v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →

Plugins

turbot/wiz

steampipe plugin install wizsteampipe plugin install wiz

wiz_cloud_config_rule wiz_cloud_configuration_finding wiz_control wiz_issue wiz_project wiz_security_category wiz_security_framework wiz_service_account wiz_subscription wiz_user wiz_user_role wiz_vulnerability_finding

Table: wiz_issue - Query Wiz Issues using SQL

Wiz is a Cloud Security Posture Management (CSPM) tool that provides continuous security posture monitoring for cloud environments. It identifies security risks and vulnerabilities across a wide range of categories, including misconfigurations, policy violations, and threats. Wiz provides a holistic view of your security posture, enabling you to identify and remediate issues quickly and effectively.

Table Usage Guide

The wiz_issue table provides insights into the security issues identified by Wiz in your cloud environment. As a security engineer, you can use this table to explore detailed information about each issue, including its severity, status, and associated resources. This can help you prioritize remediation efforts and improve your overall security posture.

Important Notes

The table can return a large dataset; which can increase the query execution time. It is recommended that queries to this table should include (usually in the where clause) at least one of these columns:
- control_id
- created_at
- framework_category_id
- resolution_reason
- severity
- status

Examples

Basic info

Explore which issues have been logged in your system, their severity and status, and when they were created. This can help you understand the range and depth of problems encountered, and the reasons provided for their resolution.

select
  id,
  status,
  severity,
  created_at,
  resolution_reason
from
  wiz_issue;

select
  id,
  status,
  severity,
  created_at,
  resolution_reason
from
  wiz_issue;

List critical issues

Pinpoint the specific instances where critical issues have arisen. This can assist in prioritizing problem-solving efforts and focusing on the most significant challenges first.

select
  id,
  status,
  severity,
  created_at
from
  wiz_issue
where
  severity = 'CRITICAL';

select
  id,
  status,
  severity,
  created_at
from
  wiz_issue
where
  severity = 'CRITICAL';

List high severity open issues

Discover the segments that contain high severity issues that are still open. This can be particularly useful in prioritizing and addressing critical issues promptly to minimize potential impacts.

select
  id,
  status,
  severity,
  created_at
from
  wiz_issue
where
  severity = 'HIGH'
  and status = 'OPEN';

select
  id,
  status,
  severity,
  created_at
from
  wiz_issue
where
  severity = 'HIGH'
  and status = 'OPEN';

List data security open issues using framework category ID

Explore open data security issues, categorized by their severity level, within a specific framework category. This helps in understanding the distribution of issues and prioritizing them for resolution.

select
  severity,
  count(id)
from
  wiz_issue
where
  status = 'OPEN'
  and framework_category_id = 'wct-id-422'
group by
  severity;

select
  severity,
  count(id)
from
  wiz_issue
where
  status = 'OPEN'
  and framework_category_id = 'wct-id-422'
group by
  severity;

List all open issues created in last 30 days

Explore which issues remain unresolved within the past month. This can help prioritize and manage ongoing tasks effectively.

select
  id,
  status,
  severity,
  created_at
from
  wiz_issue
where
  status = 'OPEN'
  and created_at >= (current_timestamp - interval '30 days');

select
  id,
  status,
  severity,
  created_at
from
  wiz_issue
where
  status = 'OPEN'
  and created_at >= datetime('now', '-30 days');

Explore which projects are associated with specific issues, including their status and severity, to understand the overall impact and urgency of each issue. This enables efficient project management and issue resolution.

select
  i.id,
  i.status,
  i.severity,
  i.created_at,
  p.name as project
from
  wiz_issue as i,
  jsonb_array_elements(i.projects) as pr
  left join wiz_project as p on p.id = pr ->> 'id';

select
  i.id,
  i.status,
  i.severity,
  i.created_at,
  p.name as project
from
  wiz_issue as i,
  json_each(i.projects) as pr
  left join wiz_project as p on p.id = json_extract(pr.value, '$.id');

List all high-severity issues open for more than a week

Explore which high-severity issues have remained unresolved for more than a week. This is useful in prioritizing and addressing critical problems that have been open for an extended period.

select
  id,
  status,
  severity,
  created_at
from
  wiz_issue
where
  severity = 'HIGH'
  and status = 'OPEN'
  and created_at < (current_timestamp - interval '7 days');

select
  id,
  status,
  severity,
  created_at
from
  wiz_issue
where
  severity = 'HIGH'
  and status = 'OPEN'
  and created_at < datetime('now', '-7 days');

Schema for wiz_issue

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
control_id	text	=	The control ID through which this issue is generated.
created_at	timestamp with time zone	=, >, >=, <, <=	The time when the issue was created.
description	text		The description of the issue.
due_at	timestamp with time zone		The issue due date.
entity	jsonb		The graph entity to which this issue is related.
framework_category_id	text	=	The framework category under which the issue belongs.
id	text	=	A unique identifier of the issue.
notes	jsonb		The issue related notes.
projects	jsonb		A list of projects to which the issue is related.
rejection_expired_at	timestamp with time zone		The issue rejection expired at date.
resolution_reason	text	=	The reason for issue resolution. Possible values are: OBJECT_DELETED, ISSUE_FIXED, CONTROL_CHANGED, CONTROL_DISABLED, CONTROL_DELETED, FALSE_POSITIVE, EXCEPTION, WONT_FIX.
resolved_at	timestamp with time zone		The time when the issue was resolved.
service_tickets	jsonb		Specifies the related issues from ticket services.
severity	text	=	The control severity. Possible values are: INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
status	text	=	The current status of the issue. Possible values are: OPEN, IN_PROGRESS, RESOLVED, REJECTED.
status_changed_at	timestamp with time zone		The time when the issue status was last changed.
updated_at	timestamp with time zone		The time when the issue was last updated.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- wiz

You can pass the configuration to the command with the --config argument:

steampipe_export_wiz --config '<your_config>' wiz_issue