AWS
Security
Tutorials
Enhance your Cloud Asset Inventory Using Wiz + AWS
As we have covered before at CloudQuery, maintaining resources in a cloud environment can be complex. Whether you have built an AWS cloud asset inventory or have specific resources you have exported, you will likely want to know the vulnerability status of your assets in your AWS cloud. Using CloudQuery’s Wiz source plugin, you can have quick access to vulnerabilities and misconfigurations in your AWS accounts.
Why add Wiz to your AWS asset inventory? #
Wiz is a cloud security tool that gives you complete visibility and actionable context on your most critical misconfigurations in real-time, so your teams can proactively and continuously improve your cloud security posture. Connecting this tool with your cloud asset inventory can give you granularity over both your cloud resources and any vulnerability findings for further analysis and visualization.
How to setup Wiz and CloudQuery #
Let’s cover a few basic set up steps in order to connect your AWS resources to Wiz security data.
- Create an AWS Asset Inventory using CloudQuery’s available transformation addon
How to get a comprehensive look of AWS cloud configuration findings from Wiz #
Now that we have data from both AWS and Wiz sources, and synced them into our PostgreSQL database destination, let’s explore the data. In this example, we will have two schemas in our database,
aws
and wiz
. To get a comprehensive look at our cloud configuration findings from Wiz across your entire AWS asset inventory, we will be leveraging the wiz_cloud_configuration_findings
table. You can use the below query to get insights into your CSPM to ensure security and compliance:select
aws.account_id as aws_account_id,
aws.request_account_id as aws_request_account_id,
aws.type as resource_type,
aws.arn as aws_resource_id,
aws.service as aws_service,
aws._cq_table as aws_source_table,
wiz.rule ->> 'name' as finding_name,
wiz.rule ->> 'description' as finding_description,
wiz.first_seen_at as finding_first_seen,
wiz.severity as finding_severity,
wiz.result as finding_result,
wiz.status as finding_status,
wiz.remediation as finding_remediation
from
aws.aws_resources aws
left join
wiz.wiz_cloud_configuration_findings wiz
on
aws.arn = wiz.target_external_id
In this query, we select some descriptive fields from our AWS asset inventory view, including the source table in which your AWS resource data resides. We use the
Amazon Resource Name (ARN)
from AWS and the target_external_id
from Wiz to link each resource to a finding. This combo can give you insights into your CSPM to ensure security and compliance.How to get a comprehensive look of AWS cloud vulnerability findings from Wiz #
You can also enhance your AWS asset inventory by determining resources that have known vulnerabilities using the
wiz_vulnerability_findings
table, which can be linked back to your Wiz portal as seen here:select
aws.account_id as aws_account_id,
aws.request_account_id as aws_request_account_id,
aws.type as resource_type,
aws.arn as aws_resource_id,
aws.service as aws_service,
aws._cq_table as aws_source_table,
wiz.name as vuln_finding_name,
wiz.description as vuln_finding_description,
wiz.portal_url as wiz_vuln_finding_link
from
public.aws_resources aws
left join
wiz.wiz_vulnerability_findings wiz
on
aws.arn = wiz.vulnerable_asset -> 'VulnerableAssetBase' ->> 'providerUniqueId'
In this query, you can use PostgreSQL built-in JSON functions to find the
providerUniqueId
within the vulnerable_asset
field in the wiz_vulnerability_findings
table, which corresponds with an AWS ARN. This will allow you to navigate directly to the vulnerability finding within Wiz using the wiz_vuln_finding_link
field above.Enhance your AWS cloud asset inventory today with CloudQuery and Wiz. Try CloudQuery for free and gain immediate insights into vulnerabilities and misconfigurations in your AWS environment. If you want to chat with us and request up for a demo or join our Community.
Ready to get started with CloudQuery? You can try out CloudQuery locally with our quick start guide or explore the CloudQuery Platform (currently in beta) for a more scalable solution.
Want help getting started? Join the CloudQuery community to connect with other users and experts, or message our team directly here if you have any questions.
Written by Kevin Rheinheimer
Kevin is a senior data engineer at CloudQuery, specializing in cloud data infrastructure and application development.