🚀Launch Week 04, May 13th - 17th, 2024!🚀
Steampipe Hub 
Hub
Plugins
turbot/wiz
Overview
12Tables
Versions
GitHub
steampipe plugin install wiz

Table: wiz_issue - Query Wiz Issues using SQL

Wiz is a Cloud Security Posture Management (CSPM) tool that provides continuous security posture monitoring for cloud environments. It identifies security risks and vulnerabilities across a wide range of categories, including misconfigurations, policy violations, and threats. Wiz provides a holistic view of your security posture, enabling you to identify and remediate issues quickly and effectively.

Table Usage Guide

The wiz_issue table provides insights into the security issues identified by Wiz in your cloud environment. As a security engineer, you can use this table to explore detailed information about each issue, including its severity, status, and associated resources. This can help you prioritize remediation efforts and improve your overall security posture.

Important Notes

  • The table can return a large dataset; which can increase the query execution time. It is recommended that queries to this table should include (usually in the where clause) at least one of these columns:
    • control_id
    • created_at
    • framework_category_id
    • resolution_reason
    • severity
    • status

Examples

Basic info

Explore which issues have been logged in your system, their severity and status, and when they were created. This can help you understand the range and depth of problems encountered, and the reasons provided for their resolution.

select
  id,
  status,
  severity,
  created_at,
  resolution_reason
from
  wiz_issue;
select
  id,
  status,
  severity,
  created_at,
  resolution_reason
from
  wiz_issue;

List critical issues

Pinpoint the specific instances where critical issues have arisen. This can assist in prioritizing problem-solving efforts and focusing on the most significant challenges first.

select
  id,
  status,
  severity,
  created_at
from
  wiz_issue
where
  severity = 'CRITICAL';
select
  id,
  status,
  severity,
  created_at
from
  wiz_issue
where
  severity = 'CRITICAL';

List high severity open issues

Discover the segments that contain high severity issues that are still open. This can be particularly useful in prioritizing and addressing critical issues promptly to minimize potential impacts.

select
  id,
  status,
  severity,
  created_at
from
  wiz_issue
where
  severity = 'HIGH'
  and status = 'OPEN';
select
  id,
  status,
  severity,
  created_at
from
  wiz_issue
where
  severity = 'HIGH'
  and status = 'OPEN';

List data security open issues using framework category ID

Explore open data security issues, categorized by their severity level, within a specific framework category. This helps in understanding the distribution of issues and prioritizing them for resolution.

select
  severity,
  count(id)
from
  wiz_issue
where
  status = 'OPEN'
  and framework_category_id = 'wct-id-422'
group by
  severity;
select
  severity,
  count(id)
from
  wiz_issue
where
  status = 'OPEN'
  and framework_category_id = 'wct-id-422'
group by
  severity;

List all open issues created in last 30 days

Explore which issues remain unresolved within the past month. This can help prioritize and manage ongoing tasks effectively.

select
  id,
  status,
  severity,
  created_at
from
  wiz_issue
where
  status = 'OPEN'
  and created_at >= (current_timestamp - interval '30 days');
select
  id,
  status,
  severity,
  created_at
from
  wiz_issue
where
  status = 'OPEN'
  and created_at >= datetime('now', '-30 days');

Get the project information that the issue is related to

Explore which projects are associated with specific issues, including their status and severity, to understand the overall impact and urgency of each issue. This enables efficient project management and issue resolution.

select
  i.id,
  i.status,
  i.severity,
  i.created_at,
  p.name as project
from
  wiz_issue as i,
  jsonb_array_elements(i.projects) as pr
  left join wiz_project as p on p.id = pr ->> 'id';
select
  i.id,
  i.status,
  i.severity,
  i.created_at,
  p.name as project
from
  wiz_issue as i,
  json_each(i.projects) as pr
  left join wiz_project as p on p.id = json_extract(pr.value, '$.id');

List all high-severity issues open for more than a week

Explore which high-severity issues have remained unresolved for more than a week. This is useful in prioritizing and addressing critical problems that have been open for an extended period.

select
  id,
  status,
  severity,
  created_at
from
  wiz_issue
where
  severity = 'HIGH'
  and status = 'OPEN'
  and created_at < (current_timestamp - interval '7 days');
select
  id,
  status,
  severity,
  created_at
from
  wiz_issue
where
  severity = 'HIGH'
  and status = 'OPEN'
  and created_at < datetime('now', '-7 days');

Schema for wiz_issue

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
control_idtext=The control ID through which this issue is generated.
created_attimestamp with time zone=, >, >=, <, <=The time when the issue was created.
descriptiontextThe description of the issue.
due_attimestamp with time zoneThe issue due date.
entityjsonbThe graph entity to which this issue is related.
framework_category_idtext=The framework category under which the issue belongs.
idtext=A unique identifier of the issue.
notesjsonbThe issue related notes.
projectsjsonbA list of projects to which the issue is related.
rejection_expired_attimestamp with time zoneThe issue rejection expired at date.
resolution_reasontext=The reason for issue resolution. Possible values are: OBJECT_DELETED, ISSUE_FIXED, CONTROL_CHANGED, CONTROL_DISABLED, CONTROL_DELETED, FALSE_POSITIVE, EXCEPTION, WONT_FIX.
resolved_attimestamp with time zoneThe time when the issue was resolved.
service_ticketsjsonbSpecifies the related issues from ticket services.
severitytext=The control severity. Possible values are: INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL.
statustext=The current status of the issue. Possible values are: OPEN, IN_PROGRESS, RESOLVED, REJECTED.
status_changed_attimestamp with time zoneThe time when the issue status was last changed.
updated_attimestamp with time zoneThe time when the issue was last updated.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- wiz

You can pass the configuration to the command with the --config argument:

steampipe_export_wiz --config '<your_config>' wiz_issue