Add new vulnerability information in Wiz Ocean integration
R
Rubén Soleto
We want to have additional properties in the Wiz Ocean integration
We want to change the mapping and return it for doing the proper mapping in the integration.
*
we would like to have vulnerableAsset information for all the VulnerableAssetsTypes
.A full example of VulnerableAsset for ContainerImages and a small subset for the rest of the other types are seen in the code snippet below:
query VulnerabilityFindingsTable(
$filterBy: VulnerabilityFindingFilters
$first: Int
$after: String
$orderBy: VulnerabilityFindingOrder
) {
vulnerabilityFindings(
filterBy: $filterBy
first: $first
after: $after
orderBy: $orderBy
) {
nodes {
id
severity
categories
version
detectionMethod
score
status
description
resolvedAt
updatedAt
firstDetectedAt
publishedDate
remediation
environments
link
vulnerabilityExternalId
portalUrl
origin
CVEDescription
name
detailedName
artifactType {
group
ciComponent
custom
plugin
osPackageManager
codeLibraryLanguage
}
hasFix
hasExploit
isHighProfileThreat
projects {
id
name
}
rootComponent {
name
}
applicationServices {
id
}
vulnerableAsset {
... on VulnerableAssetBase {
id
type
name
cloudPlatform
subscriptionName
subscriptionExternalId
nativeType
}
... on VulnerableAssetVirtualMachine {
id
type
name
cloudPlatform
operatingSystem
nativeType
}
... on VulnerableAssetContainerImage {
Core identification fields
id
type
name
cloudPlatform
Subscription/Account information
subscriptionName
subscriptionExternalId
subscriptionId
Resource metadata
tags
nativeType
Network exposure fields
hasLimitedInternetExposure
hasWideInternetExposure
isAccessibleFromVPN
isAccessibleFromOtherVnets
isAccessibleFromOtherSubscriptions
Container-specific fields
repository {
name
}
registry {
name
}
scanSource
Execution context (where the image is running)
executionControllers {
id
entityType
externalId
providerUniqueId
name
subscriptionExternalId
subscriptionId
subscriptionName
ancestors {
id
name
entityType
externalId
providerUniqueId
}
}
Additional fields from Splunk integration
imageId
region
providerUniqueId
cloudProviderURL
status
}
... on VulnerableAssetContainer {
id
type
name
cloudPlatform
nativeType
}
... on VulnerableAssetServerless {
id
type
name
cloudPlatform
nativeType
}
... on VulnerableAssetRepositoryBranch {
id
type
name
cloudPlatform
repositoryId
repositoryName
nativeType
}
}
}
pageInfo {
hasNextPage
endCursor
}
}
}
This will allow us to get the additional information we need in our catalog.