--- title: "Wiz integration" slug: "wiz-integration" description: "Integrate Wiz and Traceable for robust cloud security. Wiz scans AWS, Azure, GCP, and Kubernetes, providing full visibility across VMs, containers, and serverless functions. Traceable secures APIs, identifying and mapping threats to the Traceable Threat Activity screens, allowing for comprehensive risk assessment. Configure with Wiz client ID and secret in Traceable, ensure permissions, and set notifications to push or pull issues." updated: 2025-08-19T09:49:34Z published: 2025-08-19T09:49:34Z --- > ## Documentation Index > Fetch the complete documentation index at: https://traceabledocs.document360.io/llms.txt > Use this file to discover all available pages before exploring further. # Wiz integration Wiz scans every layer of your cloud environment to provide complete visibility into every technology running in the cloud. Wiz connects to AWS, Azure, GCP, and Kubernetes using APIs across virtual machines, containers, and serverless functions. Traceable protects APIs hosted in this infrastructure and implements application business logic. As part of the integration, Traceable identifies threats for each APIs. These threats and issues in Wiz can be mapped directly in the Traceable Threat Activity screens. This allows you to understand the overall risks for the cloud-native application across API, Kubernetes, serverless, and underlying infrastructure. Infosec teams can accordingly prioritize addressing the threats at both layers, depending on overall risk. To integrate Traceable with Wiz, you need the client ID and secret of the Wiz account. Traceable maps Kubernetes instances, services, VMs, and so on by utilizing the information our tracing agents capture at runtime to query Wiz for the relevant resources. This ensures you do not have to track the resources these APIs are running to understand the overall risk. Traceable allows you to pull Wiz-identified issues or push Traceable-identified issues to Wiz. > [!NOTE] > Note > > The Wiz integration supports services deployed as VMs and instrumented using Traceable’s eBPF agent. --- ## Before you begin Make a note of the following before proceeding with Wiz integration: - Ensure you have access to Wiz Client ID and Wiz Secret Access Key from the Wiz management console. - Ensure you have the information on relevant services in Traceable, which has cloud resources visible in the Wiz Console. - Ensure you have read and completed the steps mentioned in the [Wiz documentation](https://docs.wiz.io/wiz-docs/docs/traceable-integration) for integration with Traceable. - Ensure that Traceable has the following permissions in Wiz: - Push notifications —**System Activities**and**External Data Ingestion** permissions. - Pull issues — **Resources**and **Issues**permissions. The document assumes that you have reasonable knowledge of the Wiz management console, such as how to look for containers, VMs, and serverless functions under the overview tab. --- ## Configuration To configure Wiz integration in Traceable, log into your Traceable account and complete the following steps: 1. Navigate to the **Integrations**dashboard. ![traceable_wiz_integration_dashboard](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_wiz_integration_dashboard(3).png) 2. Click on **Configure**to enter the configuration details: - **API Endpoint URL**— The Wiz Integration API has a single GraphQL endpoint, such as [https://api..app.wiz.io/graphql](https://api.<region>.app.wiz.io/graphql). The region defines where the tenant resides, for example, us1, us2, eu1, or eu2. - **Token URL**— The token URL is an Auth0 or Amazon Cognito endpoint, depending on your service account's identity provider. - **Client ID and secret**— These are the OAuth credentials required to request a new API token with every API call. A token lasts 24 hours. 3. Choose whether to pull the issues from Wiz, push, or both. 4. Click on **Test Connection** to see whether Traceable can integrate with Wiz with the given credentials. If the connection fails, an error message is displayed. In case of an error, check the credentials you entered. The **Save** button is enabled only when the test connection succeeds. ![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/image-1719473557736.png) --- ## Push events to Wiz Traceable can push events based on the configuration that you completed above. You can view these events under **Protection** → **Threat activity**. The events that are pushed to Wiz are of the following two types: - Logged threat activity - Blocked threat activity To push the events to Wiz, you need to set up notifications. Complete the following steps: 1. Navigate to **Settings**→ **Configurations**→ **Notifications**. 2. Click **Create Notification** to create a new notification. 3. Select **Wiz Integration** from the *Who should receive the notification* drop-down list on the Create Notification page. ![traceable_wiz_integration_notification_select_channel](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_wiz_integration_notification_select_channel.png) 4. Select Logged Threat Activity or Blocked Threat Activity from the **Category** drop-down list. > [!NOTE] > Note > > You can create two different notifications, one each for Logged and Blocked threat activity. 5. Configure the remaining options and click **Save**. Traceable sends a maximum of 250 events in the 24-hour time window, representing the total count of logged and blocked threat activity. You can view these events in the Cloud Events section of Wiz. > [!NOTE] > Note > > You need to configure **Notifications** only to push events to Wiz. The pulling of issues from Wiz happens automatically. You can view the events pushed to Wiz by navigating to **Cloud Events** as shown below: ![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_wiz_integration_push_event_in_wiz.png) --- ## Pull issues from Wiz You can view the Wiz issues in Traceable by navigating to **Protection → APIs Under Threat**. To list the Wiz issues in Traceable, group by **Service Name**, as shown in the screenshot below. ![traceable_wiz_issues_in_traceable(1)](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_wiz_issues_in_traceable(1).png) You can click on **Wiz** under the **Integrations** column to view the Issues found through Wiz. ![traceable_wiz_integration_pull_events_from_wiz](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_wiz_integration_pull_events_from_wiz.png) Traceable automatically determines which APIs are running on cloud resources that Wiz protects. You can further drill down in details by clicking on any of the service names as shown below: ![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_wiz_issues_in_traceable_detailed_info.png)