v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Steampipe logo 
Hub
Plugins
turbot/wiz
Overview
12Tables
Versions
GitHub
steampipe plugin install wiz

Table: wiz_cloud_config_rule - Query Wiz Cloud Config Rules using SQL

Wiz Cloud Config Rules is a resource within Wiz that allows you to monitor and manage the configuration rules associated with your cloud resources. It provides a centralized way to set up and manage rules for various cloud resources, including virtual machines, databases, web applications, and more. Wiz Cloud Config Rules helps you ensure compliance and maintain desired configurations for your cloud resources.

Table Usage Guide

The wiz_cloud_config_rule table provides insights into configuration rules within Wiz Cloud Config Rules. As a cloud engineer, explore rule-specific details through this table, including rule identifiers, descriptions, compliance types, and associated metadata. Utilize it to uncover information about rules, such as those related to specific resources, the compliance status of resources, and the verification of rule compliance.

Examples

Basic info

Gain insights into the status and severity of your cloud configuration rules across different providers. This can help you assess the robustness of your cloud security and compliance measures.

select
  name,
  enabled,
  severity,
  cloud_provider,
  target_native_types,
  created_at
from
  wiz_cloud_config_rule;
select
  name,
  enabled,
  severity,
  cloud_provider,
  target_native_types,
  created_at
from
  wiz_cloud_config_rule;

List disabled rules

Uncover the details of inactive rules within your cloud configuration. This query is useful for identifying which rules have been disabled, allowing you to assess potential vulnerabilities and ensure optimal security settings.

select
  name,
  severity,
  cloud_provider,
  target_native_types,
  created_at
from
  wiz_cloud_config_rule
where
  not enabled;
select
  name,
  severity,
  cloud_provider,
  target_native_types,
  created_at
from
  wiz_cloud_config_rule
where
  enabled = 0;

List built-in rules

Explore which built-in rules are currently enabled, their severity level, and the specific cloud provider they apply to. This can help in understanding the existing security and compliance measures in place, and when they were created.

select
  name,
  enabled,
  severity,
  cloud_provider,
  target_native_types,
  created_at
from
  wiz_cloud_config_rule
where
  built_in;
select
  name,
  enabled,
  severity,
  cloud_provider,
  target_native_types,
  created_at
from
  wiz_cloud_config_rule
where
  built_in = 1;

List high-severity rules specific to AWS S3 bucket

Identify instances where high-severity rules are applied to your AWS S3 buckets. This can help prioritize security measures and ensure the most critical areas of your cloud storage are adequately protected.

select
  name,
  enabled,
  severity,
  cloud_provider,
  target_native_types,
  created_at
from
  wiz_cloud_config_rule
where
  cloud_provider = 'AWS'
  and severity = 'HIGH'
  and target_native_types ?| array [ 'bucket' ];
Error: SQLite does not support array operations.

List all findings of a rule specific to AWS S3 bucket in the last 3 days

Determine the areas in which high-severity AWS S3 bucket rules have been violated in the past three days. This can provide insight into potential security risks and areas for improvement in your cloud configuration.

with list_s3_bucket_rules as (
  select
    name,
    id
  from
    wiz_cloud_config_rule
  where
    cloud_provider = 'AWS'
    and severity = 'HIGH'
    and target_native_types ?| array [ 'bucket' ]
)
select
  r.name as rule_name,
  f.resource ->> 'Name' as resource_name,
  f.result as finding_status,
  f.analyzed_at
from
  wiz_cloud_configuration_finding as f
  join list_s3_bucket_rules as r on f.rule_id = r.id
  and f.severity = 'HIGH'
  and f.analyzed_at > (current_timestamp - interval '3 day');
with list_s3_bucket_rules as (
  select
    name,
    id
  from
    wiz_cloud_config_rule
  where
    cloud_provider = 'AWS'
    and severity = 'HIGH'
    and json_each(target_native_types) in ('bucket')
)
select
  r.name as rule_name,
  json_extract(f.resource, '$.Name') as resource_name,
  f.result as finding_status,
  f.analyzed_at
from
  wiz_cloud_configuration_finding as f
  join list_s3_bucket_rules as r on f.rule_id = r.id
  and f.severity = 'HIGH'
  and f.analyzed_at > datetime('now', '-3 day');

List rules with auto-remediation enabled

Discover the segments that have auto-remediation enabled, which helps in identifying rules that automatically correct violations, enhancing security and compliance within the cloud environment.

select
  name,
  enabled,
  severity,
  cloud_provider,
  target_native_types,
  created_at
from
  wiz_cloud_config_rule
where
  has_auto_remediation;
select
  name,
  enabled,
  severity,
  cloud_provider,
  target_native_types,
  created_at
from
  wiz_cloud_config_rule
where
  has_auto_remediation = 1;

Schema for wiz_cloud_config_rule

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
built_inbooleanIndicates whether the rule is built-in or custom.
cloud_providertext=The cloud provider this rule is relevant to. Possible values are: AWS, GCP, OCI, Alibaba, Azure, Kubernetes, OpenShift, vSphere.
controljsonbSpecifies the control information, in case this rule also functions as a control.
created_attimestamp with time zoneThe time when the rule was created.
created_byjsonbSpecifies the user object that created the rule.
descriptiontextThe description of the rule.
enabledboolean!=, =Rule enabled status.
function_as_rolebooleanMake this rule also function as a control which means findings by this control will also trigger Issues.
has_auto_remediationboolean!=, =If true, the rule will automatically remediate the failed resources as per remediation steps defined in the rule.
idtext=A unique identifier of the cloud configuration rule.
nametextThe name of the cloud configuration rule.
remediation_instructionstextA set of instructions provided for the remediation.
scoped_accountsjsonbA list of target cloud accounts where the rule is applied to. If empty, the rule will run on all environment.
service_typetext=The service this rule is relevant to.
severitytext=Rule severity will outcome to finding severity. This filed initial value is set as the severity of the CSPM rule. Possible values are: CRITICAL, HIGH, INFORMATIONAL, LOW, MEDIUM.
short_idtextA short unique identifier of the rule.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
supports_nrtboolean!=, =Indicates the support of 'near real time' updates.
target_native_typesjsonbThe identifier types of the objects targeted by this rule, as seen on the cloud provider service. e.g. 'ec2'.
updated_attimestamp with time zoneThe time when the rule was last modified.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- wiz

You can pass the configuration to the command with the --config argument:

steampipe_export_wiz --config '<your_config>' wiz_cloud_config_rule