# WIZ CNAPP 的来源配置
## 与 Wiz CNAPP 集成
Wiz 是一个云原生应用程序保护平台(CNAPP),可在多云环境中提供全面的可见性和安全性。CloudWatch 管道使用 Wiz GraphQL API 从云基础设施中检索有关安全状况、漏洞、错误配置、威胁和审计活动的信息。Wiz GraphQL API 支持通过灵活的 GraphQL 查询访问安全数据,允许从 Wiz 平台中检索审计日志、问题、漏洞调查发现、配置调查发现和检测。
## 使用 Wiz CNAPP 进行身份验证
要读取 Wiz Cnapp 审计日志,管道需要使用您的账户进行身份验证。该插件支持 OAuth2 身份验证机制。按照以下说明开始使用。
+ 在 Wiz 中创建具有适当权限的服务账户。您必须以 Wiz 用户身份登录,且对服务账户拥有写入(W)权限。
+ 配置服务账户,获取新创建的客户端 ID 和客户端密钥。
+ 在 AWS Secrets Manager 中创建密钥,将应用程序(客户端)ID 存储在 `client_id` 键下,将客户端密钥存储在 `client_secret` 键下。
+ 为您的服务账户配置 API 权限(范围)。
所需的范围:`read:issues`、`read:detections`、`read:cloud_events_cloud`、`read:cloud_events_sensor`、`read:security_scans`、`read:vulnerabilities`、`read:cloud_configuration`、`admin:audit`
+ 识别您的 GraphQL API 端点:要查找特定端点,请查看 Wiz 门户中的租户信息。Wiz GraphQL API 端点是 `https://api..app.wiz.io/graphql`,其中 `` 对应于 Wiz 租户的数据中心(例如 us1、us2、eu1、eu2)。
## 配置 CloudWatch 管道
将管道配置为从 Wiz 读取审计日志时,请选择 Wiz CNAPP 作为数据来源。填写必填信息,例如“区域”。创建管道后,数据将在选定的 CloudWatch Logs 日志组中可用。
## 支持的开放式网络安全架构框架事件类
此集成支持 OCSF 架构版本 1.5.0 以及映射到“检测调查发现”(2004)、“漏洞调查发现”(2002)、“合规性调查发现”(2003)、“身份验证”(3002)和“API 活动”(6003)的事件。
**检测调查发现**包含来自以下来源的所有事件:
+ 问题
+ 检测
**漏洞调查发现**包含来自以下来源的所有事件:
+ 漏洞调查发现
**合规性调查发现**包含来自以下来源的所有事件:
+ 云配置调查发现
**身份验证**包含来自以下来源和给定操作的事件:
+ 审核日志
+ DeviceLogin
+ 登录
**API 活动**包含来自以下来源和给定操作的事件:
+ 审核日志
+ AddSecurityScan
+ AddSupportTicketContext
+ AiAssistantSendMessage
+ ApproveCopyResourceForensicsSettings...
+ AssociateServiceTicket
+ CancelReportRun
+ ClearUIUserPreferences
+ CompleteAuthMigration
+ ConvertGitHubAppRegistrationCode
+ CopyResourceForensicsToExternalAccount
+ CreateActionTemplate
+ CreateApplicationServiceDiscoveryRule
+ CreateAutomationRule
+ CreateCICDScanPolicy
+ CreateCloudConfigurationFindingNote
+ CreateCloudConfigurationRule
+ CreateCloudConfigurationRules
+ CreateCloudEventRule
+ CreateComputeGroupTagsSet
+ CreateConnector
+ CreateControl
+ CreateCustomIPRange
+ CreateDashboard
+ CreateDashboardWidget
+ CreateDataClassifier
+ CreateDigitalTrustCustomDomain
+ CreateFileIntegrityMonitoringExclusion
+ CreateHostConfigurationAssessmentNote
+ CreateHostConfigurationRule
+ CreateIgnoreRule
+ CreateImageIntegrityValidator
+ CreateIntegration
+ CreateIssueNote
+ CreateMalwareExclusion
+ CreateMonitoredMetric
+ CreateOutpost
+ CreateOutpostCluster
+ CreatePolicyPackage
+ CreatePortalView
+ CreateProject
+ CreateRemediationAndResponseDeployment
+ CreateRemediationPullRequest
+ CreateReport
+ CreateRuntimeResponsePolicy
+ CreateSAMLIdentityProvider
+ CreateSAMLUser
+ CreateSavedCloudEventFilter
+ CreateSavedGraphQuery
+ CreateScannerAPIRateLimit
+ CreateSecurityFramework
+ CreateServiceAccount
+ CreateSupportTicket
+ CreateTestNode
+ CreateUser
+ CreateUserRole
+ CreateVulnerabilityFindingNote
+ DeleteActionTemplate
+ DeleteApplicationServiceDiscoveryRule
+ DeleteAutomationRule
+ DeleteCICDScan
+ DeleteCICDScanPolicy
+ DeleteCloudConfigurationFindingNote
+ DeleteCloudConfigurationRule
+ DeleteCloudEventRule
+ DeleteComputeGroupTagsSet
+ DeleteConnector
+ DeleteControl
+ DeleteCustomIPRange
+ DeleteDashboard
+ DeleteDashboardWidget
+ DeleteDataClassifier
+ DeleteDigitalTrustCustomDomain
+ DeleteFileIntegrityMonitoringExclusion
+ DeleteHostConfigurationAssessmentNote
+ DeleteHostConfigurationRule
+ DeleteIgnoreRule
+ DeleteImageIntegrityValidator
+ DeleteIntegration
+ DeleteIssueNote
+ DeleteMalwareExclusion
+ DeleteMonitoredMetric
+ DeleteOutpost
+ DeleteOutpostCluster
+ DeletePolicyPackage
+ DeletePortalView
+ DeleteProject
+ DeleteRemediationAndResponseDeployment
+ DeleteReport
+ DeleteRuntimeResponsePolicy
+ DeleteSAMLIdentityProvider
+ DeleteSavedCloudEventFilter
+ DeleteSavedGraphQuery
+ DeleteScannerAPIRateLimit
+ DeleteSecurityFramework
+ DeleteSecurityScan
+ DeleteServiceAccount
+ DeleteTestNode
+ DeleteUser
+ DeleteUserRole
+ DeleteVulnerabilityFindingNote
+ DisassociateServiceTicket
+ DuplicateDashboard
+ DuplicateDataClassifier
+ DuplicateHostConfigurationRule
+ DuplicateSecurityFramework
+ DuplicateUserRole
+ FinalizeCICDScan
+ FinalizeCICDScanTelemetry
+ GenerateWizContainerRegistryToken
+ GraphSearch
+ InitiateCICDScanTelemetry
+ InitiateDiskScanContainerImage
+ InitiateDiskScanDirectory
+ InitiateDiskScanVirtualMachine
+ InitiateDiskScanVirtualMachineImage
+ InitiateIACScan
+ InvokeOutpostClusterUpdate
+ LegalConsent
+ MergeDiscoveredApplicationService
+ MigrateUsers
+ ModifySAMLIdentityProviderGroupMappings
+ ModifySAMLIdentityProviderPortalView...
+ PromoteDiscoveredApplicationService
+ ProvideAiFeedback
+ ProvideAiGraphQueryExample
+ ProvideAiGraphQueryFeedback
+ ProvideIssueFeedback
+ ReassessIssue
+ RefreshResponseActions
+ RegisterAgent
+ ReportIDEActivityHeartbeat
+ ReportIDEAnalytics
+ RequestConnectorEntityScan
+ RequestConnectorScan
+ RerunReport
+ ResetUserPassword
+ RevokeSessions
+ RevokeUserSessions
+ RotateServiceAccountSecret
+ RunAllControls
+ RunCloudConfigurationRule
+ RunControl
+ RunControlsIntegrationAction
+ RunIssuesIntegrationAction
+ RunOutpostClusterUpdate
+ RunResponseAction
+ SAMLUserInitialProvision
+ SendUserEmailInvite
+ TagCICDScan
+ TokenDeviceRefresh
+ TokenRefresh
+ UninstallOutpost
+ UpdateAiSettings
+ UpdateApplicationServiceDiscoveryRule
+ UpdateAutomationRule
+ UpdateBasicAuthSettings
+ UpdateCICDScanPolicy
+ UpdateChampionCenterJourneyItem
+ UpdateCloudConfigurationFinding
+ UpdateCloudConfigurationRule
+ UpdateCloudConfigurationRules
+ UpdateCloudCostSettings
+ UpdateCloudEventRule
+ UpdateCloudEventRules
+ UpdateCloudEventSettings
+ UpdateComputeGroupTagsSet
+ UpdateConnector
+ UpdateContainerRegistryCustomScannin...
+ UpdateContainerRegistryGlobalScannin...
+ UpdateControl
+ UpdateControls
+ UpdateCopyResourceForensicsSettings
+ UpdateCustomIPRange
+ UpdateCustomIPRangesSettings
+ UpdateCustomUserRolesSettings
+ UpdateDashboard
+ UpdateDashboardSettings
+ UpdateDashboardWidget
+ UpdateDataClassifier
+ UpdateDataFinding
+ UpdateDataScannerSettings
+ UpdateDigitalTrustCustomDomain
+ UpdateDigitalTrustDashboardSettings
+ UpdateDigitalTrustSAMLIdentityProvider
+ UpdateDiscoveredApplicationServices
+ UpdateEventTriggeredScanningSettings
+ UpdateExternalExposureScannerSettings
+ UpdateExternalExposureSettings
+ UpdateFileIntegrityMonitoringExclusion
+ UpdateFileIntegrityMonitoringSettings
+ UpdateForensicsPackageSettings
+ UpdateGraphEntity
+ UpdateHostConfigurationRule
+ UpdateHostConfigurationRuleAssessment
+ UpdateHostConfigurationRules
+ UpdateIPRestrictions
+ UpdateIgnoreRule
+ UpdateImageIntegrityValidator
+ UpdateIntegration
+ UpdateInternalExposureSettings
+ UpdateIssue
+ UpdateIssueNote
+ UpdateIssueSettings
+ UpdateIssues
+ UpdateKubernetesGlobalScanningConfig...
+ UpdateLoginSettings
+ UpdateMalwareExclusion
+ UpdateMonitoredMetric
+ UpdateMonitoredMetricSettings
+ UpdateNode
+ UpdateNonOSDiskScanningSettings
+ UpdateNotificationSettings
+ UpdateOutpost
+ UpdateOutpostCluster
+ UpdatePolicyPackage
+ UpdatePortalInactivityTimeoutSettings
+ UpdatePortalSettings
+ UpdatePortalView
+ UpdatePreviewHubItem
+ UpdateProject
+ UpdateRemediationAndResponseDeployment
+ UpdateReport
+ UpdateReportSettings
+ UpdateRepositorySettings
+ UpdateResponseAction
+ UpdateResponseActions
+ UpdateRuntimeResponsePolicy
+ UpdateSAMLIdentityProvider
+ UpdateSavedCloudEventFilter
+ UpdateSavedGraphQuery
+ UpdateScannerAPIRateLimit
+ UpdateScannerExclusionSettingsConstr...
+ UpdateScannerExclusionSettingsTimeLi...
+ UpdateScannerExclusionSizeLimits
+ UpdateScannerExclusionTags
+ UpdateScannerResourceTagSettings
+ UpdateScannerResourceTags
+ UpdateScannerSettings
+ UpdateSecretInstance
+ UpdateSecurityFramework
+ UpdateSecurityScan
+ UpdateServiceAccount
+ UpdateSessionLifetimeSettings
+ UpdateSupportContactList
+ UpdateSystemHealthIssue
+ UpdateSystemHealthIssues
+ UpdateTechnology
+ UpdateTenantNewsletterSettings
+ UpdateUIUserPreferences
+ UpdateUser
+ UpdateUserRole
+ UpdateUserSelectedPortalView
+ UpdateVersionControlOrganizationSett...
+ UpdateVersionControlRepositorySettings
+ UpdateViewerPreferences
+ UpdateVulnerability
+ UpdateVulnerabilityAssessmentSettings
+ UpdateVulnerabilityFinding
+ UpdateVulnerabilityFindingStatus
+ UpsertAgentTelemetry