Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion packages/wiz/_dev/build/build.yml
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
dependencies:
ecs:
reference: "git@v8.17.0"
reference: "git@v9.3.0"
17 changes: 15 additions & 2 deletions packages/wiz/_dev/build/docs/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,16 @@ The Wiz integration enables you to consume and analyze Wiz data within Elastic S

## Data streams

The Wiz integration collects five types of data:
The Wiz integration collects six types of data:

- **Audit** - The Audit log records key events within the Wiz platform, including logins and any mutation API calls executed in the Wiz portal (such as write, edit, delete, and save actions).

- **Cloud Configuration Finding** - A Cloud Configuration Finding is a result generated when a cloud resource does not pass a specific Cloud Configuration Rule.

- **Defend** - Detects and alerts on real-time cloud threats using runtime signals, logs, and Wiz’s security graph via webhook integrations.

- **Defend v2** - Detections generated by Threat Detection Rules, which give enhanced granularity and visibility into network activities and potential security incidents.

- **Issue** - Issues represent active risks or threats identified in your cloud environment.

- **Vulnerability** - Vulnerabilities are weaknesses in computer systems that can be exploited by malicious attackers.
Expand All @@ -26,7 +28,7 @@ This integration supports using Elastic Agent or agentless ingestion of data.

Elastic Agent must be installed. For more details, check the Elastic Agent [installation instructions](docs-content://reference/fleet/install-elastic-agents.md).

The minimum **kibana.version** required is **8.10.1**.
The minimum **kibana.version** required is **8.19.2** or **9.1.2**.
This module has been tested against the **Wiz API Version v1**.

## Agentless-enabled integration
Expand Down Expand Up @@ -62,6 +64,7 @@ Agentless deployments are only supported in Elastic Serverless and Elastic Cloud
| Vulnerability | read:vulnerabilities |
| Cloud Configuration Finding | read:cloud_configuration |
| Cloud Configuration Finding Full Posture | read:cloud_configuration |
| Defend v2 | read:detections, read:cloud_events_cloud, read:cloud_events_sensor, read:security_scans |

### Collect logs (Defend) via HTTP Endpoint

Expand Down Expand Up @@ -153,6 +156,16 @@ This is the `Defend` dataset.

{{fields "defend"}}

### Defend v2

This is the `Defend v2` dataset.

#### Example

{{event "defend_v2"}}

{{fields "defend_v2"}}

### Issue

This is the `Issue` dataset.
Expand Down
29 changes: 21 additions & 8 deletions packages/wiz/_dev/deploy/docker/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
version: '2.3'
services:
wiz-audit:
image: docker.elastic.co/observability/stream:v0.22.0
image: docker.elastic.co/observability/stream:v0.20.0

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Severity: 🔵 Low confidence: medium path: packages/wiz/_dev/deploy/docker/docker-compose.yml:4

docker-compose downgrades the elastic/stream mock image from v0.22.0 to v0.20.0 for every service; this looks like an unintended regression — keep v0.22.0.

Details

This PR changes docker.elastic.co/observability/stream from v0.22.0 to v0.20.0 on all eight services (wiz-audit, wiz-cloud_configuration_finding, wiz-cloud_configuration_finding_full_posture, wiz-issue, wiz-vulnerability, wiz-defend-no-auth, wiz-defend-basic, wiz-defend-token) as well as the newly added wiz-defend_v2 service. The change is unrelated to adding the defend_v2 data stream and downgrades the mock HTTP server used by system tests for the whole package, which appears accidental (e.g. copied from an older base). This is dev/test-only infrastructure and does not affect the shipped package, but the downgrade should be reverted to avoid an unintended regression in the test harness.

Recommendation:

Keep the existing stream image version on all services, including the new wiz-defend_v2 service:

  wiz-defend_v2:
    image: docker.elastic.co/observability/stream:v0.22.0
    hostname: wiz-defend_v2
    ports:
      - 8090
    volumes:
      - ./files:/files:ro
    environment:
      PORT: '8090'
    command:
      - http-server
      - --addr=:8090
      - --config=/files/config-defend_v2.yml

🤖 AI-Generated Review | Vera Review Bot | 📚 Knowledge base: integration-skills

⚠️ Automated review — verify suggestions before applying.

hostname: wiz-audit
ports:
- 8090
Expand All @@ -14,7 +14,7 @@ services:
- --addr=:8090
- --config=/files/config-audit.yml
wiz-cloud_configuration_finding:
image: docker.elastic.co/observability/stream:v0.22.0
image: docker.elastic.co/observability/stream:v0.20.0
hostname: wiz-cloud_configuration_finding
ports:
- 8090
Expand All @@ -27,7 +27,7 @@ services:
- --addr=:8090
- --config=/files/config-cloud_configuration_finding.yml
wiz-cloud_configuration_finding_full_posture:
image: docker.elastic.co/observability/stream:v0.22.0
image: docker.elastic.co/observability/stream:v0.20.0
hostname: wiz-cloud_configuration_finding_full_posture
ports:
- 8090
Expand All @@ -40,7 +40,7 @@ services:
- --addr=:8090
- --config=/files/config-cloud_configuration_finding_full_posture.yml
wiz-issue:
image: docker.elastic.co/observability/stream:v0.22.0
image: docker.elastic.co/observability/stream:v0.20.0
hostname: wiz-issue
ports:
- 8090
Expand All @@ -53,7 +53,7 @@ services:
- --addr=:8090
- --config=/files/config-issue.yml
wiz-vulnerability:
image: docker.elastic.co/observability/stream:v0.22.0
image: docker.elastic.co/observability/stream:v0.20.0
hostname: wiz-vulnerability
ports:
- 8090
Expand All @@ -65,8 +65,21 @@ services:
- http-server
- --addr=:8090
- --config=/files/config-vulnerability.yml
wiz-defend_v2:
image: docker.elastic.co/observability/stream:v0.20.0
hostname: wiz-defend_v2
ports:
- 8090
volumes:
- ./files:/files:ro
environment:
PORT: '8090'
command:
- http-server
- --addr=:8090
- --config=/files/config-defend_v2.yml
wiz-defend-no-auth:
image: docker.elastic.co/observability/stream:v0.22.0
image: docker.elastic.co/observability/stream:v0.20.0
volumes:
- ./sample_logs:/sample_logs:ro
environment:
Expand All @@ -75,7 +88,7 @@ services:
- STREAM_ADDR=http://elastic-agent:9588/
command: log --start-signal=SIGHUP --delay=5s /sample_logs/defend.log
wiz-defend-basic:
image: docker.elastic.co/observability/stream:v0.22.0
image: docker.elastic.co/observability/stream:v0.20.0
volumes:
- ./sample_logs:/sample_logs:ro
environment:
Expand All @@ -86,7 +99,7 @@ services:
- STREAM_PASSWORD=xxxx
command: log --start-signal=SIGHUP --webhook-username=testuser --webhook-password=xxxx --delay=5s /sample_logs/defend.log
wiz-defend-token:
image: docker.elastic.co/observability/stream:v0.22.0
image: docker.elastic.co/observability/stream:v0.20.0
volumes:
- ./sample_logs:/sample_logs:ro
environment:
Expand Down
Loading
Loading