Integrate Wiz with Contrast

Integrate Contrast with Wiz to send an application's runtime security information to a Wiz deployment.

Polling for Assess vulnerabilities occurs once very 24 hours.

Before you begin

This integration is supported for hosted customers only.
Create a service account in Wiz and copy the Client ID and Client secret as described in Turn on the Contrast integration in Wiz.
Verify that you are using the minimum supported Contrast agent version:
- Java 6.8.0
- .NET Framework 51.0.3
- .NET Core 4.2.19
- Node.js 5.12.0
- PHP 1.35.0
- Python 8.5.0
- Go 6.9.0

In Contrast, go to the user menu and select Organization settings > Integrations.
Under Platform integrations, select Wiz.
In the Credentials tab, specify Wiz credentials:
These credentials connect Contrast with Wiz:
1. Enter these details:
  - Client ID: The Client ID generated when you create a Wiz service account.
  - Client secret: The Client secret generated when you create a Wiz service account.
  - Token URL: Locate the Token URL in the settings page for the Wiz service account.
  - Tenant Data Center: Locate your Tenant Data Center value in the Data Center and Regions tab in the User Avatar (upper-right-hand corner) > Tenant Info page.
2. Select Test connection to verify the credentials are correct.
3. Select Save.
Configure integration settings.
These settings determine the type of information Contrast sends to Wiz.
1. In the Configuration tab, select any of these options:
  - Assess (IAST): This option sends vulnerability information from Contrast Assess.
  - Protect (RASP): This option sends attack information from Contrast Protect.
    This option is reserved for future use.
2. Select Save.
3. Verify that the configuration shows these details:
  - Created at: The date you created the integration configuration.
  - Category: Application Security
  - ID: The Client ID
  - Behavior: Pull, Enrich
  - Status: Active

In this section: