--- title: Wiz description: Wiz audit logs, issues, vulnerabilities, detections, and threats. breadcrumbs: Docs > Integrations > Wiz --- # Wiz Integration version3.1.1 {% callout %} # Important note for users on the following Datadog sites: app.ddog-gov.com {% alert level="danger" %} This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site). (). {% /alert %} {% /callout %} Wiz Dashboard - Audit LogsWiz Dashboard - DetectionsWiz Dashboard - ThreatsWiz Dashboard - Vulnerabilities ## Overview{% #overview %} Wiz is a cloud-native security platform that identifies and prioritizes risks across your cloud environments. This integration ingests the following data into [Datadog Cloud SIEM](https://www.datadoghq.com/dg/security/siem-solution) through the [Wiz API](https://win.wiz.io/page/home): - **Audit Logs**: Capture key user activity in Wiz, including login events and all mutation actions (such as create, update, delete), supporting investigations and anomaly detection. - **Issues**: Represent active risks detected by Wiz Controls, such as misconfigurations, exposed secrets, identity risks, and toxic combinations. Each issue is linked to a specific resource and includes severity and remediation context. - **Detections**: Enables centralized visibility and automated alerting for cloud security risks by ingesting Wiz findings into your existing detection and response workflows. We also ingest Security Findings into Datadog's [Cloud Security Platform](https://www.datadoghq.com/dg/security/cloud-security-management): - **Vulnerabilities**: Expose weaknesses in software or configuration across cloud resources. Each finding includes metadata like affected packages, versions, severity, and remediation guidance, and is mapped to related issues to help prioritize the most impactful risks. - **Configurations**: Wiz configuration findings are the issues detected during a cloud security scan that highlight misconfigurations, compliance gaps, and potential vulnerabilities in your environment. Use this integration to monitor your cloud security posture in real-time, correlate findings with observability data, and accelerate threat detection and response workflows across teams. ## Data collection methods and frequency{% #data-collection-methods-and-frequency %} ### API-based collection{% #api-based-collection %} - **Audit Logs**: Collected every 12 hours - **Issues (legacy)**: Collected every 12 hours - **Configurations and Vulnerabilities**: Initial backfill followed by daily updates for new or status-changed security findings ### Webhook-based collection (real-time){% #webhook-based-collection-real-time %} - **Issues (recommended)**: Toxic combinations and misconfigurations - **Threats**: Security threats detected in your environment - **Detections**: Security detections requiring investigation ## Setup{% #setup %} ### Configuration{% #configuration %} The Wiz integration offers two configuration methods: - **API Configuration**: For collecting audit logs, configurations, and security findings - **Webhook Configuration**: For collecting issues, threats, and detections in real-time 1. Follow [Wiz's Datadog integration guide](https://docs.wiz.io/docs/datadog-managed-integration) to generate the required values for the Token URL, Query URL, Client ID, and Client Secret fields used to configure the Wiz integration in Datadog. 1. Copy the values you gathered from Wiz into the matching fields in the configuration table below. 1. After saving the configuration, verify data collection. Logs should appear within 15 minutes. The initial Security Findings backfill may take some time to process, but should be available within an hour. ### API-Based Data{% #api-based-data %} - **Audit Logs**: View in [Log Explorer](https://docs.datadoghq.com/logs/explorer/) with `source:wiz` - **Configurations and Vulnerabilities**: View in [Cloud Security Management](https://www.datadoghq.com/dg/security/cloud-security-management) by hovering over **Findings** and selecting either **Misconfigurations** or **Vulnerabilities**, and then searching for `source:wiz` ### Webhook-Based Data{% #webhook-based-data %} View in [Log Explorer](https://docs.datadoghq.com/logs/explorer/) with the following filters: - **Issues**: `source:wiz @trigger.source:issue` - **Detections**: `source:wiz @trigger.source:detection` - **Threats**: `source:wiz @trigger.source:threat` If you don't see your data: 1. Verify your log index configuration in **Logs** > **Indexes** for `source:wiz*`. 1. For webhook data, verify your webhook configuration in Wiz. 1. For API data, verify your service account permissions. ## Data Collected{% #data-collected %} [Wiz Audit Logs](https://win.wiz.io/docs/auditlogs-overview) [Wiz Detections](https://win.wiz.io/docs/detections-webhook) [Wiz Issues](https://win.wiz.io/docs/issues-webhook) [Wiz Threats](https://win.wiz.io/docs/threats-webhook) [Wiz Vulnerabilities](https://win.wiz.io/docs/vuln-overview) ### Metrics{% #metrics %} The Wiz integration does not include any metrics. ### Service Checks{% #service-checks %} The Wiz integration does not include any service checks. ### Events{% #events %} The Wiz integration does not include any events. ### Logs{% #logs %} The Wiz integration collects: - Audit logs (through API) - Vulnerabilities (through API) - Issues (through webhook) - Threats (through webhook) - Detections (through webhook) ## Troubleshooting{% #troubleshooting %} Need help? Contact [Datadog support](https://docs.datadoghq.com/help/) or [Wiz support](https://www.wiz.io/contact).