steampipe plugin install wiz

Table: wiz_issue - Query Wiz Issues using SQL

Wiz is a Cloud Security Posture Management (CSPM) tool that provides continuous security posture monitoring for cloud environments. It identifies security risks and vulnerabilities across a wide range of categories, including misconfigurations, policy violations, and threats. Wiz provides a holistic view of your security posture, enabling you to identify and remediate issues quickly and effectively.

Table Usage Guide

The wiz_issue table provides insights into the security issues identified by Wiz in your cloud environment. As a security engineer, you can use this table to explore detailed information about each issue, including its severity, status, and associated resources. This can help you prioritize remediation efforts and improve your overall security posture.

Important Notes

  • The table can return a large dataset; which can increase the query execution time. It is recommended that queries to this table should include (usually in the where clause) at least one of these columns:
    • control_id
    • created_at
    • framework_category_id
    • resolution_reason
    • severity
    • status

Examples

Basic info

Explore which issues have been logged in your system, their severity and status, and when they were created. This can help you understand the range and depth of problems encountered, and the reasons provided for their resolution.

select
id,
status,
severity,
created_at,
resolution_reason
from
wiz_issue;
select
id,
status,
severity,
created_at,
resolution_reason
from
wiz_issue;

List critical issues

Pinpoint the specific instances where critical issues have arisen. This can assist in prioritizing problem-solving efforts and focusing on the most significant challenges first.

select
id,
status,
severity,
created_at
from
wiz_issue
where
severity = 'CRITICAL';
select
id,
status,
severity,
created_at
from
wiz_issue
where
severity = 'CRITICAL';

List high severity open issues

Discover the segments that contain high severity issues that are still open. This can be particularly useful in prioritizing and addressing critical issues promptly to minimize potential impacts.

select
id,
status,
severity,
created_at
from
wiz_issue
where
severity = 'HIGH'
and status = 'OPEN';
select
id,
status,
severity,
created_at
from
wiz_issue
where
severity = 'HIGH'
and status = 'OPEN';

List data security open issues using framework category ID

Explore open data security issues, categorized by their severity level, within a specific framework category. This helps in understanding the distribution of issues and prioritizing them for resolution.

select
severity,
count(id)
from
wiz_issue
where
status = 'OPEN'
and framework_category_id = 'wct-id-422'
group by
severity;
select
severity,
count(id)
from
wiz_issue
where
status = 'OPEN'
and framework_category_id = 'wct-id-422'
group by
severity;

List all open issues created in last 30 days

Explore which issues remain unresolved within the past month. This can help prioritize and manage ongoing tasks effectively.

select
id,
status,
severity,
created_at
from
wiz_issue
where
status = 'OPEN'
and created_at >= (current_timestamp - interval '30 days');
select
id,
status,
severity,
created_at
from
wiz_issue
where
status = 'OPEN'
and created_at >= datetime('now', '-30 days');

Explore which projects are associated with specific issues, including their status and severity, to understand the overall impact and urgency of each issue. This enables efficient project management and issue resolution.

select
i.id,
i.status,
i.severity,
i.created_at,
p.name as project
from
wiz_issue as i,
jsonb_array_elements(i.projects) as pr
left join wiz_project as p on p.id = pr ->> 'id';
select
i.id,
i.status,
i.severity,
i.created_at,
p.name as project
from
wiz_issue as i,
json_each(i.projects) as pr
left join wiz_project as p on p.id = json_extract(pr.value, '$.id');

List all high-severity issues open for more than a week

Explore which high-severity issues have remained unresolved for more than a week. This is useful in prioritizing and addressing critical problems that have been open for an extended period.

select
id,
status,
severity,
created_at
from
wiz_issue
where
severity = 'HIGH'
and status = 'OPEN'
and created_at < (current_timestamp - interval '7 days');
select
id,
status,
severity,
created_at
from
wiz_issue
where
severity = 'HIGH'
and status = 'OPEN'
and created_at < datetime('now', '-7 days');

Schema for wiz_issue

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
control_idtext=The control ID through which this issue is generated.
created_attimestamp with time zone=, >, >=, <, <=The time when the issue was created.
descriptiontextThe description of the issue.
due_attimestamp with time zoneThe issue due date.
entityjsonbThe graph entity to which this issue is related.
framework_category_idtext=The framework category under which the issue belongs.
idtext=A unique identifier of the issue.
notesjsonbThe issue related notes.
projectsjsonbA list of projects to which the issue is related.
rejection_expired_attimestamp with time zoneThe issue rejection expired at date.
resolution_reasontext=The reason for issue resolution. Possible values are: OBJECT_DELETED, ISSUE_FIXED, CONTROL_CHANGED, CONTROL_DISABLED, CONTROL_DELETED, FALSE_POSITIVE, EXCEPTION, WONT_FIX.
resolved_attimestamp with time zoneThe time when the issue was resolved.
service_ticketsjsonbSpecifies the related issues from ticket services.
severitytext=The control severity. Possible values are: INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL.
statustext=The current status of the issue. Possible values are: OPEN, IN_PROGRESS, RESOLVED, REJECTED.
status_changed_attimestamp with time zoneThe time when the issue status was last changed.
updated_attimestamp with time zoneThe time when the issue was last updated.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- wiz

You can pass the configuration to the command with the --config argument:

steampipe_export_wiz --config '<your_config>' wiz_issue