🚀Launch Week 04, May 13th - 17th, 2024!🚀
Steampipe Hub 
Hub
Plugins
turbot/wiz
Overview
12Tables
Versions
GitHub
steampipe plugin install wiz

Table: wiz_user - Query Wiz User using SQL

Wiz is a cloud security platform that discovers all assets in your cloud environment to detect critical risks and security holes. It provides a holistic view of each resource, including metadata, configurations, network paths, and potential vulnerabilities. Wiz User represents the user accounts in the Wiz platform, each having specific roles and permissions.

Table Usage Guide

The wiz_user table provides insights into user accounts within the Wiz platform. As a security analyst, you can explore user-specific details through this table, including roles, permissions, and associated metadata. Utilize it to uncover information about user accounts, such as those with admin permissions, the roles assigned to each user, and the verification of user statuses.

Examples

Basic info

Gain insights into user details such as their role and status (active or suspended), as well as their last login and account creation dates. This can be useful for understanding user behavior and managing user access.

select
  name,
  email,
  identity_provider_type,
  role ->> 'name' as role,
  is_suspended,
  last_login_at,
  created_at
from
  wiz_user;
select
  name,
  email,
  identity_provider_type,
  json_extract(role, '$.name') as role,
  is_suspended,
  last_login_at,
  created_at
from
  wiz_user;

List suspended users

Discover the segments that consist of suspended users to assess potential security risks or to manage user access, ensuring a safer and more controlled environment.

select
  name,
  email,
  identity_provider_type,
  role ->> 'name' as role,
  last_login_at,
  created_at
from
  wiz_user
where
  is_suspended;
select
  name,
  email,
  identity_provider_type,
  json_extract(role, '$.name') as role,
  last_login_at,
  created_at
from
  wiz_user
where
  is_suspended;

List inactive users

Discover the segments that include users who have not logged in yet. This can be useful in identifying inactive users for potential outreach or account clean-up efforts.

select
  name,
  email,
  identity_provider_type,
  role ->> 'name' as role,
  is_suspended,
  created_at
from
  wiz_user
where
  last_login_at is null;
select
  name,
  email,
  identity_provider_type,
  json_extract(role, '$.name') as role,
  is_suspended,
  created_at
from
  wiz_user
where
  last_login_at is null;

List all administrators

Discover the segments that have global administrators and their corresponding details, without including project-scoped roles. This helps in identifying and managing users with overarching control and access within your system.

select
  name,
  email,
  identity_provider_type,
  role ->> 'name' as role,
  created_at
from
  wiz_user
where
  role ->> 'id' = 'GLOBAL_ADMIN'
  and not (role ->> 'isProjectScoped') :: boolean;
select
  name,
  email,
  identity_provider_type,
  json_extract(role, '$.name') as role,
  created_at
from
  wiz_user
where
  json_extract(role, '$.id') = 'GLOBAL_ADMIN'
  and not json_extract(role, '$.isProjectScoped');

List users scoped to a specific project

Explore which users are assigned to a specific project. This can help in understanding the distribution of team members across projects, facilitating efficient resource management and task allocation.

select
  u.name,
  u.email,
  u.identity_provider_type,
  u.role ->> 'name' as role,
  p.name as project,
  u.created_at
from
  wiz_user as u,
  jsonb_array_elements(u.effective_assigned_projects) as ep
  join wiz_project as p on ep ->> 'id' = p.id;
select
  u.name,
  u.email,
  u.identity_provider_type,
  json_extract(u.role, '$.name') as role,
  p.name as project,
  u.created_at
from
  wiz_user as u,
  json_each(u.effective_assigned_projects) as ep
  join wiz_project as p on json_extract(ep.value, '$.id') = p.id;

List all SAML users

Discover the segments that are using SAML as their identity provider. This can be particularly useful to understand user distribution across different identity providers and assess if any particular group needs attention.

select
  name,
  email,
  identity_provider_type,
  role ->> 'name' as role,
  is_suspended,
  last_login_at,
  created_at
from
  wiz_user
where
  identity_provider_type = 'SAML';
select
  name,
  email,
  identity_provider_type,
  json_extract(role, '$.name') as role,
  is_suspended,
  last_login_at,
  created_at
from
  wiz_user
where
  identity_provider_type = 'SAML';

Schema for wiz_user

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
created_attimestamp with time zoneThe time when the user was created.
effective_assigned_projectsjsonbA list of project ids this user was last logged in with. Null value means all projects are allowed.
emailtextThe email address of the user.
idtext=A unique identifier of the user.
identity_provider_typetext=The auth provider type of the user. Possible values are: WIZ, SAML.
ip_addressinetThe IP address of the user.
is_analytics_enabledbooleanIf true, the user analytics is enabled.
is_suspendedbooleanIf true, the user is suspended.
last_login_attimestamp with time zoneThe time when the user was last login to the console.
nametextThe display name of the user.
rolejsonbSpecifies the role assigned to the user.
tenant_idtextSpecifies the tenant the user is a member of.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- wiz

You can pass the configuration to the command with the --config argument:

steampipe_export_wiz --config '<your_config>' wiz_user