Table: wiz_issue - Query Wiz Issues using SQL
Wiz is a Cloud Security Posture Management (CSPM) tool that provides continuous security posture monitoring for cloud environments. It identifies security risks and vulnerabilities across a wide range of categories, including misconfigurations, policy violations, and threats. Wiz provides a holistic view of your security posture, enabling you to identify and remediate issues quickly and effectively.
Table Usage Guide
The wiz_issue
table provides insights into the security issues identified by Wiz in your cloud environment. As a security engineer, you can use this table to explore detailed information about each issue, including its severity, status, and associated resources. This can help you prioritize remediation efforts and improve your overall security posture.
Important Notes
- The table can return a large dataset; which can increase the query execution time. It is recommended that queries to this table should include (usually in the
where
clause) at least one of these columns:control_id
created_at
framework_category_id
resolution_reason
severity
status
Examples
Basic info
Explore which issues have been logged in your system, their severity and status, and when they were created. This can help you understand the range and depth of problems encountered, and the reasons provided for their resolution.
select id, status, severity, created_at, resolution_reasonfrom wiz_issue;
select id, status, severity, created_at, resolution_reasonfrom wiz_issue;
List critical issues
Pinpoint the specific instances where critical issues have arisen. This can assist in prioritizing problem-solving efforts and focusing on the most significant challenges first.
select id, status, severity, created_atfrom wiz_issuewhere severity = 'CRITICAL';
select id, status, severity, created_atfrom wiz_issuewhere severity = 'CRITICAL';
List high severity open issues
Discover the segments that contain high severity issues that are still open. This can be particularly useful in prioritizing and addressing critical issues promptly to minimize potential impacts.
select id, status, severity, created_atfrom wiz_issuewhere severity = 'HIGH' and status = 'OPEN';
select id, status, severity, created_atfrom wiz_issuewhere severity = 'HIGH' and status = 'OPEN';
List data security open issues using framework category ID
Explore open data security issues, categorized by their severity level, within a specific framework category. This helps in understanding the distribution of issues and prioritizing them for resolution.
select severity, count(id)from wiz_issuewhere status = 'OPEN' and framework_category_id = 'wct-id-422'group by severity;
select severity, count(id)from wiz_issuewhere status = 'OPEN' and framework_category_id = 'wct-id-422'group by severity;
List all open issues created in last 30 days
Explore which issues remain unresolved within the past month. This can help prioritize and manage ongoing tasks effectively.
select id, status, severity, created_atfrom wiz_issuewhere status = 'OPEN' and created_at >= (current_timestamp - interval '30 days');
select id, status, severity, created_atfrom wiz_issuewhere status = 'OPEN' and created_at >= datetime('now', '-30 days');
Get the project information that the issue is related to
Explore which projects are associated with specific issues, including their status and severity, to understand the overall impact and urgency of each issue. This enables efficient project management and issue resolution.
select i.id, i.status, i.severity, i.created_at, p.name as projectfrom wiz_issue as i, jsonb_array_elements(i.projects) as pr left join wiz_project as p on p.id = pr ->> 'id';
select i.id, i.status, i.severity, i.created_at, p.name as projectfrom wiz_issue as i, json_each(i.projects) as pr left join wiz_project as p on p.id = json_extract(pr.value, '$.id');
List all high-severity issues open for more than a week
Explore which high-severity issues have remained unresolved for more than a week. This is useful in prioritizing and addressing critical problems that have been open for an extended period.
select id, status, severity, created_atfrom wiz_issuewhere severity = 'HIGH' and status = 'OPEN' and created_at < (current_timestamp - interval '7 days');
select id, status, severity, created_atfrom wiz_issuewhere severity = 'HIGH' and status = 'OPEN' and created_at < datetime('now', '-7 days');
Schema for wiz_issue
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
control_id | text | = | The control ID through which this issue is generated. |
created_at | timestamp with time zone | =, >, >=, <, <= | The time when the issue was created. |
description | text | The description of the issue. | |
due_at | timestamp with time zone | The issue due date. | |
entity | jsonb | The graph entity to which this issue is related. | |
framework_category_id | text | = | The framework category under which the issue belongs. |
id | text | = | A unique identifier of the issue. |
notes | jsonb | The issue related notes. | |
projects | jsonb | A list of projects to which the issue is related. | |
rejection_expired_at | timestamp with time zone | The issue rejection expired at date. | |
resolution_reason | text | = | The reason for issue resolution. Possible values are: OBJECT_DELETED, ISSUE_FIXED, CONTROL_CHANGED, CONTROL_DISABLED, CONTROL_DELETED, FALSE_POSITIVE, EXCEPTION, WONT_FIX. |
resolved_at | timestamp with time zone | The time when the issue was resolved. | |
service_tickets | jsonb | Specifies the related issues from ticket services. | |
severity | text | = | The control severity. Possible values are: INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL. |
status | text | = | The current status of the issue. Possible values are: OPEN, IN_PROGRESS, RESOLVED, REJECTED. |
status_changed_at | timestamp with time zone | The time when the issue status was last changed. | |
updated_at | timestamp with time zone | The time when the issue was last updated. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- wiz
You can pass the configuration to the command with the --config
argument:
steampipe_export_wiz --config '<your_config>' wiz_issue