View Wiz Vulnerability and Risk Information
After you have onboarded Wiz, navigate to the Inventory page and search for a virtual machine resource.
Note
Risks are only visible for virtual machines.
Note the following information:
Only accounts and subscriptions that have been onboarded to Illumio CloudSecure and Wiz will be able to view the issues and vulnerabilities in Illumio.
You will only see risks for workloads that are in subscriptions that have been onboarded to Illumio CloudSecure and that are part of the Wiz projects that the onboarded service account has access to.
Drill down on the resource and then click the Risks tab to display more information about the detected vulnerability.
Click the CVE number to view more information about the vulnerability. This information comes from the National Institute of Standards and Technology (NIST)'s Common Vulnerability Scoring System (CVSS). The risks are scored as follows:
Risk Score | Risk Level |
|---|---|
0.1 to 3.9 | Low |
4.0 to 6.9 | Medium |
7.0 to 8.9 | High |
9.0 to 10.0 | Critical |
The Wiz application detects the vulnerability and the component or resource that it affects and then associates the issue with the CVSS number.
For more information about NIST vulnerability scores, see NVD Dashboard.
Click the Wiz Issues tab to view vulnerability issues that have been detected for resources in your network.
After you have viewed the information in the Vulnerabilities and Risks tabs, you have visibility into workload vulnerabilities and you can also write policies to secure your vulnerable resources.