# Wiz

{% columns %}
{% column %}
Correlate **Alma runtime telemetry** with **Wiz Cloud Resource IDs** in real time.

When Alma detects an application attack or behavioral anomaly, it streams a high‑fidelity alert into Wiz as an **Issue**.

Alma automatically matches the alert to the exact cloud asset in Wiz.

This makes static findings easier to prioritize. You get exploitability and business impact from real runtime signals.
{% endcolumn %}

{% column %}
![](/files/ONLKFa4b1JVtfHPyI1qX)
{% endcolumn %}
{% endcolumns %}

### How it works

1. Alma observes runtime behavior and detects threats.
2. Alma maps the affected workload to Wiz Cloud Resource IDs.
3. Alma creates a Wiz **Issue** tied to the exact asset.
4. SOC and AppSec triage runtime alerts inside Wiz workflows.

![](/files/4GLiTLgQLwL3Sd53kvwn)

### Prerequisites

1. **Alma Security account**
   * Active account.
   * Permissions to manage integrations.
2. **Wiz account**
   * API access enabled.
   * A Client ID + Client Secret generated in Wiz.
   * Wiz API URL for your tenant.
   * Use least privilege. Grant only required read scopes.
3. **Network connectivity**
   * Alma’s integration service must reach Wiz APIs over HTTPS.
   * Whitelist required IP ranges if outbound egress is restricted.
4. **Permissions**
   * You need the right role in Wiz.
   * In Wiz, use a service principal or integration role.
   * Wiz API token scopes (least privilege):
     * **Read inventory (assets/resources)**: grant at least one of `read:all` or `read:resources`.
     * **Write events (Issue ingestion)**: grant at least one of:
       * `create:all`
       * `create:external_data_ingestion`
       * `create:security_scans`
       * `write:all`
       * `write:external_data_ingestion`
       * `write:security_scans`
     * **Poll event status**: grant at least one of `read:all` or `read:system_activities`.

### Obtain Wiz credentials

{% stepper %}
{% step %}

### Create a Wiz API token

1. Log in to Wiz as an administrator.
2. Go to **Settings → Integrations → API Tokens**.
3. Create a new token or service account for Alma.
4. Copy:
   * **Client ID**
   * **Client Secret**
   * **API URL** (Wiz API URL)

{% hint style="warning" %}
Grant least-privilege access. Start with read access to assets, vulnerabilities, and configuration findings.
{% endhint %}
{% endstep %}
{% endstepper %}

### Configure the Alma ↔ Wiz integration

{% stepper %}
{% step %}

### Open the Wiz integration in Alma

1. In Alma, open **Integrations**.
2. Find the **Wiz** tile.
3. Confirm the tile shows current sync status.
   {% endstep %}

{% step %}

### Start the connection

1. Click **Connect** on the Wiz tile.
2. Review the permissions dialog.
3. Click **Allow access**.
   {% endstep %}

{% step %}

### Enter Wiz credentials

1. In **Sync Alma with Wiz**, paste:
   * **Wiz API URL**
   * **Client ID**
   * **Client Secret**
2. Click **Connect to Wiz**.

Alma validates the credentials and establishes a secure link.
{% endstep %}

{% step %}

### Verify success

You should see **Successfully connected**.

The Wiz card should now show a **Disconnect** button. That confirms Alma can pull data and stream Issues.
{% endstep %}
{% endstepper %}

### Credential details

* **Wiz API URL**
  * Wiz API endpoint for your tenant/region.
  * Shown in Wiz under **Settings → Integrations → API Tokens**.
* **Client ID**
  * Public identifier for the Wiz API integration.
  * Generated in Wiz under **API Tokens**.
* **Client Secret**
  * Confidential key used to authenticate Alma with Wiz.
  * Generated alongside the Client ID in Wiz.
  * Store securely and rotate regularly.

### Security

* **Encryption**
  * All communication occurs over HTTPS.
  * Credentials are stored encrypted in Alma’s secrets management subsystem.
* **Revocation**
  * In Alma, click **Disconnect** on the Wiz integration tile.
  * In Wiz, revoke or delete the related API token.

### Troubleshooting

* **Authentication errors**
  * Re-check Client ID and Client Secret for typos.
  * Remove hidden characters and trailing spaces.
  * Regenerate the Wiz API token if needed.
* **Data not syncing**
  * Verify outbound HTTPS connectivity to Wiz API endpoints.
  * Check proxy, firewall, and allowlists.
* **Permission issues**
  * Ensure the Wiz token has required read permissions.
  * Missing scopes can cause partial ingestion.
* **Credential rotation**
  * Rotate the Client Secret on a schedule.
  * Update Alma immediately after rotation.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.alma-security.com/integrations/wiz.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.