New
Join our webinar! Building a customizable and extensible cloud asset inventory at scale
Azure
Security
Tutorials

Enhance your Cloud Asset Inventory Using Wiz + Azure

Kevin Rheinheimer

Kevin Rheinheimer

As we have covered before at CloudQuery, maintaining resources in a cloud environment can be complex. Whether you have built an Azure cloud asset inventory or have specific resources you have exported, you will likely want to know the vulnerability status of your assets in your Azure cloud. Using CloudQuery’s Wiz source plugin, you can have quick access to vulnerabilities and misconfigurations in your Azure accounts.

Why add Wiz to your Azure asset inventory? #

Wiz is a cloud security tool that gives you complete visibility and actionable context on your most critical misconfigurations in real-time, so your teams can proactively and continuously improve your cloud security posture. Connecting this tool with your cloud asset inventory can give you granularity over both your cloud resources and any vulnerability findings for further analysis and visualization.

How to setup Wiz and CloudQuery #

Let’s cover a few basic set up steps in order to connect your Azure resources to Wiz security data.
  1. Create an Azure Asset Inventory using CloudQuery’s available transformation addon.

How to get a comprehensive look of your Azure cloud configuration findings from Wiz #

Now that you have data from both Azure and Wiz sources, and synced them into your PostgreSQL database destination, let’s explore the data. In this example, you will have two schemas in your database, azure and wiz. To get a comprehensive look at our cloud configuration findings from Wiz across your entire Azure asset inventory, you will be leveraging the wiz_cloud_configuration_findings table. You can use the below query to get insights into your CSPM to ensure security and compliance:
select
 azure.subscription_id as azure_subscription_id,
 azure.id as azure_resource_id,
 azure.kind as resource_type,
 azure.name as azure_resource_name,
 azure._cq_table as azure_source_table,
 wiz.rule ->> 'name' as finding_name,
 wiz.rule ->> 'description' as finding_description,
 wiz.first_seen_at as finding_first_seen,
 wiz.severity as finding_severity,
 wiz.result as finding_result,
 wiz.status as finding_status,
 wiz.remediation as finding_remediation
from
 azure.azure_resources azure
left join
 wiz.wiz_cloud_configuration_findings wiz
on
 azure.id = wiz.resource -> 'subscription' ->> 'externalId'
In this query, you select some descriptive fields from your Azure asset inventory view, including the source table in which your Azure resource data resides. You can use the id field from Azure and the external_id from the Wiz resource field to link each resource to a finding.
Note, you will use PostgreSQL built-in JSON functions to parse the resource JSON field as this external_id best matches the transformed Azure resource id in the Azure asset inventory view. This combo can give you insights into your CSPM to ensure security and compliance.

How to get a comprehensive look at Azure cloud vulnerability findings from Wiz #

You can also enhance your Azure asset inventory by determining resources that have known vulnerabilities using the wiz_vulnerability_findings table, which can be linked back to your Wiz portal as seen here:
select
 azure.subscription_id as azure_subscription_id,
 azure.id as azure_resource_id,
 azure.name as azure_resource_name,
 azure.kind as resource_type,
 azure._cq_table as azure_source_table,
 wiz.name as vuln_finding_name,
 wiz.description as vuln_finding_description,
 wiz.portal_url as wiz_vuln_finding_link
from
 azure.azure_resources azure
left join
 wiz.wiz_vulnerability_findings wiz
on
 azure.id = wiz.vulnerable_asset -> 'VulnerableAssetBase' ->> 'providerUniqueId'
In this query, you again use PostgreSQL built-in JSON functions to find the providerUniqueId within the vulnerable_asset field in the wiz_vulnerability_findings table, which corresponds with an Azure id. This will allow you to navigate directly to the vulnerability finding within Wiz using the wiz_vuln_finding_link field above.
Enhance your Azure cloud asset inventory today with CloudQuery and Wiz. Try CloudQuery for free and gain immediate insights into vulnerabilities and misconfigurations in your Azure environment. If you have any questions or want to connect with our engineering team, contact us or join our Community.
Ready to get started with CloudQuery? You can try out CloudQuery locally with our quick start guide or explore the CloudQuery Platform (currently in beta) for a more scalable solution.
Want help getting started? Join the CloudQuery community to connect with other users and experts, or message our team directly here if you have any questions.
Kevin Rheinheimer

Written by Kevin Rheinheimer

Kevin is a senior data engineer at CloudQuery, specializing in cloud data infrastructure and application development.

Turn cloud chaos into clarity

Find out how CloudQuery can help you get clarity from a chaotic cloud environment with a personalized conversation and demo.

Join our mailing list

Subscribe to our newsletter to make sure you don't miss any updates.

Legal

© 2024 CloudQuery, Inc. All rights reserved.

We use tracking cookies to understand how you use the product and help us improve it. Please accept cookies to help us improve. You can always opt out later via the link in the footer.