Enhance your Cloud Asset Inventory Using Wiz + Azure

Kevin Rheinheimer

Kevin Rheinheimer

As we have covered before at CloudQuery, maintaining resources in a cloud environment can be complex. Whether you have built an Azure cloud asset inventory or have specific resources you have exported, you will likely want to know the vulnerability status of your assets in your Azure cloud. Using CloudQuery’s Wiz source plugin, you can have quick access to vulnerabilities and misconfigurations in your Azure accounts.

Why add Wiz to your Azure asset inventory? #

Wiz is a cloud security tool that gives you complete visibility and actionable context on your most critical misconfigurations in real-time, so your teams can proactively and continuously improve your cloud security posture. Connecting this tool with your cloud asset inventory can give you granularity over both your cloud resources and any vulnerability findings for further analysis and visualization.

How to setup Wiz and CloudQuery #

Let’s cover a few basic set up steps in order to connect your Azure resources to Wiz security data.
  1. Create an Azure Asset Inventory using CloudQuery’s available transformation addon

How to get a comprehensive look of your Azure cloud configuration findings from Wiz: #

Now that you have data from both Azure and Wiz sources, and synced them into your PostgreSQL database destination, let’s explore the data. In this example, you will have two schemas in your database, azure and wiz. To get a comprehensive look at our cloud configuration findings from Wiz across your entire Azure asset inventory, you will be leveraging the wiz_cloud_configuration_findings table. You can use the below query to get insights into your CSPM to ensure security and compliance:
	azure.subscription_id as azure_subscription_id, as azure_resource_id,
	azure.kind as resource_type, as azure_resource_name,
	azure._cq_table as azure_source_table,
	wiz.rule ->> 'name' as finding_name,
	wiz.rule ->> 'description' as finding_description,
	wiz.first_seen_at as finding_first_seen,
	wiz.severity as finding_severity,
	wiz.result as finding_result,
	wiz.status as finding_status,
	wiz.remediation as finding_remediation
	azure.azure_resources azure
left join
	wiz.wiz_cloud_configuration_findings wiz
on = wiz.resource -> 'subscription' ->> 'externalId'
In this query, you select some descriptive fields from your Azure asset inventory view, including the source table in which your Azure resource data resides. You can use the id field from Azure and the external_id from the Wiz resource field to link each resource to a finding.
Note, you will use PostgreSQL built-in JSON functions to parse the resource json field as this external_id best matches the transformed Azure resource id in the Azure asset inventory view. This combo can give you insights into your CSPM to ensure security and compliance.

How to get a comprehensive look at Azure cloud vulnerability findings from Wiz: #

You can also enhance your Azure asset inventory by determining resources that have known vulnerabilities using the wiz_vulnerability_findings table, which can be linked back to your Wiz portal as seen here:
	azure.subscription_id as azure_subscription_id, as azure_resource_id, as azure_resource_name,
	azure.kind as resource_type,
	azure._cq_table as azure_source_table, as vuln_finding_name,
	wiz.description as vuln_finding_description,
	wiz.portal_url as wiz_vuln_finding_link
	azure.azure_resources azure
left join
	wiz.wiz_vulnerability_findings wiz
on = wiz.vulnerable_asset -> 'VulnerableAssetBase' ->> 'providerUniqueId'
In this query, you again use PostgreSQL built-in JSON functions to find the providerUniqueId within the vulnerable_asset field in the wiz_vulnerability_findings table, which corresponds with an Azure id. This will allow you to navigate directly to the vulnerability finding within Wiz using the wiz_vuln_finding_link field above.
Enhance your Azure cloud asset inventory today with CloudQuery and Wiz. Try CloudQuery for free and gain immediate insights into vulnerabilities and misconfigurations in your Azure environment. If you have any questions or want to connect with our engineering team, contact us or join our Discord channel.
Subscribe to product updates

Be the first to know about new features.

© 2024 CloudQuery, Inc. All rights reserved.