Skip to main content
Wiz

Learn to integrate Wiz with Torq for cloud security - setup triggers, actions, and automation for proactive risk management.

Updated over 5 months ago

Wiz is a cloud security company that provides a platform for identifying and addressing security risks in cloud environments.

To create Wiz integrations in Torq, you need some of the following permissions in Wiz:

  • Project Admin

  • Global Contributor

  • Global Admin

Create a Wiz Trigger in Torq

  1. Go to Build > Integrations > Steps > Wiz and click Add.

  2. Give the integration a unique and meaningful name. This cannot be changed later.

  3. There are two available options for the Authentication headers. Use Bearer Authentication (a) or Basic Authentication (b).

    1. Bearer Authorization (recommended):

      1. Name the header Authorization.

      2. Give the value as: Bearer <bearer_token_value>

      3. Example: Bearer token authentication using "abc12345" as the token for authorization would be Bearer abc12345

    2. Basic Authentication:

      1. Name the header Authorization

      2. Give the value as: Basic <base64_value_of_username:password>

      3. For example, the Base64 value to use for a user name user@example.com with the password of abc123 would be the following: dXNlckBleGFtcGxlLmNvbTphYmMxMjM=

      4. This can be easily generated from the Torq step Encode base6.

  4. Click Add.

  5. From the integration table, copy the URL you created.

Create a Torq Integration in Wiz

  1. In Wiz go to Settings > Integrations > Add new integration.

    Wiz add new integration for torq security automation
  2. Search for Torq in the search bar.

    Searching for Torq in wiz integrations
  3. Give the integration a unique and meaningful name.

  4. Select the scopes you want the integration to have.

  5. Paste the URL from Torq you created earlier.

  6. Under Parameters > Authentication, select Token authentication and paste the secret you created in step 3 of the Torq trigger creation.

    Paste the URL from Torq trigger integration in the Wiz integration
  7. Click Add Integration to save the integration in Wiz.

    Paste the token generated by Torq into Wiz integration

Create an Automation Action in Wiz to Send Issues to Torq

  1. In Wiz, go to the Settings > Response and Automation > Actions page, then click Add Action.

  2. Give the new Action a unique and meaningful name.

  3. From the Action drop-down, select Integrate with Torq.

  4. Set the scope of the new Action to either:

    1. All projects

    2. A selected project

    3. (Optional) Restrict the new Action to only Global Contributor and Global Admins

    4. (Optional) Restrict the Action to users with the Global Contributor and Global Admin roles.

  5. For the URL, paste the URL you made in Torq.

  6. You can modify the fields in the body request based on the workflow you want to build with Torq. See the list of supported template variables.

  7. Click Add Action.

Create an Automation Rule

Automation Rules trigger Automation Actions. After you've added the Action to send Issues to Torq, you must create a Rule that triggers it. See the page on Automation Rules in the Wiz documentation.

Create a Service Account

To interact with the Wiz API from Torq workflows, you must create a service account, which will allow you to create the required API token, Client ID, and Client Secret. You'll need these when you create the Wiz steps integration in Torq.

For more information, see the Wiz API documentation.

Create a Wiz Steps Integration in Torq

  1. Go to Build > Integrations> Steps > Wiz and click Add.

  2. Type a meaningful name for the integration. This cannot be changed later.

  3. Enter the values for the following fields. You copied and saved these earlier.

    1. Wiz Client ID

    2. Wiz Client Secret

    3. Wiz Region

  4. Click Add.

    wiz-step-add

Premade Steps

These are the premade steps for OpenAI. Don't see the step you need? No problem; you can easily create a custom step.

  • Add note to issue

  • Create inventory report

  • Create issues report

  • Create session

  • Create vulnerabilities

  • Get issue information

  • List issues

  • List vulnerability findings

  • Run GraphQL query

  • Set issue status

Did this answer your question?