On this page

Table Usage Guide Examples Schema Export

Get Involved

Table: wiz_vulnerability_finding - Query Wiz Vulnerability Findings using SQL

Wiz Vulnerability Findings is a resource within Wiz that allows you to identify and monitor vulnerabilities in your environment. It provides detailed information about each vulnerability, including its severity, status, and the resources it affects. Wiz Vulnerability Findings helps you stay informed about the security health of your resources and take appropriate actions when vulnerabilities are detected.

Table Usage Guide

The wiz_vulnerability_finding table provides insights into vulnerabilities within Wiz. As a security analyst, explore vulnerability-specific details through this table, including severity, status, and affected resources. Utilize it to uncover information about vulnerabilities, such as those with high severity, the status of vulnerabilities, and the verification of affected resources.

Important Notes

The table can return a large dataset; which can increase the query execution time. It is recommended that queries to this table should include (usually in the where clause) at least one of these columns:
- detection_method
- has_cisa_kev_exploit
- has_exploit
- severity
- status
- vulnerability_external_id

Examples

Basic info

Gain insights into the severity and details of vulnerabilities in your digital assets, including whether they have been exploited and how they can be fixed. This query is useful for maintaining security and managing risk in your digital environment.

List resources with high-severity known public exploit vulnerabilities

Explore which resources have high-severity vulnerabilities that are publicly exploited. This is essential in identifying and addressing potential security risks promptly.

List high severity findings that are not fixed

Identify instances where high severity vulnerabilities are detected but remain unresolved. This is useful in prioritizing security efforts and mitigating risks promptly.

List high severity findings which are not resolved

Discover high-risk security vulnerabilities that are yet to be resolved. This query is particularly useful for prioritizing and addressing threats that have known exploits, thereby enhancing your system's security.

Schema

Name

Type

Description

_ctx

jsonb

Steampipe context in JSON form.

cve_description

text

The vulnerability description from NVD.

cvss_severity

text

The calculated CVSS 3.x severity from NVD.

description

text

The wiz verbose description of how the vulnerability finding was detected, with library/package, detection method, affected versions, severity and remediation suggestion.

detailed_name

text

The library/package name where the vulnerability was detected.

detection_method

text

The detection method for this vulnerability finding. Possible values are: PACKAGE, DEFAULT_PACKAGE, LIBRARY, CONFIG_FILE, OPEN_PORT, STARTUP_SERVICE, CONFIGURATION, CLONED_REPOSITORY, OS, ARTIFACTS_ON_DISK, WINDOWS_REGISTRY, INSTALLED_PROGRAM, WINDOWS_SERVICE, INSTALLED_PROGRAM_BY_SERVICE, FILE_PATH, UNKNOWN.

exploitability_score

double precision

The CVSS 3.x exploitability score from NVD.

first_detected_at

timestamp with time zone

The first time this vulnerability finding was detected on this resource.

fixed_version

text

The initial version of the library/package where the vulnerability was fixed.

has_cisa_kev_exploit

boolean

True, if the vulnerability has an exploit in the CISA KEV published catalog.

has_exploit

boolean

True, if the vulnerability has a known public exploit.

id

text

The wiz identifier for the vulnerability.

impact_score

double precision

The CVSS 3.x impact score from NVD.

last_detected_at

timestamp with time zone

The last time this vulnerability finding was seen on this resource.

link

text

The link to the vendor vulnerability advisory.

location_path

text

The local path to the package/library/file where the vulnerability was detected.

name

text

The name of the vulnerability.

portal_url

text

The wiz URL for the vulnerability finding of a specific CVE on a specific resource.

remediation

text

The suggested command/method for remediating the vulnerability finding.

resolution_reason

text

The status resolution reason.

resolved_at

timestamp with time zone

The time this vulnerability finding was resolved.

score

double precision

The CVSS 3.x score from NVD.

severity

text

The calculated CVSS 3.x severity from the vendor. Possible values are: NONE, LOW, MEDIUM, HIGH, CRITICAL.

sp_connection_name

text

Steampipe connection name.

sp_ctx

jsonb

Steampipe context in JSON form.

status

text

The resolution status of the finding. Possible values are: UNRESOLVED, RESOLVED, PASSED, IGNORED.

version

text

The version of the library/package where the vulnerability was detected.

vulnerability_external_id

text

The vulnerability identifier.

vulnerable_asset

jsonb

The details of the asset where the vulnerability was detected.

to of

Page of

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- wiz

You can pass the configuration to the command with the --config argument:

steampipe_export_wiz --config '<your_config>' wiz_vulnerability_finding