gcp
solutions
transformations

Enhance your Cloud Asset Inventory Using Wiz + GCP

Kevin Rheinheimer

Kevin Rheinheimer

As we have covered before at CloudQuery, maintaining resources in a cloud environment can be complex. Whether you have built an GCP cloud asset inventory or have specific resources you have exported, you will likely want to know the vulnerability status of your assets in your GCP cloud. Using CloudQuery’s Wiz source plugin, you can have quick access to vulnerabilities and misconfigurations in your GCP accounts.

Why add Wiz to your GCP asset inventory? #

Wiz is a cloud security tool that gives you complete visibility and actionable context on your most critical misconfigurations in real-time, so your teams can proactively and continuously improve your cloud security posture. Connecting this tool with your cloud asset inventory can give you granularity over both your cloud resources and any vulnerability findings for further analysis and visualization.

How to setup Wiz and CloudQuery #

Let’s cover a few basic set up steps in order to connect your GCP resources to Wiz security data.
  1. Create an GCP Asset Inventory using CloudQuery’s available transformation addon

How to get a comprehensive look of your GCP cloud configuration findings from Wiz: #

Now that you have data from both GCP and Wiz sources, and synced them into your PostgreSQL database destination, let’s explore the data. In this example, you will have two schemas in your database, gcp and wiz. To get a comprehensive look at our cloud configuration findings from Wiz across your entire GCP asset inventory, you will be leveraging the wiz_cloud_configuration_findings table. You can use the below query to get insights into your CSPM to ensure security and compliance:
select
	gcp.project_id as gcp_project_id,
	gcp.id as gcp_resource_id,
	gcp.region as resource_region,
	gcp.name as gcp_resource_name,
	gcp._cq_table as gcp_source_table,
	wiz.rule ->> 'name' as finding_name,
	wiz.rule ->> 'description' as finding_description,
	wiz.first_seen_at as finding_first_seen,
	wiz.severity as finding_severity,
	wiz.result as finding_result,
	wiz.status as finding_status,
	wiz.remediation as finding_remediation
from 
	public.gcp_resources gcp
left join
	wiz.wiz_cloud_configuration_findings wiz
on 
	gcp.id = wiz.target_external_id
In this query, you select some descriptive fields from your GCP asset inventory view, including the source table in which your GCP resource data resides. You can use the id field from GCP and the target_external_id field from Wiz to link each resource to a finding.

How to get a comprehensive look at GCP cloud vulnerability findings from Wiz: #

You can also enhance your GCP asset inventory by determining resources that have known vulnerabilities using the wiz_vulnerability_findings table, which can be linked back to your Wiz portal as seen here:
select
	gcp.project_id as gcp_project_id,
	gcp.id as gcp_resource_id,
	gcp.region as resource_region,
	gcp.name as gcp_resource_name,
	gcp._cq_table as gcp_source_table,
	wiz.name as vuln_finding_name,
	wiz.description as vuln_finding_description,
	wiz.portal_url as wiz_vuln_finding_link
from 
	gcp.gcp_resources gcp
left join
	wiz.wiz_vulnerability_findings wiz
on
	gcp.id = wiz.vulnerable_asset -> 'VulnerableAssetBase' ->> 'providerUniqueId'
In this query, you can use PostgreSQL built-in JSON functions to find the providerUniqueId within the vulnerable_asset field in the wiz_vulnerability_findings table, which corresponds with a GCP id. This will allow you to navigate directly to the vulnerability finding within Wiz using the wiz_vuln_finding_link field above.
Enhance your GCP cloud asset inventory today with CloudQuery and Wiz. Try CloudQuery for free and gain immediate insights into vulnerabilities and misconfigurations in your GCP environment. If you have any questions or want to connect with our engineering team, contact us or join our Discord channel.
Subscribe to product updates

Be the first to know about new features.