Table: wiz_control - Query Wiz Controls using SQL
Wiz is a cloud security platform that provides visibility and threat detection for cloud infrastructure. It offers comprehensive coverage across the full stack of multi-cloud environments, identifying security risks in the most critical areas of vulnerability, such as identity and access, network and firewall, data and storage, and cloud native services. Wiz Controls are the specific security risks that the platform identifies and monitors, providing detailed insights into potential vulnerabilities and security threats.
Table Usage Guide
The wiz_control table provides insights into specific security risks within the Wiz cloud security platform. As a security analyst, explore control-specific details through this table, including risk severity, status, and associated metadata. Utilize it to uncover information about controls, such as those with high risk severity, the status of these risks, and the verification of mitigation efforts.
Examples
Basic info
Explore which security controls are currently active, their severity, and when they were created to better understand your system's security posture. This can help you identify potential vulnerabilities and prioritize remediation efforts.
select name, id, severity, enabled, type, created_atfrom wiz_control;select name, id, severity, enabled, type, created_atfrom wiz_control;List disabled controls
Explore which controls are currently disabled in your system. This query is useful for identifying potential system vulnerabilities and areas that may require attention or reconfiguration.
select name, id, severity, enabled, type, created_atfrom wiz_controlwhere not enabled;select name, id, severity, enabled, type, created_atfrom wiz_controlwhere not enabled;List controls with high severity
Discover the segments that have high severity controls activated. This is useful in prioritizing and managing risks within your system.
select name, id, severity, enabled, type, created_atfrom wiz_controlwhere enabled and severity = 'HIGH';select name, id, severity, enabled, type, created_atfrom wiz_controlwhere enabled and severity = 'HIGH';Get the count of open issues per control
Explore the number of unresolved issues for each control mechanism. This can help prioritize which controls require immediate attention and action.
select c.name, count(i.id) as issue_countfrom wiz_issue as i join wiz_control as c on i.control_id = c.id and i.status = 'OPEN' and c.enabledgroup by c.name;select c.name, count(i.id) as issue_countfrom wiz_issue as i join wiz_control as c on i.control_id = c.idwhere i.status = 'OPEN' and c.enabled = 1group by c.name;Get all issues created by a specific control
This example helps to identify all open issues that have been created by a specific control within your system. It's particularly useful for understanding the severity and status of these issues, as well as when they were created, thus aiding in prioritizing and managing system vulnerabilities.
select c.name as control_name, i.entity ->> 'name' as resource, i.severity as issue_severity, i.status as issue_status, i.created_atfrom wiz_issue as i join wiz_control as c on ( c.id = 'wc-id-613' and i.control_id = c.id and i.status = 'OPEN' and c.enabled );select c.name as control_name, json_extract(i.entity, '$.name') as resource, i.severity as issue_severity, i.status as issue_status, i.created_atfrom wiz_issue as i join wiz_control as c on ( c.id = 'wc-id-613' and i.control_id = c.id and i.status = 'OPEN' and c.enabled = 1 );Schema for wiz_control
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| created_at | timestamp with time zone | The time when the control was created. | |
| created_by | jsonb | The owner information of the control. | |
| description | text | The control description. | |
| enabled | boolean | !=, = | True, if the control is enabled. |
| enabled_for_hbi | boolean | If true, the control has High Business Impact (HBI). | |
| enabled_for_lbi | boolean | If true, the control has Low Business Impact (LBI). | |
| enabled_for_mbi | boolean | If true, the control has Medium Business Impact (MBI). | |
| enabled_for_unattributed | boolean | Enables control for projects which are not LBI/MBI/HBI. All controls should have this set to true by default. | |
| framework_category_id | text | = | The security framework ID that the control is associated with. |
| has_auto_remediation | boolean | !=, = | If true, the cloud configuration has auto remediation enabled. |
| id | text | = | The wiz identifier for the control. |
| last_run_at | timestamp with time zone | The time when the control was last run. | |
| last_run_error | text | The error that the controls gets during the last run, if any. | |
| last_successful_run_at | timestamp with time zone | The time of a successful control run. | |
| name | text | The name of the control. | |
| project_id | text | = | The project ID this control is scoped to. |
| query | jsonb | The query that the control runs. If query is null, this is a built in control with custom logic. | |
| resolution_recommendation | text | The guidance on how the user should address an issue that was created by this control. | |
| severity | text | = | The control severity. Possible values are: CRITICAL, HIGH, INFORMATIONAL, LOW, MEDIUM. |
| source_cloud_configuration_rule | jsonb | The information about the cloud configuration rule. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| supports_nrt | boolean | Indicates the support of 'near real time' updates. | |
| tags | jsonb | The list of tags associated with the control. | |
| type | text | = | The control type. Possible values are: CLOUD_CONFIGURATION, SECURITY_GRAPH. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- wizYou can pass the configuration to the command with the --config argument:
steampipe_export_wiz --config '<your_config>' wiz_control