New
Join our webinar! Building a customizable and extensible cloud asset inventory at scale
GCP
Security
Tutorials

Enhance your Cloud Asset Inventory Using Wiz + GCP

Kevin Rheinheimer

Kevin Rheinheimer

As we have covered before at CloudQuery, maintaining resources in a cloud environment can be complex. Whether you have built an GCP cloud asset inventory or have specific resources you have exported, you will likely want to know the vulnerability status of your assets in your GCP cloud. Using CloudQuery’s Wiz source plugin, you can have quick access to vulnerabilities and misconfigurations in your GCP accounts.

Why add Wiz to your GCP asset inventory? #

Wiz is a cloud security tool that gives you complete visibility and actionable context on your most critical misconfigurations in real-time, so your teams can proactively and continuously improve your cloud security posture. Connecting this tool with your cloud asset inventory can give you granularity over both your cloud resources and any vulnerability findings for further analysis and visualization.

How to setup Wiz and CloudQuery #

Let’s cover a few basic set up steps in order to connect your GCP resources to Wiz security data.
  1. Create an GCP Asset Inventory using CloudQuery’s available transformation addon

How to get a comprehensive look of your GCP cloud configuration findings from Wiz #

Now that you have data from both GCP and Wiz sources, and synced them into your PostgreSQL database destination, let’s explore the data. In this example, you will have two schemas in your database, gcp and wiz. To get a comprehensive look at our cloud configuration findings from Wiz across your entire GCP asset inventory, you will be leveraging the wiz_cloud_configuration_findings table. You can use the below query to get insights into your CSPM to ensure security and compliance:
select
 gcp.project_id as gcp_project_id,
 gcp.id as gcp_resource_id,
 gcp.region as resource_region,
 gcp.name as gcp_resource_name,
 gcp._cq_table as gcp_source_table,
 wiz.rule ->> 'name' as finding_name,
 wiz.rule ->> 'description' as finding_description,
 wiz.first_seen_at as finding_first_seen,
 wiz.severity as finding_severity,
 wiz.result as finding_result,
 wiz.status as finding_status,
 wiz.remediation as finding_remediation
from
 public.gcp_resources gcp
left join
 wiz.wiz_cloud_configuration_findings wiz
on
 gcp.id = wiz.target_external_id
In this query, you select some descriptive fields from your GCP asset inventory view, including the source table in which your GCP resource data resides. You can use the id field from GCP and the target_external_id field from Wiz to link each resource to a finding.

How to get a comprehensive look at GCP cloud vulnerability findings from Wiz #

You can also enhance your GCP asset inventory by determining resources that have known vulnerabilities using the wiz_vulnerability_findings table, which can be linked back to your Wiz portal as seen here:
select
 gcp.project_id as gcp_project_id,
 gcp.id as gcp_resource_id,
 gcp.region as resource_region,
 gcp.name as gcp_resource_name,
 gcp._cq_table as gcp_source_table,
 wiz.name as vuln_finding_name,
 wiz.description as vuln_finding_description,
 wiz.portal_url as wiz_vuln_finding_link
from
 gcp.gcp_resources gcp
left join
 wiz.wiz_vulnerability_findings wiz
on
 gcp.id = wiz.vulnerable_asset -> 'VulnerableAssetBase' ->> 'providerUniqueId'
In this query, you can use PostgreSQL built-in JSON functions to find the providerUniqueId within the vulnerable_asset field in the wiz_vulnerability_findings table, which corresponds with a GCP id. This will allow you to navigate directly to the vulnerability finding within Wiz using the wiz_vuln_finding_link field above.
Enhance your GCP cloud asset inventory today with CloudQuery and Wiz. Try CloudQuery for free and gain immediate insights into vulnerabilities and misconfigurations in your GCP environment. If you have any questions or want to connect with our engineering team, contact us or join our Community.
Ready to get started with CloudQuery? You can try out CloudQuery locally with our quick start guide or explore the CloudQuery Platform (currently in beta) for a more scalable solution.
Want help getting started? Join the CloudQuery community to connect with other users and experts, or message our team directly here if you have any questions.
Kevin Rheinheimer

Written by Kevin Rheinheimer

Kevin is a senior data engineer at CloudQuery, specializing in cloud data infrastructure and application development.

Turn cloud chaos into clarity

Find out how CloudQuery can help you get clarity from a chaotic cloud environment with a personalized conversation and demo.

Join our mailing list

Subscribe to our newsletter to make sure you don't miss any updates.

Legal

© 2024 CloudQuery, Inc. All rights reserved.

We use tracking cookies to understand how you use the product and help us improve it. Please accept cookies to help us improve. You can always opt out later via the link in the footer.