Back to blog
On this page
AWS
Security
Tutorials

Enhance your Cloud Asset Inventory Using Wiz + AWS

Kevin Rheinheimer

Kevin Rheinheimer

As we have covered before at CloudQuery, maintaining resources in a cloud environment can be complex. Whether you have built an AWS cloud asset inventory or have specific resources you have exported, you will likely want to know the vulnerability status of your assets in your AWS cloud. Using CloudQuery’s Wiz source plugin, you can have quick access to vulnerabilities and misconfigurations in your AWS accounts.

Why add Wiz to your AWS asset inventory? #

Wiz is a cloud security tool that gives you complete visibility and actionable context on your most critical misconfigurations in real-time, so your teams can proactively and continuously improve your cloud security posture. Connecting this tool with your cloud asset inventory can give you granularity over both your cloud resources and any vulnerability findings for further analysis and visualization.

How to setup Wiz and CloudQuery #

Let’s cover a few basic set up steps in order to connect your AWS resources to Wiz security data.
  1. Export your AWS data to PostgreSQL
  2. Export your Wiz data to PostgreSQL
  3. Create an AWS Asset Inventory using CloudQuery’s available transformation addon

How to get a comprehensive look of AWS cloud configuration findings from Wiz #

Now that we have data from both AWS and Wiz sources, and synced them into our PostgreSQL database destination, let’s explore the data. In this example, we will have two schemas in our database, aws and wiz. To get a comprehensive look at our cloud configuration findings from Wiz across your entire AWS asset inventory, we will be leveraging the wiz_cloud_configuration_findings table. You can use the below query to get insights into your CSPM to ensure security and compliance:
select
 aws.account_id as aws_account_id,
 aws.request_account_id as aws_request_account_id,
 aws.type as resource_type,
 aws.arn as aws_resource_id,
 aws.service as aws_service,
 aws._cq_table as aws_source_table,
 wiz.rule ->> 'name' as finding_name,
 wiz.rule ->> 'description' as finding_description,
 wiz.first_seen_at as finding_first_seen,
 wiz.severity as finding_severity,
 wiz.result as finding_result,
 wiz.status as finding_status,
 wiz.remediation as finding_remediation
from
 aws.aws_resources aws
left join
 wiz.wiz_cloud_configuration_findings wiz
on
 aws.arn = wiz.target_external_id
In this query, we select some descriptive fields from our AWS asset inventory view, including the source table in which your AWS resource data resides. We use the Amazon Resource Name (ARN) from AWS and the target_external_id from Wiz to link each resource to a finding. This combo can give you insights into your CSPM to ensure security and compliance.

How to get a comprehensive look of AWS cloud vulnerability findings from Wiz #

You can also enhance your AWS asset inventory by determining resources that have known vulnerabilities using the wiz_vulnerability_findings table, which can be linked back to your Wiz portal as seen here:
select
 aws.account_id as aws_account_id,
 aws.request_account_id as aws_request_account_id,
 aws.type as resource_type,
 aws.arn as aws_resource_id,
 aws.service as aws_service,
 aws._cq_table as aws_source_table,
 wiz.name as vuln_finding_name,
 wiz.description as vuln_finding_description,
 wiz.portal_url as wiz_vuln_finding_link
from
 public.aws_resources aws
left join
 wiz.wiz_vulnerability_findings wiz
on
 aws.arn = wiz.vulnerable_asset -> 'VulnerableAssetBase' ->> 'providerUniqueId'
In this query, you can use PostgreSQL built-in JSON functions to find the providerUniqueId within the vulnerable_asset field in the wiz_vulnerability_findings table, which corresponds with an AWS ARN. This will allow you to navigate directly to the vulnerability finding within Wiz using the wiz_vuln_finding_link field above.
Enhance your AWS cloud asset inventory today with CloudQuery and Wiz. Try CloudQuery for free and gain immediate insights into vulnerabilities and misconfigurations in your AWS environment. If you have any questions or want to connect with our engineering team, contact us or join our Community.
Ready to get started with CloudQuery? You can try out CloudQuery locally with our quick start guide or explore the CloudQuery Platform (currently in beta) for a more scalable solution.
Want help getting started? Join the CloudQuery community to connect with other users and experts, or message our team directly here if you have any questions.
Kevin Rheinheimer

Written by Kevin Rheinheimer

Kevin is a senior data engineer at CloudQuery, specializing in cloud data infrastructure and application development.

Related posts
Turn cloud chaos into clarity

Find out how CloudQuery can help you get clarity from a chaotic cloud environment with a personalized conversation and demo.

Request a demoDownload CLI
Join our mailing list

Subscribe to our newsletter to make sure you don't miss any updates.

Solutions
Resources
Legal
Social
© 2024 CloudQuery, Inc. All rights reserved.

We use tracking cookies to understand how you use the product and help us improve it. Please accept cookies to help us improve. You can always opt out later via the link in the footer.