---
title: Wiz
---
<!-- licenses: community, platform -->

runZero integrates with ((Wiz)) by importing data from the [Wiz API](https://docs.wiz.io/wiz-docs/docs/wiz-api-introduction). This integration allows you to sync data about your cloud assets, software, and vulnerabilities from Wiz to provide better visibility of your cloud assets and security posture.

## Getting started with Wiz {#wiz-getting-started}

To set up an integration with Wiz, you'll need to:

1. Create a Service Account in Wiz with permissions to read graph resources, read reports, and create reports.
2. Configure the Wiz credential in runZero.
3. Choose whether to configure the integration as [a scan probe or connector task](integrations-inbound.md#integration-probe-connector).
4. Activate the integration to pull your data into runZero.

## Requirements {#wiz-requirements}

Before you can set up the Wiz integration:

* Make sure you have administrator access to the Wiz portal.

## Step 1: Create a Service Account in Wiz {#wiz-step1}

1. Sign in to Wiz with an Administrator account.
2. Go to **Settings** > **Access Management** > **Service Accounts** > **Add Service Account**.
3. Enter a descriptive name in the **Name** field.
4. Select _Custom Integration (GraphQL API)_ for the **Type**.
5. Under **Projects**, select the projects the Service Account should have access to, or leave blank to allow access to all projects.
6. Enable `read:resources`, `read:reports`, and `create:reports` for the **API Scopes**.
7. Click **Add Service Account** and copy the **Client ID** and **Client Secret**.
8. Go to **User Settings** > **Tenant** and note the **API Endpoint URL** in the format: `https://api.{{region}}.app.wiz.io/`.

## Step 2: Add the Wiz credential to runZero {#wiz-step2}

1. Go to the [Credentials page](https://console.runzero.com/credentials/new) in runZero. Provide a name for the credentials, like `Wiz`.
2. Choose **Wiz Client Secret** from the list of credential types.
3. Create your Wiz service account via the settings page in the Wiz portal, and then provide the following information:
    * **Wiz Client ID** - The client ID of your Wiz service account.
    * **Wiz Client Secret** - The client secret of your Wiz service account.
    * **Wiz Auth URL**- The URL used to authenticate the Wiz service account.
    * **Wiz API URL** - The API Endpoint URL used to access the Wiz API.
4. If you want other organizations to be able to use this credential, select the _Make this a global credential_ option. Otherwise, you can configure access on a per-organization basis.
5. Save the credential.

You're now ready to set up and activate the connection to bring in data from Wiz. 

## Step 3: Choose how to configure the Wiz integration {#wiz-step3}
The Wiz integration can be configured as either a [scan probe or a connector task](integrations-inbound.md#integration-probe-connector). Scan probes gather data from integrations during scan tasks. Connector tasks run independently from either the cloud or one of your Explorers, only performing the integration sync.

## Step 4: Set up and activate the integration to sync data {#wiz-step4}
After you add your Wiz credential, you'll need to sync your data from Wiz.

### Step 4a: Configure the Wiz integration as a connector task {#wiz-step4a}
A connection requires you to specify a schedule and choose a site. The schedule determines when the sync occurs, and the site determines where any new Wiz-only assets are created.

1. Activate a connection to [Wiz](https://console.runzero.com/ingest/wiz). You can access all available third-party connections from the [integrations page](https://console.runzero.com/integrations), your [inventory](https://console.runzero.com/inventory), or the [tasks page](https://console.runzero.com/tasks). 
2. Choose the credentials you added earlier. If you don't see the credentials listed, make sure the credentials have access to the organization you are currently in. 
3. Set the severity and risk levels you want to import (optional).
4. Set the **Fingerprint only** toggle to _Yes_ if you want vulnerability records to be ingested for fingerprint analysis but not stored in your runZero vulnerability inventory (optional).
5. Enter a name for the task, like `Wiz Sync` (optional). 
6. Choose the Explorer to perform this connector task from (optional).
7. Choose the site you want to add your assets to. All newly discovered assets will be stored in this site. 
8. Enter a description for the task (optional).
9. If you want to exclude assets that have not been scanned by runZero from your integration import, switch the **Exclude unknown assets** toggle to _Yes_. By default, the integration will include assets that have not been scanned by runZero.
10. If you want to exclude assets that have not been assessed for vulnerabilities, switch the **Include unscanned assets** toggle to _No_.
11. Schedule the sync. A sync can be set to run on a recurring schedule or run once. The schedule will start on the date and time you have set. 
12. Activate the connection when you are done. The sync will run on the defined schedule. You can always check the [Scheduled tasks](https://console.runzero.com/tasks) to see when the next sync will occur. 

### Step 4b: Configure the Wiz integration as a scan probe {#wiz-step4b}
You can run the Wiz integration as a scan probe so that the runZero Explorer will pull your Wiz assets into the runZero Console. 

In a new or existing scan configuration:
* Ensure that the _WIZ_ option is set to _Yes_ in the _Probes and SNMP_ tab and change any of the default options if needed.
* Optionally, set the severity and risk levels for ingested vulnerability results.
* Set the correct _Wiz_ credential to _Yes_ in the _Credentials_ tab.

### Step 5: View Wiz assets, software, and vulnerabilities {#wiz-step5}

After a successful sync, you can [go to your inventory](https://console.runzero.com/inventory) to view your Wiz assets. These assets will have a Wiz icon listed in the **Source** column.

The Wiz integration gathers details about software and vulnerabilities detected in addition to enriching asset inventory data. Go to **Inventory** > [**Software**](https://console.runzero.com/inventory/software) or **Inventory** > [**Vulnerabilities**](https://console.runzero.com/inventory/vulnerabilities) to view the software and vulnerability data provided by Wiz.

To filter by Wiz assets, consider running the following queries:

* [View all Wiz assets](https://console.runzero.com/inventory?search=source%3Awiz): 
     ```
     source:Wiz
    ```
Click into each asset to see its individual attributes. runZero will show you the attributes gathered from Wiz.

## Troubleshooting {#wiz-troubleshooting}
If you are having trouble using this integration, the questions and answers below may assist in your troubleshooting.

### Why is the Wiz integration unable to connect? {#wiz-connection-error}
1. Are you getting any data from the Wiz integration?
    * Make sure to query the inventory rather than look at the task details to review all the data available from this integration.
    * In some cases, integrations have a configuration set that limits the amount of data that comes into the runZero console.
2. Some integrations require very specific actions that are easy to overlook. If a step is missed when setting up the integration, it may not work correctly. Please review this documentation and follow the steps exactly.
    * Double-check the API Scopes assigned to the Wiz service account. A valid service account that is missing the required permissions will result in a failed import.
3. If the Wiz integration is unable to connect be sure to check the task log for errors. Some common errors include:
    * 500 - server error, unable to connect to the endpoint
    * 404 - hitting an unknown endpoint on the server
    * 403 - not authorized, likely a credential issue