From 43af93f0f7543910e5029c63c3b28660022a01dd Mon Sep 17 00:00:00 2001 From: vg-svitla Date: Wed, 19 Feb 2025 16:29:59 +0400 Subject: [PATCH] Feature: Wiz Audit Logs --- .../network_security/wiz_audit_logs.md | 42 +++++++++++++++++++ mkdocs.yml | 1 + 2 files changed, 43 insertions(+) create mode 100644 docs/integration/categories/network_security/wiz_audit_logs.md diff --git a/docs/integration/categories/network_security/wiz_audit_logs.md b/docs/integration/categories/network_security/wiz_audit_logs.md new file mode 100644 index 000000000..038985f47 --- /dev/null +++ b/docs/integration/categories/network_security/wiz_audit_logs.md @@ -0,0 +1,42 @@ +--- +uuid: 7f89b1b9-de7f-4e2c-bcef-4d7ddfc91d31 +name: Wiz Audit Logs +type: intake +--- + +## Overview + +- **Supported environment**: SaaS +- **Detection based on**: Alerts +- **Supported application or feature**: + - Audit Logs + +!!! Warning + Important note - This format is currently in beta. We highly value your feedback to improve its performance. + +## Configure + +### Pre-requisite + +To setup the integration, you need to have access to `Wiz Console`. + +### Create Client ID and Client Secret + +- Log in the Wiz console +- Go to `Settings` > `Service Accounts` +- Type a name for the new service account. e.g: [Sekoia.io](http://Sekoia.io) Integration +- Select `admin:audit` permission +- Click `Add Service Account` +- Copy the Client ID and the Client Secret + +### Create the intake + +Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format **Wiz Audit Logs**. + +{!_shared_content/operations_center/integrations/generated/7f89b1b9-de7f-4e2c-bcef-4d7ddfc91d31_sample.md!} + +{!_shared_content/integration/detection_section.md!} + +{!_shared_content/operations_center/detection/generated/suggested_rules_7f89b1b9-de7f-4e2c-bcef-4d7ddfc91d31_do_not_edit_manually.md!} + +{!_shared_content/operations_center/integrations/generated/7f89b1b9-de7f-4e2c-bcef-4d7ddfc91d31.md!} diff --git a/mkdocs.yml b/mkdocs.yml index 9f7d968ea..0c939d44e 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -499,6 +499,7 @@ nav: - Varonis Data Security: integration/categories/network_security/varonis_data_security.md - Vectra Cognito Detect: integration/categories/network_security/vectra.md - WatchGuard Firebox: integration/categories/network_security/watchguard_firebox.md + - Wiz Audit Logs: integration/categories/network_security/wiz_audit_logs.md - Wiz Cloud configuration findings: integration/categories/network_security/wiz_cloud_configuration_findings.md - Wiz Issues: integration/categories/network_security/wiz_issues.md - Zscaler Internet Access: integration/categories/network_security/zscaler_zia.md