Table: wiz_cloud_configuration_finding - Query Wiz Cloud Configuration Findings using SQL

Wiz Cloud Configuration Findings is a resource within Wiz that provides a comprehensive view of the security posture of your cloud environment. It identifies misconfigurations, compliance status, and potential vulnerabilities across various cloud resources. This resource helps you stay informed about the health and security of your cloud resources and take appropriate actions when security issues are detected.

Table Usage Guide

The wiz_cloud_configuration_finding table provides insights into your cloud environment's security posture. As a Security Analyst, explore specific details through this table, including misconfigurations, compliance status, and potential vulnerabilities. Utilize it to uncover information about security issues, such as those related to misconfigurations, the compliance status of resources, and the identification of potential vulnerabilities.

Important Notes

The table can return a large dataset based on the number of rules and the number of cloud accounts where the rule is applied; which can increase the query execution time. It is recommended that queries to this table should include (usually in the where clause) at least one of the following columns:
- analyzed_at
- result
- rule_id
- severity
- status

Examples

Basic info

Explore the findings of your cloud configuration analysis. This can help you assess the severity and status of any potential issues, allowing for timely and effective resolution.

select
  title,
  result,
  severity,
  analyzed_at,
  status
from
  wiz_cloud_configuration_finding;

select
  title,
  result,
  severity,
  analyzed_at,
  status
from
  wiz_cloud_configuration_finding;

List all failed resources with high severity

Gain insights into high-risk areas by identifying system resources with a high severity failure status. This can aid in prioritizing and addressing critical issues promptly for optimized system performance and security.

select
  title,
  result,
  severity,
  analyzed_at,
  status
from
  wiz_cloud_configuration_finding
where
  result = 'FAIL'
  and severity = 'HIGH';

select
  title,
  result,
  severity,
  analyzed_at,
  status
from
  wiz_cloud_configuration_finding
where
  result = 'FAIL'
  and severity = 'HIGH';

List failed resources which are not resolved

Identify unresolved, high-severity issues within your cloud configuration to prioritize and address potential vulnerabilities or misconfigurations.

select
  title,
  result,
  severity,
  analyzed_at,
  status
from
  wiz_cloud_configuration_finding
where
  result = 'FAIL'
  and status = 'OPEN'
  and severity = 'HIGH';

select
  title,
  result,
  severity,
  analyzed_at,
  status
from
  wiz_cloud_configuration_finding
where
  result = 'FAIL'
  and status = 'OPEN'
  and severity = 'HIGH';

List all findings detected in the last 3 days

Discover the segments that have been flagged with high severity issues in the last three days. This query helps in identifying unresolved, high-risk problems for prioritized troubleshooting.

select
  title,
  result,
  severity,
  analyzed_at,
  status
from
  wiz_cloud_configuration_finding
where
  result = 'FAIL'
  and status = 'OPEN'
  and severity = 'HIGH'
  and analyzed_at > (current_timestamp - interval '3 day');

select
  title,
  result,
  severity,
  analyzed_at,
  status
from
  wiz_cloud_configuration_finding
where
  result = 'FAIL'
  and status = 'OPEN'
  and severity = 'HIGH'
  and analyzed_at > datetime('now', '-3 day');

List failed resources with rule information

Identify instances where high severity resources have failed, including when the failure occurred and its current status. This information can help prioritize remediation efforts for resources that are not meeting compliance rules.

select
  title,
  result,
  severity,
  analyzed_at,
  status
from
  wiz_cloud_configuration_finding as f
  left join wiz_cloud_config_rule as r on f.rule ->> 'id' = r.id
  and f.result = 'FAIL'
  and f.status = 'OPEN'
  and f.severity = 'HIGH';

select
  title,
  result,
  severity,
  analyzed_at,
  status
from
  wiz_cloud_configuration_finding as f
  left join wiz_cloud_config_rule as r on json_extract(f.rule, '$.id') = r.id
  and f.result = 'FAIL'
  and f.status = 'OPEN'
  and f.severity = 'HIGH';

Schema for wiz_cloud_configuration_finding

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
analyzed_at	timestamp with time zone	=, >, >=, <, <=	The time when the finding was detected.
id	text	=	A unique identifier of the finding.
remediation	text		Specifies the steps to mitigate the issue that match this rule.
resolution_reason	text		The status resolution reason of the finding.
resource	jsonb		Specifies the configuration of the resource detected through the finding.
result	text	=	The outcome of the finding. Possible values are: ERROR, FAIL, NOT_ASSESSED, PASS.
rule_id	text	=	Specifies the rule against which the finding is generated.
severity	text	=	The finding severity. Possible values: CRITICAL, HIGH, LOW, MEDIUM, NONE.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
status	text	=	The status of the finding. Possible values: IN_PROGRESS, OPEN, REJECTED, RESOLVED.
subscription	jsonb		Specifies the cloud account where the rule was applied and the finding is generated.
title	text		The name of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- wiz

You can pass the configuration to the command with the --config argument:

steampipe_export_wiz --config '<your_config>' wiz_cloud_configuration_finding