Wiz

the wiz connector facilitates seamless integration with swimlane turbine, enabling automated security operations and real time cloud risk management wiz is a comprehensive cloud security solution that provides deep visibility into cloud environments, enabling organizations to identify and remediate risks effectively this connector allows swimlane turbine users to integrate with wiz's robust security capabilities, streamlining cloud resource management, vulnerability identification, and issue resolution by leveraging wiz's extensive telemetry and automated analysis, users can enhance their security posture and respond to threats with greater agility and precision notes as of version 1 6 0, all report related actions have been removed from the wiz connector to align with wiz api best practices https //integrate wiz io/reference/prerequisites prerequisites to effectively utilize the wiz connector for swimlane turbine, ensure you have the following prerequisites oauth 2 0 client credentials authentication with the following parameters api endpoint url the base url for the wiz api services client id the unique identifier for your registered wiz application client secret the secret key associated with your client id to authenticate requests authentication url the endpoint url for obtaining the oauth 2 0 access token audience the intended recipient of the issued token, typically the wiz api endpoint capabilities this connector provides the following capabilities get cloud resources v2 get configuration findings get issues update issue get report status and url get list of report names get users get vulnerability findings pull audit logs rerun report asset setup api endpoint url the wiz integration api has a single url for all the actions https //api \<region> app wiz io/graphql you can use the above url, and replace it with the region where your tenant resides, e g us1 , us2 , eu1 , or eu2 example https //api us17 app wiz io/graphql client credentials the client id and client secret must be provided by your wiz customer or wiz customer service team token url there are two possible token urls depending on your service account's identity provider idp endpoint endpoint for gov tenants amazon cognito https //auth app wiz io/oauth/token https //auth gov wiz io/oauth/token auth0 https //auth wiz io/oauth/token https //auth0 gov wiz io/oauth/token audience choose a relevant audience from the following idp audience amazon cognito wiz api auth0 beyond api action setup you need different permissions for each of the actions to run please refer to the api documentation to know more configurations oauth 2 0 client credentials authenticates using oauth 2 0 client credentials configuration parameters parameter description type required url a url to the target host string required token url string required client id the client id string required client secret the client secret string required audience permission scopes for this action string required first use as a pagination argument to refine your results possible values 1 5000 default will be 500 if not mentioned number optional verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get cloud resources v2 retrieve a filtered list of cloud resources from wiz using specified variables and query parameters endpoint method post input argument name type required description query string optional the graphql query to execute variables object optional parameter for get cloud resources v2 variables after string optional use as a pagination argument for results use the value returned by pageinfo endcursor from the previous response variables fetchtotalcount boolean optional whethwizer to fetch the total count of resources variables filterby object optional this object defines query filters to narrow down search results and return specific cloud resources variables filterby cloudplatform object optional filter by cloud platform variables filterby cloudplatform equals array optional parameter for get cloud resources v2 variables filterby cloudaccountv2 object optional filter by cloud account external id(s) variables filterby cloudaccountv2 externalid object optional unique identifier variables filterby cloudaccountv2 externalid equals array optional unique identifier variables filterby hasadminprivileges object optional filter by whether the resource has admin privileges variables filterby hasadminprivileges equals boolean optional parameter for get cloud resources v2 variables filterby hashighprivileges object optional filter by whether the resource has high privileges variables filterby hashighprivileges equals boolean optional parameter for get cloud resources v2 variables filterby hassensitivedata object optional filter by whether the resource contains sensitive data variables filterby hassensitivedata equals boolean optional response data variables filterby hasaccesstosensitivedata object optional filter by whether the resource has access to sensitive data variables filterby hasaccesstosensitivedata equals boolean optional response data variables filterby isaccessiblefrominternet object optional filter by whether the resource is accessible from the internet variables filterby isaccessiblefrominternet equals boolean optional parameter for get cloud resources v2 variables filterby isopentoallinternet object optional filter by whether the resource is open to all internet variables filterby isopentoallinternet equals boolean optional parameter for get cloud resources v2 variables filterby tag object optional filter by resource tags variables filterby tag containsall array optional parameter for get cloud resources v2 variables filterby type object optional the cloud managed resource object(s) to return entity types must be specified in all caps format for example, use virtual machine for virtual machines input example {"query" "query cloudresourcestable($first int, $after string, $filterby cloudresourcev2filters, $orderby cloudresourceorder, $fetchtotalcount boolean = true) {\\\n cloudresourcesv2(\\\n first $first\\\n after $after\\\n filterby $filterby\\\n orderby $orderby\\\n ) {\\\n totalcount totalserviceusageresourcecount @include(if $fetchtotalcount)\\\n pageinfo {\\\n hasnextpage\\\n endcursor\\\n }\\\n nodes {\\\n id\\\n name\\\n externalid\\\n type\\\n technology {\\\n id\\\n name\\\n }\\\n cloudaccount {\\\n id\\\n name\\\n cloudprovider\\\n externalid\\\n }\\\n cloudplatform\\\n status\\\n region\\\n regionlocation\\\n tags {\\\n key\\\n value\\\n }\\\n projects {\\\n id\\\n name\\\n slug\\\n isfolder\\\n }\\\n createdat\\\n updatedat\\\n deletedat\\\n firstseen\\\n lastseen\\\n typefields {\\\n on cloudresourcev2virtualmachine {\\\n instancetype\\\n operatingsystem\\\n }\\\n on cloudresourcev2database {\\\n kind\\\n }\\\n }\\\n resourcegroup {\\\n id\\\n name\\\n }\\\n isopentoallinternet\\\n isaccessiblefrominternet\\\n hasaccesstosensitivedata\\\n hasadminprivileges\\\n hashighprivileges\\\n hassensitivedata\\\n nativetype\\\n }\\\n }\\\n}","variables" {"after" "string","fetchtotalcount"\ true,"filterby" {"cloudplatform" {"equals" \["string"]},"cloudaccountv2" {"externalid" {}},"hasadminprivileges" {"equals"\ true},"hashighprivileges" {"equals"\ true},"hassensitivedata" {"equals"\ true},"hasaccesstosensitivedata" {"equals"\ true},"isaccessiblefrominternet" {"equals"\ true},"isopentoallinternet" {"equals"\ true},"tag" {"containsall" \[]},"type" {"equals" \["string"]},"updatedat" {"before" "string","after" "string"},"orderby" {"field" "string","direction" "string"}},"orderby" {"field" "string","direction" "string"}}} get configuration findings retrieve filtered cloud configuration findings from wiz using variables for specific rules, resources, or frameworks endpoint method post input argument name type required description variables object optional parameter for get configuration findings variables after string optional parameter for get configuration findings variables orderby object optional parameter for get configuration findings variables orderby direction string optional the order direction can be asc or desc variables orderby field string optional the order field variables filterby object optional parameter for get configuration findings variables filterby id array optional filter configuration findings matching these ids you can specify multiple values variables filterby source array optional filter by source of the configuration you can specify multiple values variables filterby rule object optional parameter for get configuration findings variables filterby rule id array optional filter configuration findings that match these cloud configuration rule ids you can specify multiple values variables filterby rule name array optional filters configuration findings that match the name of these cloud configuration rules you can specify multiple values variables filterby rule description array optional filter by these cloud configuration rule descriptions you can specify multiple values variables filterby resource object optional parameter for get configuration findings variables filterby resource id array optional filter configuration findings by resource id you can specify multiple values variables filterby resource type array optional filter configuration findings by specific entity types you can specify multiple values variables filterby resource projectid array optional filter configuration findings by wiz project id you can specify multiple values variables filterby resource name array optional filter by configuration finding resource name you can specify multiple values variables filterby resource status array optional filter by resource status you can specify multiple values variables filterby resource subscriptionid array optional filter by subscription id you can specify multiple values variables filterby resource cloudplatform array optional filter configuration findings by cloud platform you can specify multiple values variables filterby resource nativetype array optional the name of the resource provided by its cloud service provider, as opposed to how wiz normalizes its name variables filterby resource tags array optional filter by tags associated with the resource you can specify multiple values variables filterby analyzedat object optional parameter for get configuration findings variables filterby analyzedat before string optional parameter for get configuration findings variables filterby analyzedat after string optional parameter for get configuration findings input example {"variables" {"after" "string","orderby" {"direction" "string","field" "string"},"filterby" {"id" \["string"],"source" \["string"],"rule" {"id" \["string"],"name" \["string"],"description" \["string"]},"resource" {"id" \["string"],"type" \["string"],"projectid" \["string"],"name" \["string"],"status" \["string"],"subscriptionid" \["string"],"cloudplatform" \["string"],"nativetype" \["string"],"tags" \["string"]},"analyzedat" {"before" "string","after" "string"},"firstseenat" {"before" "string","after" "string"},"result" \["string"],"severity" \["string"],"benchmark" \["string"],"hasremediationinstructions"\ true,"status" \["string"],"ignoredby" {"isignoredbyrule"\ true,"ignorerules" \["string"]},"frameworkcategory" \["string"],"updatedat" {"after" "string","before" "string"}}}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data configurationfindings object response data data configurationfindings nodes array response data data configurationfindings nodes id string response data data configurationfindings nodes targetexternalid string response data data configurationfindings nodes targetobjectprovideruniqueid string response data data configurationfindings nodes firstseenat string response data data configurationfindings nodes severity string response data data configurationfindings nodes result string response data data configurationfindings nodes status string response data data configurationfindings nodes remediation object response data data configurationfindings nodes resource object response data data configurationfindings nodes resource id string response data data configurationfindings nodes resource providerid string response data data configurationfindings nodes resource name string response data data configurationfindings nodes resource nativetype string response data data configurationfindings nodes resource type string response data data configurationfindings nodes resource region string response data data configurationfindings nodes resource subscription object response data data configurationfindings nodes resource projects array response data data configurationfindings nodes resource tags array response data data configurationfindings nodes rule object response data data configurationfindings nodes rule id string response data output example {"status code" 200,"response headers" {"date" "mon, 31 jul 2023 09 08 42 gmt","content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","content security policy" "default src 'self';base uri 'self';font src 'self' https data ;form action 'sel ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x dns prefetch control" "off","x frame options" "sameorigin","strict t get issues obtain a collection of issues from wiz using targeted queries with specified variables for precise search results endpoint method post input argument name type required description variables object optional parameter for get issues variables after string optional use as a pagination argument to refine your results use the value returned by pageinfo endcursor from the previous response variables orderby object optional the query's results order can be asc or desc variables orderby direction string optional parameter for get issues variables orderby field string optional the order field variables filterby object optional parameter for get issues variables filterby status array optional filter by issue handling status you can specify multiple values if no values are provided, then returns results from all statuses variables filterby id array optional filter only issues that match these ids you can specify multiple values if no values are provided, then returns results from all issues variables filterby search string optional free text search on issue title or object name returns null if no match is found variables filterby frameworktegory array optional filter issues by security framework ids you can specify multiple values if no values are provided, then returns results from all framework categories variables filterby stacklayer array optional filter issues from a specific stack layer (as defined by the control) you can specify multiple values if no values are provided, then returns results from all stack layers variables filterby project array optional filter issues associated with these project ids you can specify multiple values if no values are provided, then returns results from all projects variables filterby severity array optional filter issues according to control severity you can specify multiple values if no values are provided, then returns results from all severities variables filterby sourcesecurityscan string optional filter by security scan source variables filterby resolutionreason array optional filter issues by resolution reason you can specify multiple values if no values are provided, then returns results from all resolution reasons variables filterby type array optional filter by issue type you can specify multiple values if no values are provided, then returns results from all issue types variables filterby createdat object optional parameter for get issues variables filterby createdat after string optional datetime in iso 8601 format variables filterby createdat before string optional datetime in iso 8601 format variables filterby resolvedat object optional parameter for get issues variables filterby resolvedat after string optional datetime in iso 8601 format variables filterby resolvedat before string optional datetime in iso 8601 format variables filterby dueat object optional parameter for get issues variables filterby dueat after string optional datetime in iso 8601 format variables filterby dueat before string optional datetime in iso 8601 format input example {"variables" {"after" "string","orderby" {"direction" "string","field" "string"},"filterby" {"status" \["string"],"id" \["string"],"search" "string","frameworktegory" \["string"],"stacklayer" \["string"],"project" \["string"],"severity" \["string"],"sourcesecurityscan" "string","resolutionreason" \["string"],"type" \["string"],"createdat" {"after" "string","before" "string"},"resolvedat" {"after" "string","before" "string"},"dueat" {"after" "string","before" "string"},"hasserviceticket"\ true,"hasnote"\ true,"hasremediation"\ true,"hasautoremediation"\ true,"statuschangedat" {"after" "string","before" "string"},"updatedat" {"after" "string","before" "string"},"hasduedate"\ true,"hasusernote"\ true,"sourcerule" {"id" \["string"],"cloudeventrulesource" \["string"]},"relatedentity" {"type" \["string"],"ids" \["string"],"status" \["string"],"region" \["string"],"subscriptionid" \["string"],"resourcegroupid" \["string"],"nativetype" \["string"],"cloudplatform" \["string"],"id" "12345678 1234 1234 1234 123456789abc","tag" \[]}}}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data issues object response data data issues nodes array response data data issues nodes id string response data data issues nodes sourcerule object response data data issues nodes sourcerule typename string response data data issues nodes sourcerule id string response data data issues nodes sourcerule name string response data data issues nodes sourcerule controldescription string response data data issues nodes sourcerule resolutionrecommendation string response data data issues nodes sourcerule securitysubcategories array response data data issues nodes createdat string response data data issues nodes updatedat string response data data issues nodes dueat object response data data issues nodes resolvedat object response data data issues nodes statuschangedat string response data data issues nodes projects array response data data issues nodes projects id string response data data issues nodes projects name string response data data issues nodes projects slug string response data data issues nodes projects businessunit string response data data issues nodes projects riskprofile object response data data issues nodes status string response data output example {"status code" 200,"response headers" {"date" "mon, 31 jul 2023 06 07 08 gmt","content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","content security policy" "default src 'self';base uri 'self';font src 'self' https data ;form action 'sel ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x dns prefetch control" "off","x frame options" "sameorigin","strict t get report status and url retrieve the status and access url for a wiz report, with required variables provided in the request body endpoint method post input argument name type required description variables object optional parameter for get report status and url variables reportid string required the id of the report to return input example {"variables" {"reportid" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data report object response data data report lastrun object response data data report lastrun url string response data data report lastrun status string response data output example {"status code" 200,"response headers" {"date" "sun, 30 jul 2023 09 07 18 gmt","content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","content security policy" "default src 'self';base uri 'self';font src 'self' https data ;form action 'sel ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x dns prefetch control" "off","x frame options" "sameorigin","strict t get list of report names retrieves a filtered list of reports from wiz based on specified criteria like id and name in the provided json body endpoint method post input argument name type required description variables object optional parameter for get list of report names variables first number required use as a pagination argument to refine your results possible values 1 5000 variables after string optional use as a pagination argument to refine your results use the value returned by pageinfo endcursor from the previous response variables filterby object optional parameter for get list of report names variables filterby search string optional filter reports matching these names variables filterby type array optional filter reports of specific types you can specify multiple values variables filterby projectid string optional filter reports associated with a specific project identified by its project id variables filterby lastreportrunstatus array optional filter reports with a specific last run status you can specify multiple values input example {"variables" {"first" 123,"after" "string","filterby" {"search" "string","type" \["string"],"projectid" "string","lastreportrunstatus" \["string"]}}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data reports object response data data reports nodes array response data data reports nodes id string response data data reports nodes name string response data data reports pageinfo object response data data reports pageinfo hasnextpage boolean response data data reports pageinfo endcursor string response data output example {"status code" 200,"response headers" {"date" "sun, 30 jul 2023 09 01 15 gmt","content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","content security policy" "default src 'self';base uri 'self';font src 'self' https data ;form action 'sel ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x dns prefetch control" "off","x frame options" "sameorigin","strict t get users retrieves a filtered list of wiz users based on role, authentication provider, or project assignments using specified variables endpoint method post input argument name type required description variables object optional parameter for get users variables after string optional use as a pagination argument to refine your results use the value returned by pageinfo endcursor from the previous response variables filterby object optional parameter for get users variables filterby role array optional filter by user role can be created by a user or built in variables filterby authprovidertype array optional unique identifier variables filterby deleted boolean optional whether the user is deleted variables filterby assignedprojects array optional filter users that are assigned (have access to) specific projects variables filterby search string optional free text search on name, email title, or object name variables filterby updatedat object required parameter for get users variables filterby updatedat after string optional datetime in iso 8601 format variables filterby updatedat before string optional datetime in iso 8601 format input example {"variables" {"after" "string","filterby" {"role" \["string"],"authprovidertype" \["string"],"deleted"\ true,"assignedprojects" \["string"],"search" "string","updatedat" {"after" "string","before" "string"}}}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data users object response data data users nodes array response data data users nodes id string response data data users nodes name string response data data users nodes email string response data data users nodes lastloginat string response data data users nodes issuspended boolean response data data users nodes createdat string response data data users nodes identityprovider object response data data users nodes identityprovidertype string response data data users nodes assignedprojects object response data data users nodes role object response data data users nodes role id string response data data users nodes role name string response data data users nodes role scopes array response data data users pageinfo object response data data users pageinfo endcursor object response data data users pageinfo hasnextpage boolean response data output example {"status code" 200,"response headers" {"date" "mon, 31 jul 2023 06 58 20 gmt","content type" "application/json; charset=utf 8","content length" "488","connection" "keep alive","content security policy" "default src 'self';base uri 'self';font src 'self' https data ;form action 'sel ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x dns prefetch control" "off","x frame options" "sameorigin","strict transpor get vulnerability findings retrieve categorized vulnerability findings from wiz, filtering by asset and severity using specified variables endpoint method post input argument name type required description variables object optional parameter for get vulnerability findings variables after string optional use as a pagination argument to refine your results use the value returned by pageinfo endcursor from the previous response variables orderby object optional the query's results order can be asc or desc determined by the firstdetectedat value variables orderby direction string optional parameter for get vulnerability findings variables filterby object optional parameter for get vulnerability findings variables filterby id array optional filter vulnerability findings matching these ids you can specify multiple values if no values are provided, then returns results from all ids variables filterby vendorseverity array optional filter vulnerability findings according to the vendor severity you can specify multiple values if no values are provided, then returns results from all vendor severities variables filterby firstseenat object optional parameter for get vulnerability findings variables filterby firstseenat after string optional datetime in iso 8601 format variables filterby firstseenat before string optional datetime in iso 8601 format variables filterby updatedat object required parameter for get vulnerability findings variables filterby updatedat after string optional datetime in iso 8601 format variables filterby updatedat before string optional datetime in iso 8601 format variables filterby resolvedat object optional parameter for get vulnerability findings variables filterby resolvedat after string optional datetime in iso 8601 format variables filterby resolvedat before string optional datetime in iso 8601 format variables filterby hasfix boolean optional filter only vulnerability findings for vulnerabilities with an available fix variables filterby hasexploit boolean optional filter only vulnerability findings for vulnerabilities with an available exploit variables filterby hascisakevexploit boolean optional filter only vulnerability findings for vulnerabilities with an available cisa kev exploit variables filterby vulnerabilityexternalid array optional filter only vulnerability findings whose external id matches these you can specify multiple values if no values are provided, then returns results from all external ids variables filterby subscriptionexternalid array optional filter vulnerability findings from these subscription external ids you can specify multiple values if no values are provided, then returns results from all subscriptions variables filterby assetid array optional filter only vulnerability findings on these asset ids you can specify multiple values if no values are provided, then returns results from all asset ids variables filterby assettype string optional the type of asset object to appear in the vulnerability report if not specified, returns results for all asset types variables filterby assetstatus array optional filter only vulnerability findings for assets with these statuses you can specify multiple values if no values are provided, then returns results for all asset statuses variables filterby detectionmethod array optional filter only vulnerability findings found via these detection methods you can specify multiple values if no values are provided, then returns results for all detection methods input example {"variables" {"after" "string","orderby" {"direction" "string"},"filterby" {"id" \["string"],"vendorseverity" \["string"],"firstseenat" {"after" "string","before" "string"},"updatedat" {"after" "string","before" "string"},"resolvedat" {"after" "string","before" "string"},"hasfix"\ true,"hasexploit"\ true,"hascisakevexploit"\ true,"vulnerabilityexternalid" \["string"],"subscriptionexternalid" \["string"],"assetid" \["string"],"assettype" "string","assetstatus" \["string"],"detectionmethod" \["string"],"isassetopentoallinternet"\ true,"assethashighprivileges"\ true,"assethasadminprivileges"\ true,"status" \["string"],"vulnerabilityid" \["string"],"projectid" \["string"],"layerid" \["string"],"isbaselayer"\ true,"validatedinruntime"\ true}}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data vulnerabilityfindings object response data data vulnerabilityfindings nodes array response data data vulnerabilityfindings nodes id string response data data vulnerabilityfindings nodes portalurl string response data data vulnerabilityfindings nodes name string response data data vulnerabilityfindings nodes cvedescription string response data data vulnerabilityfindings nodes cvssseverity string response data data vulnerabilityfindings nodes score number response data data vulnerabilityfindings nodes exploitabilityscore number response data data vulnerabilityfindings nodes impactscore number response data data vulnerabilityfindings nodes datasourcename object response data data vulnerabilityfindings nodes hasexploit boolean response data data vulnerabilityfindings nodes hascisakevexploit boolean response data data vulnerabilityfindings nodes status string response data data vulnerabilityfindings nodes vendorseverity string response data data vulnerabilityfindings nodes firstdetectedat string response data data vulnerabilityfindings nodes lastdetectedat string response data data vulnerabilityfindings nodes resolvedat object response data data vulnerabilityfindings nodes description string response data data vulnerabilityfindings nodes remediation string response data data vulnerabilityfindings nodes detailedname string response data data vulnerabilityfindings nodes version string response data output example {"status code" 200,"response headers" {"date" "sun, 30 jul 2023 13 08 22 gmt","content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","content security policy" "default src 'self';base uri 'self';font src 'self' https data ;form action 'sel ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x dns prefetch control" "off","x frame options" "sameorigin","strict t pull audit logs retrieves a filtered set of audit log activities from wiz based on criteria such as action, status, or user endpoint method post input argument name type required description variables object optional parameter for pull audit logs variables first number required use as a pagination argument to refine your results possible values 1 5000 variables after string optional use as a pagination argument to refine your results use the value returned by pageinfo endcursor from the previous response variables filterby object optional parameter for pull audit logs variables filterby timestamp object optional parameter for pull audit logs variables filterby timestamp after string optional datetime in iso 8601 format variables filterby timestamp before string optional datetime in iso 8601 format variables filterby action string optional filter by specific action name in wiz variables filterby search string optional filter by string matching id or request id variables filterby status array optional filter by audit log event status you can specify multiple values variables filterby user array optional filter by specific user ids or service account ids variables filterby usertype array optional filter audit logs entries by the type of user you can specify multiple values variables filterby useragent string optional filter by user agent variables filterby sourceip string optional filter audit log entries by source ip input example {"variables" {"first" 123,"after" "string","filterby" {"timestamp" {"after" "string","before" "string"},"action" "string","search" "string","status" \["string"],"user" \["string"],"usertype" \["string"],"useragent" "string","sourceip" "string"}}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data auditlogentries object response data data auditlogentries nodes array response data data auditlogentries nodes id string response data data auditlogentries nodes action string response data data auditlogentries nodes requestid string response data data auditlogentries nodes status string response data data auditlogentries nodes timestamp string response data data auditlogentries nodes actionparameters object parameters for the pull audit logs action data auditlogentries nodes actionparameters clientid string parameters for the pull audit logs action data auditlogentries nodes actionparameters groups object parameters for the pull audit logs action data auditlogentries nodes actionparameters name string parameters for the pull audit logs action data auditlogentries nodes actionparameters products array parameters for the pull audit logs action data auditlogentries nodes actionparameters role string parameters for the pull audit logs action data auditlogentries nodes actionparameters scopes array parameters for the pull audit logs action data auditlogentries nodes actionparameters useremail string parameters for the pull audit logs action data auditlogentries nodes actionparameters userid string parameters for the pull audit logs action data auditlogentries nodes actionparameters userpoolid string parameters for the pull audit logs action data auditlogentries nodes useragent object response data data auditlogentries nodes sourceip object response data data auditlogentries nodes serviceaccount object response data data auditlogentries nodes serviceaccount id string response data data auditlogentries nodes serviceaccount name string response data output example {"status code" 200,"response headers" {"date" "mon, 31 jul 2023 06 44 55 gmt","content type" "application/json; charset=utf 8","content length" "922","connection" "keep alive","content security policy" "default src 'self';base uri 'self';font src 'self' https data ;form action 'sel ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x dns prefetch control" "off","x frame options" "sameorigin","strict transpor rerun report initiates a rerun of an existing wiz report with specified variables, returning the original report id endpoint method post input argument name type required description variables object optional parameter for rerun report variables reportid string required the id of the report to return input example {"variables" {"reportid" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data rerunreport object response data data rerunreport report object response data data rerunreport report id string response data output example {"status code" 200,"response headers" {"date" "sun, 30 jul 2023 09 10 38 gmt","content type" "application/json; charset=utf 8","content length" "82","connection" "keep alive","content security policy" "default src 'self';base uri 'self';font src 'self' https data ;form action 'sel ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x dns prefetch control" "off","x frame options" "sameorigin","strict transport update issue modifies an existing issue's status, due date, or notes in wiz using specified variables endpoint method post input argument name type required description variables object optional parameter for update issue variables issueid string required the id of the wiz issue to update variables patch object optional this object defines the specific issue to update, identified by its issue id variables patch status string optional update the status of an issue possible values depend on the type of issue open issues that have not yet been addressed or remediated in progress issues that have been acknowledged and are being handled the in progress status can be manually set to indicate to colleagues that the issue is being actively addressed resolved issues that have been fixed or are no longer considered an issue by wiz rejected issues that have been marked to be ignored, either manually or through ignore rules variables patch resolutionreason string optional update the resolution reason of the issue required if the updated status is set to resolved or rejected the possible values depend on the type of issue and its status variables patch dueat string optional update the estimated time to resolve the issue datetime format yyyy mm dd't'hh\ mm \ ss 'z' (iso 8601 format) variables patch note string optional update the note referenced on the issue when updating the status to rejected to update the note for all other situations, use the update issue note api variables patch resolutionnote string optional update the resolution note of the threat detection issue resolutionnote can only be used when status is set to "resolved" variables override object optional override fields for the issue update variables override status string optional override the status of an issue variables override resolutionreason string optional override the resolution reason of the issue variables override dueat string optional override the estimated time to resolve the issue datetime format yyyy mm dd't'hh\ mm \ ss 'z' (iso 8601 format) variables override note string optional override the note referenced on the issue variables override resolutionnote string optional override the resolution note of the threat detection issue input example {"variables" {"issueid" "842ec39e b907 4c32 b6e5 2c3dd9fd43c0","patch" {"status" "active","resolutionreason" "string","dueat" "string","note" "string","resolutionnote" "string"},"override" {"status" "active","resolutionreason" "string","dueat" "string","note" "string","resolutionnote" "string"}}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data updateissue object response data data updateissue issue object response data data updateissue issue id string response data data updateissue issue note string response data data updateissue issue status string response data data updateissue issue dueat string response data data updateissue issue resolutionreason string response data output example {"status code" 200,"response headers" {"date" "mon, 31 jul 2023 06 58 20 gmt","content type" "application/json; charset=utf 8","content length" "488","connection" "keep alive","content security policy" "default src 'self';base uri 'self';font src 'self' https data ;form action 'sel ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x dns prefetch control" "off","x frame options" "sameorigin","strict transpor response headers header description example access control allow credentials http response header access control allow credentials true connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 82 content security policy http response header content security policy default src 'self';base uri 'self';font src 'self' https data ;form action 'self';frame ancestors 'self';img src 'self' data ;object src 'none';script src 'self';script src attr 'none';style src 'self' https 'unsafe inline';upgrade insecure requests content type the media type of the resource application/json; charset=utf 8 cross origin embedder policy http response header cross origin embedder policy require corp cross origin opener policy http response header cross origin opener policy same origin cross origin resource policy http response header cross origin resource policy same origin date the date and time at which the message was originated sun, 30 jul 2023 09 07 18 gmt etag an identifier for a specific version of a resource w/"52 teg+gok95o9pnmzzoc9ukxeda/k" origin agent cluster http response header origin agent cluster ?1 referrer policy http response header referrer policy no referrer strict transport security http response header strict transport security max age=15552000; includesubdomains transfer encoding http response header transfer encoding chunked vary http response header vary origin, accept encoding x content type options http response header x content type options nosniff x dns prefetch control http response header x dns prefetch control off x download options http response header x download options noopen x frame options http response header x frame options sameorigin x permitted cross domain policies http response header x permitted cross domain policies none x xss protection http response header x xss protection 0