Wiz

Supported OS Linux Windows Mac OS

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Overview

Datadog’s integration with Wiz allows you to ingest both audit logs and issues (including threats and toxic combinations) into Datadog Cloud SIEM using the Wiz API.

Log Types Collected

Audit Logs

Actions taken by team members, report activity, and issue updates. Useful for detecting unusual activity and supporting investigations.

Issues

Logs of toxic combinations and misconfigurations in your cloud infrastructure.

Setup

Configuration

Audit Logs (Pull-based using Wiz API)

Prerequisites

  • Access to a Wiz tenant with permission to create service accounts.

Step 1: Add a new account in Datadog

  1. In the table below, click Add New.
  2. Enter a unique Datadog Account Name.
  3. Paste the Wiz token URL:
    https://auth.app.wiz.io/oauth/token

Step 2: Enter the query URL

Wiz uses a unified GraphQL endpoint:

https://api.<TENANT_REGION>.app.wiz.io/graphql

Replace <TENANT_REGION> with your actual region (for example, us1, eu1, and so on).

To find your endpoint:

  1. Log in to Wiz.
  2. Go to User Settings.
  3. Click Tenant in the left menu.
  4. Copy your API endpoint.

Step 3: Create a service account in Wiz

  1. Go to Settings > Access Management > Service Accounts.
  2. Click Add Service Account.
  3. Fill in:
    • Name: For example, Datadog Integration
    • Type: Custom Integration (GraphQL API)
    • API Scopes: admin:audit, read:issues
  4. Save the account and copy the Client ID and Client Secret into the table below.

NOTE: Audit Logs are pulled in every 12 hours per Wiz API requirements.

Issues (Push-based using webhooks)

Wiz sends issue data to Datadog using push-based webhooks.

Step 1: Generate your intake URL

  1. In Datadog, generate an intake URL using an existing or new API key.
  2. Click Copy Intake URL.

Step 2: Configure the webhook in Wiz

  1. Go to Settings > Integrations > Webhooks in Wiz.
  2. Create a new webhook for Datadog.
  3. Paste the intake URL from Datadog into the webhook configuration.

For more information on Wiz’s webhook formats, see:

Validation

After setup:

  1. Go to Logs Explorer in Datadog.
  2. Search with source:wiz.
  3. If successful, Wiz logs show up.
  4. If not, go to Logs > Indexes and verify you have a log index set for source:wiz*.

Data Collected

Metrics

The Wiz integration does not include any metrics.

Service Checks

The Wiz integration does not include any service checks.

Events

The Wiz integration does not include any events.

Logs

The Wiz integration collects audit logs and issues.

Troubleshooting

Need help? Contact Datadog support or Wiz support.

PREVIEWING: camille.jouan/et-datadog-operator