search

IBM / IBM-QRadar-Universal-Cloud-REST-API

These workflows are provided for sample usage, new submissions and updates from the community, and are NOT supported by IBM.
46 stars 93 forks source link

Add a Workflow for Wiz vulnerabilities #248

Closed IH4T31BM closed 3 months ago

IH4T31BM commented 4 months ago

Is it possible to add a Workflow to pull Wiz vulnerabilities? aside from wiz issues.

ChrisCollinsIBM commented 3 months ago

Are you looking to get the vulnerabilities into the asset model in QRadar from Wiz? Or just get some type of event generated if new vulnerabilities are found on a host?

The asset APIs for QRadar are currently a bit limited but undergoing some planning for improvements in the near future, and once that happens you could definitely have a UREST workflow that posts assets/vulns instead of events, but at this time those APIs are not in place.

If you're looking for events to be triggered related to vulnerabilities maybe the Wiz contributors @suraj-metron or @solalraveh could offer some info.

IH4T31BM commented 3 months ago

Yes, I'm looking to get regular events when new vulnerabilities are found on a host. Thanks for connecting me with @suraj-metron and @solalraveh :)