1. Introduction
In this article, we’ll walk you through how to set up and manage your integration with WIZ. WIZ is a leading cloud security platform that continuously scans your cloud environments to detect misconfigurations, vulnerabilities, and potential risks. It helps organizations prioritize what matters most by focusing on the issues and vulnerabilities that pose real threats to business assets.
2. Prerequisites
Before starting the integration, it’s important to make sure you have everything prepared. You’ll need to provide a service account in WIZ with the appropriate permissions, as this account will be used to establish the connection between WIZ and Hyver. The integration relies on an authentication process — a secure way for Hyver to verify that it has permission to access data from your WIZ account. In practice, this means supplying valid credentials so Hyver can safely connect to WIZ and retrieve issues and vulnerabilities.
To get started, you must get the following from WIZ. Please follow the instructions in the WIZ documentation to get the following details*:
Client ID from WIZ
Client secret from WIZ
WIZ API URL (required to configure authentication in Hyver)
*Later in this article, we’ll see exactly how to configure each of these details in practice.
Required IP Addresses
For the integration to work smoothly, you may need to allow traffic from Hyver’s servers in your firewall or network configuration. This ensures that Hyver can securely connect to your environment and perform scans without being blocked.
Depending on your region and the type of scan, add the following IP addresses:
General IPs:
Europe →
18.198.79.197America →
52.1.10.176,35.171.70.87
IPs for Azure and AWS Scans:
Europe →
18.158.77.90America →
34.206.252.13
In most cases, you only need to add the IPs relevant to your region and use case.
Multi-Company Dashboard and Integrations
This section explains how Hyver’s Multi-Company Dashboard works in general, and how integrations behave when used in a Multi-Company setup.
What is the Multi-Company Dashboard?
Hyver’s Multi-Company Dashboard is designed for large enterprises with multiple subsidiaries. It gives you:
A centralized view of cybersecurity risk across the entire organization
Key metrics like exposure, cost of breach, and maturity scores
The ability to switch between subsidiaries and view their individual data
Parent admins and power users can view aggregated and subsidiary-level risk, while detailed findings remain visible only to members of the specific subsidiary
Data that updates in real time
To enable Multi-Company, contact your CYE Technical Account Manager.
How Integrations Work in Multi-Company
Here’s the important part:
Integrations are created only at the subsidiary level
Findings from an integration appear only in that subsidiary’s dashboards and reports
Parent companies cannot create integrations — they can only view the aggregated results
Best Practices for Combining Integrations with Multi-Company
To get the most out of Multi-Company with integrations, we recommend:
Each subsidiary should create its own integration, using credentials that only grant access to data relevant to that subsidiary
In some cases, it’s useful to also have a dedicated “General” company, which holds findings that apply to the entire enterprise and cannot be tied to a single subsidiary
The parent company then combines these insights and metrics from all subsidiaries and the General company — but remember, integrations cannot be connected directly to the parent company.
3. Configuring on the WIZ Side
Retrieve the Authentication Details from WIZ
Connection Details from WIZ
At this stage, we’ll focus on how to obtain the connection details you’ll need in Hyver, as outlined in the prerequisites:
Client ID from WIZ
Client Secret from WIZ
WIZ API URL (required for authentication in Hyver)
Client ID and Client Secret
To generate these, you’ll first need to create a service account in WIZ. Here’s how:
Log in to WIZ with a Project Admin role.
Open the Settings menu (top-right corner).
In the left-hand menu, select Service Accounts.
Click Add Service Account.
Enter a name for the service account.
Under Type, choose Custom Integration (GraphQL API).
From the Project drop-down, select the project(s) containing the resources you want to sync issues from.
In the API Scopes, select read:issues only.
Click Add Service Account at the bottom.
Once complete, WIZ will display the Client ID and Client Secret.
WIZ API URL
To find the API URL in WIZ:
Log in to your WIZ account.
Click the User Profile icon (top-right corner) and select User Settings.
From the left-hand menu, select Tenant.
The API Endpoint URL will be displayed on this page.
Assign the correct permissions
To enable the integration, you’ll need to assign the correct permissions to the Hyver service account in WIZ. These permissions ensure that Hyver can securely access the issues and vulnerabilities data required for analysis. Without the right permissions, the integration will not function properly.
Configure a User in WIZ with These Permissions:
create:reportsread:reportsupdate:reportsread:vulnerabilitiesread:issuesread:threat_issues
Important Limitation:
To ensure data collection works properly, the WIZ service account used for the integration must have access to all projects in your WIZ account. If the account is restricted to only certain projects, Hyver’s data requests may fail, and findings will not be retrieved.
Also, ensure that you leave the Projects optional field empty:
4. Configuring in Hyver
On the Hyver side, completing the integration is a simple and straightforward process. All you need to do is take the relevant details from WIZ and enter them into the corresponding fields in Hyver. Once these fields are filled in correctly, the connection between the two platforms is established and ready to use.
Now, authenticate to WIZ:
Go to Settings > Integrations and click Add integration on the WIZ integration tile:
Enter an integration name.
Enter the WIZ API URL.
Enter the client ID from WIZ.
Enter the client secret from WIZ.
Then:
Click Verify connection to test the connection to WIZ.
Click Save to save your configuration. This also tests the connection by default when you save.
5. Viewing Results
Once the integration is up and running, the findings collected from WIZ appear on the Findings page in Hyver. From there, you can review the issues and vulnerabilities detected, track their status, and explore how they connect to your business assets. This view lets you easily manage and prioritize findings as part of your overall risk analysis.
Search for Findings by Source
Use the findings filter to filter by various finding fields such as sources or creation date:
For example:
Select a source such as WIZ (if it exists).
Add a creation date filter to refine the output.
If you do not see findings populated after some time, please verify connectivity to Wiz.
Collected Endpoints in WIZ
When Hyver integrates with WIZ, it collects data from specific WIZ “endpoints.” These endpoints are simply categories of information that WIZ makes available through its API. For this integration, the relevant endpoints are:
Vulnerabilities (VM, container, container image, repo branch, serverless)
These are security weaknesses detected in different types of cloud resources. For example:Virtual machines (VMs): traditional compute resources in the cloud.
Containers and container images: lightweight application packages and the base images they’re built from.
Repo branches: branches of source code repositories, where vulnerabilities in dependencies may appear.
Serverless: functions or applications running without dedicated servers, which can also contain security flaws.
Issues
These are broader security findings reported by WIZ, often covering misconfigurations or risks that aren’t strictly software vulnerabilities. For example, overly permissive access settings or unencrypted storage.
6. Auto-Fix Statuses
When possible, Hyver automatically updates the status of remediation assets (such as servers or settings) once they are fixed or removed in the source system — no manual updates needed. The status of a finding is determined by the status of its remediation assets. This integration supports Auto-fix for WIZ issues findings only (which make up most of the findings). It does not support Auto-fix for WIZ vulnerabilities.
7. Types of Fetched Entities
In this section, we will understand what types of findings are involved in the WIZ integration. We will also review the mapping logic behind the integration mechanism, and see how Hyver handles the findings it receives from WIZ.
WIZ Findings
WIZ vulnerabilities and misconfigurations are added as findings in Hyver. Findings are added to the Integration with external tools engagement.
Mapping Logic
Some WIZ findings are mapped to findings in Hyver.
Some are added directly to Hyver.
Hyver maps CVEs (from the "vulnerabilities" API) from WIZ to the Usage of Outdated and Vulnerable Technologies finding.
How Hyver Handles WIZ Findings (and Why)
Hyver’s goal is to map incoming findings to its own taxonomy whenever possible.
CVEs retrieved via WIZ’s “vulnerabilities” API are mapped to the Usage of Outdated and Vulnerable Technologies finding in Hyver.
This category is intended to centralize all CVEs across the organization.
Findings from WIZ’s “issues” API are:
Ingested directly
Enriched with NIST mapping
When no direct Hyver match exists, the finding is still useful by aligning it with the NIST Cybersecurity Framework.
Adding NIST mapping helps findings contribute to your organization's:
Maturity score
Overall risk analysis
This approach:
Maintains consistency across dashboards, risk models, and reports
Ensures every finding is actionable
You should continue to follow Hyver's Recommended Priority for triaging findings.
The prioritization logic remains consistent—regardless of whether a finding is mapped to a native Hyver category or added directly from WIZ.
8. Deleting the Integration
You can delete or edit this integration:
Deleting the Integration
Following the setup of an integration, you can delete an integration:
Click the Delete integration button, and confirm that you want to delete the integration.
When you delete an integration in Hyver, the connection is immediately terminated. No new data from the deleted integration is ingested or processed, and the existing data in Hyver is retained.
Note on Deleting the WIZ Integration:
WIZ is a unique integration in that it leaves behind what we call a "residue" even after it’s been deleted from Hyver. Specifically, this refers to two reports that were created as part of the data collection process.
Hyver gathers information from WIZ using these two reports, which are generated and stored on the WIZ side, under the Reports section. The reports are named:
Hyver Vuln report
Hyver Issues report
Once you delete the integration from Hyver, you can go ahead and delete these reports from WIZ if you choose to — but this step is entirely optional.
Not deleting the reports has no impact or consequences, but it’s still useful to be aware that they remain in your WIZ account unless removed manually.
Editing the Integration
Following the setup of an integration, you can edit an integration:
Click the Edit Integration button, make changes, and click Save.
9. FAQ
If a WIZ integration finding is manually changed from Open to Fixed or Acceptable Risk, what status will it have after the next run?
The finding’s status will be automatically updated during the next run.If a remediation asset in the WIZ integration is manually changed from Open to Fixed or Acceptable Risk, what status will it have after the next run?
The remediation asset’s status will be automatically updated during the next run.
Wrap-up
In this guide, we walked through the full process of integrating WIZ with Hyver — from setting up the connection with the correct service account and permissions, to understanding the specific data collected. We also covered what happens when the integration is deleted and what to do with the remaining reports on the WIZ side. With everything in place, your integration should run smoothly and support your security analysis with accurate, relevant data.