiz_cloud_config_rule;List disabled rules
Uncover the details of inactive rules within your cloud configuration. This query is useful for identifying which rules have been disabled, allowing you to assess potential vulnerabilities and ensure optimal security settings.
select name, severity, cloud_provider, target_native_types, created_atfrom wiz_cloud_config_rulewhere not enabled;select name, severity, cloud_provider, target_native_types, created_atfrom wiz_cloud_config_rulewhere enabled = 0;List built-in rules
Explore which built-in rules are currently enabled, their severity level, and the specific cloud provider they apply to. This can help in understanding the existing security and compliance measures in place, and when they were created.
select name, enabled, severity, cloud_provider, target_native_types, created_atfrom wiz_cloud_config_rulewhere built_in;select name, enabled, severity, cloud_provider, target_native_types, created_atfrom wiz_cloud_config_rulewhere built_in = 1;List high-severity rules specific to AWS S3 bucket
Identify instances where high-severity rules are applied to your AWS S3 buckets. This can help prioritize security measures and ensure the most critical areas of your cloud storage are adequately protected.
select name, enabled, severity, cloud_provider, target_native_types, created_atfrom wiz_cloud_config_rulewhere cloud_provider = 'AWS' and severity = 'HIGH' and target_native_types ?| array [ 'bucket' ];Error: SQLite does not support array operations.List all findings of a rule specific to AWS S3 bucket in the last 3 days
Determine the areas in which high-severity AWS S3 bucket rules have been violated in the past three days. This can provide insight into potential security risks and areas for improvement in your cloud configuration.
with list_s3_bucket_rules as ( select name, id from wiz_cloud_config_rule where cloud_provider = 'AWS' and severity = 'HIGH' and target_native_types ?| array [ 'bucket' ])select r.name as rule_name, f.resource ->> 'Name' as resource_name, f.result as finding_status, f.analyzed_atfrom wiz_cloud_configuration_finding as f join list_s3_bucket_rules as r on f.rule_id = r.id and f.severity = 'HIGH' and f.analyzed_at > (current_timestamp - interval '3 day');with list_s3_bucket_rules as ( select name, id from wiz_cloud_config_rule where cloud_provider = 'AWS' and severity = 'HIGH' and json_each(target_native_types) in ('bucket'))select r.name as rule_name, json_extract(f.resource, '$.Name') as resource_name, f.result as finding_status, f.analyzed_atfrom wiz_cloud_configuration_finding as f join list_s3_bucket_rules as r on f.rule_id = r.id and f.severity = 'HIGH' and f.analyzed_at > datetime('now', '-3 day');List rules with auto-remediation enabled
Discover the segments that have auto-remediation enabled, which helps in identifying rules that automatically correct violations, enhancing security and compliance within the cloud environment.
select name, enabled, severity, cloud_provider, target_native_types, created_atfrom wiz_cloud_config_rulewhere has_auto_remediation;select name, enabled, severity, cloud_provider, target_native_types, created_atfrom wiz_cloud_config_rulewhere has_auto_remediation = 1;Schema for wiz_cloud_config_rule
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| built_in | boolean | Indicates whether the rule is built-in or custom. | |
| cloud_provider | text | = | The cloud provider this rule is relevant to. Possible values are: AWS, GCP, OCI, Alibaba, Azure, Kubernetes, OpenShift, vSphere. |
| control | jsonb | Specifies the control information, in case this rule also functions as a control. | |
| created_at | timestamp with time zone | The time when the rule was created. | |
| created_by | jsonb | Specifies the user object that created the rule. | |
| description | text | The description of the rule. | |
| enabled | boolean | !=, = | Rule enabled status. |
| function_as_role | boolean | Make this rule also function as a control which means findings by this control will also trigger Issues. | |
| has_auto_remediation | boolean | !=, = | If true, the rule will automatically remediate the failed resources as per remediation steps defined in the rule. |
| id | text | = | A unique identifier of the cloud configuration rule. |
| name | text | The name of the cloud configuration rule. | |
| remediation_instructions | text | A set of instructions provided for the remediation. | |
| scoped_accounts | jsonb | A list of target cloud accounts where the rule is applied to. If empty, the rule will run on all environment. | |
| service_type | text | = | The service this rule is relevant to. |
| severity | text | = | Rule severity will outcome to finding severity. This filed initial value is set as the severity of the CSPM rule. Possible values are: CRITICAL, HIGH, INFORMATIONAL, LOW, MEDIUM. |
| short_id | text | A short unique identifier of the rule. | |
| supports_nrt | boolean | !=, = | Indicates the support of 'near real time' updates. |
| target_native_types | jsonb | The identifier types of the objects targeted by this rule, as seen on the cloud provider service. e.g. 'ec2'. | |
| updated_at | timestamp with time zone | The time when the rule was last modified. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- wizYou can pass the configuration to the command with the --config argument:
steampipe_export_wiz --config '<your_config>' wiz_cloud_config_rule