Wiz (Cloud Security)

The Wiz CNAPP Connector solves the fragmentation problem of managing cloud security findings across multiple platforms by centralizing asset and vulnerability data from Wiz into Qualys Enterprise TruRisk Management. It enables security teams to gain centralized cloud risk visibility across storage, compute, container instances, and container images without manual data reconciliation.

By automatically syncing vulnerability findings through a unidirectional API integration, the connector reduces operational overhead and improves risk assessment accuracy. This unified view allows security practitioners to correlate findings across their cloud infrastructure and make faster remediation decisions from a single platform.

Connector Details

The following table provides details of the Wiz CNAPP connector.

Vendor Wiz
Product Name Wiz CWP
Connector Category Wiz CNAPP
Asset Types Supported Storage, Compute, Container Instances, Container Images
Finding Types Supported Vulnerabilities
Supported Version & Type SaaS
Integration Method API Integration (REST / GraphQL)
Direction Unidirectional (Wiz to Qualys)
Incremental Sync (Delta) Supported

Connection Settings

User Roles and Permissions

To configure the Wiz CNAPP connector, you must create a Wiz service account with appropriate API permissions.

Entity Type Required Permissions
Vulnerability Findings read:vulnerabilities
Assets read:resources

You need the following Wiz API Access information to configure the connection:

  • Wiz API Endpoint URL (e.g., https://api.<region>.app.wiz.io)
  • Wiz Client ID
  • Wiz Client Secret
  • Token URL

Refer here for the detailed steps to generate the required information.

For quick reference on how to obtain the required values, follow the steps below.

API Endpoint URL

Your Wiz API Endpoint URL follows the format below.

https://api.<TENANT_DATA_CENTER>.<ENVIRONMENT>

Where,

  • The <TENANT_DATA_CENTER> is the regional data center of your wiz account(e.g., us1, us2, or eu1)
  • The <ENVIRONMENT> is one of the following three - app.wiz.io, app.wiz.us, or gov.wiz.io.
Type of Environment Value Example

Commercial (Standard)

app.wiz.io

https://api.us17.app.wiz.io

Gov (FedRAMP)

app.wiz.us

https://api.us17.app.wiz.us

Commercial AWS GovCloud

gov.wiz.io

https://api.us17.gov.wiz.io

The above values are samples. Use the appropriate Tenant Data Center for your purpose.

How to obtain the Tenant Data Center

At the top right of your Wiz portal, click the User icon > Tenant Info (here). 

At the left side, click Data Center and Regions (here). Copy the Tenant Data Center.

Client ID and Client Secret

To obtain the Client ID and Client Secret values, you need to create a service account with the required permissions.

Log in to your Wiz account with the Project Admin role.

  1. Navigate to Settings > Service Accounts
  2. Click Add Service Accounts
  3. Provide a Service Account Name
  4. Select the Type as Custom Integration - GraphQL
  5. Select the projects to limit access to
  6. For Vulnerabilities, select the read:vulnerabilities permission and for Assets, select the read:resources permission in the API Scopes.
  7. Click Add Service Account
  8. The page displays a Client ID and Client Secret. Securely store these values for later use

Authentication Details

Provide the following credentials when configuring the connector:

Name Description
Wiz API Endpoint URL Base API endpoint for your Wiz tenant. Example (https://api.<region>.app.wiz.io)
Client ID Service account Client ID
Client Secret Service account Client Secret
Token URL OAuth token endpoint for the Wiz tenant

API Endpoint URL Format

https://api.<TENANT_DATA_CENTER>.<ENVIRONMENT>

Environment Type Value Example
Commercial (Standard) app.wiz.io https://api.us17.app.wiz.io
Gov (FedRAMP) app.wiz.us https://api.us17.app.wiz.us
AWS GovCloud gov.wiz.io https://api.us17.gov.wiz.io

Token URL

Tenant Type Token Endpoint
Wiz Commercial https://auth.app.wiz.io/oauth/token
Wiz Gov (FedRAMP) https://auth.app.wiz.us/oauth/token
Wiz AWS GovCloud https://auth.gov.wiz.io/oauth/token

Connector Configuration

Basic Details

  1. Log in to Qualys ETM.
  2. Navigate to Connectors > Integration.
  3. Locate Wiz CNAPP Connector and click Manage.
  4. Provide a connector Name and Description.
  5. Enter authentication details.

Schedule

Schedules control the execution and scope of the connector.

  1. Configure Schedule.
  2. Select supported Asset Types.
  3. Select Findings to ingest.

Asset Identification Rules

The Identification Rules are a set of out-of-the-box precedence rules set by Qualys CSAM. The connector discovers findings based on the order set by the selected Identification Rules.

These rules are applicable only to compute asset types. Other asset classes are not affected.

You can proceed to the next step without making any changes to this screen.

How Does the Connection Work?

On schedule (or on-demand), the Wiz CNAPP connector retrieves selected asset classes and vulnerability findings from Wiz and imports them into ETM Inventory.

In the Connector screen, you can find your newly configured connector listed and marked in the Processed state.

Connector States

A successfully configured connector goes through 4 states.

  1. Registered - The connector is successfully created and registered to fetch data from the vendor.
  2. Scheduled - The connector is scheduled to execute a connection with the vendor.
  3. Processing - A connection is executed and the connector is fetching the asset and findings data.
  4. Processed - The connector has successfully fetched the assets; it may still be under process of fetching the findings. Wait for some more time for the connector to fetch the findings completely.

The Processed state indicates that the Connector is successfully configured but it is under the process of importing all your assets and findings. This process (specifically for findings) may take some time.

This entire process may take up to 2 hours for completion. Once it is done, you can find the imported data in Enterprise TruRisk Management (ETM).

Viewing Assets and Findings in ETM

After ingestion, view WIZ assets in ETM Unified Asset Inventory.

  • Assets: Enterprise TruRisk Management > Inventory > Assets > All Assets. Use the tag or asset filter: tags.name:"Wiz" or asset.inventory:"Wiz"
  • Findings: Enterprise TruRisk Management > Risk Management > Findings > Vulnerability. Use the vendor filter: findings.vendorProductname:"Wiz".

     You can click on any findings to open a detailed view.

API Reference

Here are the APIs executed for the Wiz CNAPP connection.

API Endpoint
Authentication https://auth.app.wiz.io/oauth/token
GraphQL https://api.<tenant>.app.wiz.io/graphql

 

© 2026 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: March, 2026