Docs
Start typing to search…

WIZ

The Bright - Wiz integration sends Bright DAST vulnerability findings to Wiz so they can be correlated with assets and other security signals in Wiz. Once configured, Bright periodically uploads findings data to Wiz using Wiz’s External Data Ingestion API.

Prerequisites

Before configuring the integration, make sure you have:

  • A Bright account with integration permissions
  • A Wiz account
  • Permission in Wiz to create Service Accounts

Step 1: Create a Service Account in Wiz

  1. Log in to Wiz.
  2. Navigate to: Settings → Service Accounts
  3. Create a new service account.
  4. Recommended name: Bright DAST Integration
  5. Assign the following permission: create:external_data_ingestion

Once the account is created, copy the following values:

  • Client ID
  • Client Secret
  • API Endpoint

Wiz documentation: https://docs.wiz.io/dev/intro-to-win#for-wiz-customers


Step 2: Configure the Integration in Bright

  1. Log in to Bright.
  2. Navigate to the “Organization Settings” page
  3. Click the “Integrations” tab
  4. In the “Integration” widget, click the 3-dots button for the Wiz integration
  5. Select the “Settings” menu item
  6. FIll in:
    1. Client ID
    2. Client Secret
    3. Wiz API Endpoint input fields
  7. Click “Connect” button

If the credentials are valid, Bright will confirm that the connection was successfully established.

The integration is now configured across the organization

How the Integration Works

  1. After setup, Bright automatically sends vulnerability findings to Wiz.
  2. Bright prepares a report containing the vulnerabilities detected during scans.
  3. This report is automatically uploaded to Wiz as a daily snapshot of all vulnerabilities within all projects in the org.
  4. Wiz analyzes the data and associates the findings with the relevant cloud asset.
  5. The vulnerability will appear in the Wiz dashboard as a security issue.

Vulnerability Lifecycle

The integration also updates vulnerability status automatically.

Example Workflow

  • Bright detects a SQL Injection vulnerability
  • The finding is sent to Wiz
  • Wiz displays the vulnerability as Open

Later:

  • The developer fixes the issue
  • A new Bright scan runs
  • The vulnerability is no longer detected
  • Bright sends a new report
  • Wiz marks the vulnerability as Resolved

This ensures vulnerability status stays synchronized between the platforms.

Data Sync Behavior

  • Bright sends one daily snapshot of findings
  • Only new or recurring vulnerabilities are included
  • This prevents exceeding Wiz ingestion limits
  • Wiz may take up to 24 hours to process the data after it is received.

Expected Result in Wiz

After integration, Security teams will see:

  • Bright vulnerabilities inside Wiz dashboards
  • Asset correlation
  • Vulnerability lifecycle tracking
  • Centralized security posture across tools

Troubleshooting

If the integration does not work:

  1. Make sure the following values are correct:
  • Client ID
  • Client Secret
  • API Endpoint
  1. Check Permissions
  • The service account must include: create:external_data_ingestion
  1. Check Scan Activity
  • The integration only sends data after scans are executed. If no scans run, no data will appear in Wiz.

Updated 16 minutes ago