Overview
The Wiz integration connects your Wiz environment to Vanta, pulling cloud security findings directly into your compliance program. It is best suited for security and GRC teams that use Wiz to manage cloud vulnerabilities, misconfigurations, and security issues, and who want those findings mapped to compliance controls automatically, without manual exports or context switching.
Estimated setup time: Under 10 minutes
Capabilities
This integration pulls vulnerability data, security issues, configuration findings, and user account information from Wiz into Vanta so they can be tracked, mapped to compliance frameworks, and included in evidence collection. It gives your team a consolidated view of your cloud security posture alongside your compliance program.
Capabilities overview
Resource / Capability | Supported | How it is used in Vanta |
Vulnerability findings | Yes | Imported as vulnerabilities; filterable by severity and mapped to compliance controls |
Security issues / alerts | Yes | Synced as security alerts. Only issues with status OPEN and severity Critical, High, or Medium are imported |
Configuration findings | Yes | Synced as security alerts; maps cloud misconfigurations to compliance standards |
User accounts | Yes | Imported for access reviews and personnel tracking |
Asset data | Yes | Resources monitored for vulnerabilities, imported as assets
Note: These are fetched automatically when Vulnerability Management or Issues is enabled. |
Compliance framework mapping | Yes | Findings are automatically mapped to relevant compliance controls |
Deprovisioning through Vanta | No | Write-back is not supported for this integration |
Network / egress monitoring | No | Out of scope for this integration |
Full access management data | No | Use an IDP or cloud provider integration for this |
Data synchronization
Data type | Refresh frequency |
Vulnerability data | Every 8 hours |
Security issues | Every 24 hours |
Configuration findings | Every 24 hours |
User accounts | Approximately hourly |
Asset data | Approximately hourly |
Prerequisites
Before starting setup, confirm the following:
You have a Vanta admin account.
You have an active Wiz subscription with administrative access.
You have created a Wiz service account with the following permissions:
create:reports- For creating vulnerability reportsread:reports- For accessing vulnerability dataread:users- For user information accessread:user_accounts- For user account detailsread:cloud_configuration- For Configuration Finding accessread:resources- For asset inventory access
You know your Wiz tenant region (for example:
us1,us2,eu1,eu2).
đź’ˇ Tip: For best results, grant only the scopes listed here.
⚠️ Note: If your Wiz service account is scoped to a specific Wiz project rather than all resources, the integration may fail to connect or may not fetch all data. The recommended approach is to grant the service account access to all Wiz resources and projects, then use the optional Project ID field in Vanta to filter down to a specific project.
Setup guide
Step 1: Find the Wiz integration in Vanta
In Vanta, go to Integrations and click Add integration. For more information, see Integrations Page.
Search for Wiz and click on the integration tile.
Click Connect.
Step 2: Select the Wiz products you want to sync
Choose which Wiz data you want to pull into Vanta:
Vulnerability Management - Syncs vulnerability findings and asset data
Issues - Syncs security alerts and issues
Configuration Findings - Syncs cloud misconfiguration findings as security alerts
⚠️ Note: Only configuration finding with status OPEN and result FAIL, ERROR, or NOT_ASSESSED are imported.
User Accounts - Syncs Wiz user account data
ℹ️ Note: You can enable one or more products. Each product corresponds to a specific data type in Vanta and requires the relevant permissions on your Wiz service account.
Step 3: Enter your Wiz credentials
Enter your Connection Name (this will help you differentiate between multiple connections to the same Wiz integration).
Optionally, enter a Project ID if you want to limit data syncing to a specific Wiz project. This must be the project's UUID, not the project's display name. Leave blank to fetch data from all accessible projects in your organization.
Select your Tenant Region (for example:
us1,us2,eu1,eu2).Enter your Wiz Client ID and Client Secret from your Wiz service account.
Step 4: Confirm the connection
After saving your credentials, the Wiz integration should appear as Connected in your Vanta integrations list.
Vanta begins an initial sync immediately. Depending on the volume of data in your Wiz environment, the initial sync may take several minutes to complete.
Permissions
Read access
Vanta uses the service account credentials you provide to read vulnerability findings, security issues, configuration findings, user accounts, and asset data from Wiz.
Write access
There is no write access. Vanta does not modify, reassign, or delete any data in Wiz.
Troubleshooting and FAQs
Connection fails: permissions or validation error
Likely cause: The Wiz service account is missing one or more required permissions, has extra permissions beyond what is listed, or the incorrect tenant region was entered.
How to confirm: Double-check that the service account has exactly these scopes:
create:reports,read:reports,read:resources,read:users,read:user_accounts,read:cloud_configuration. Confirm the tenant region matches your Wiz environment (for example,us1oreu2, not a custom domain or subdomain). Extra or incorrectly named scopes can cause validation errors even when the intended permissions are present.Fix: Update the service account in Wiz to match the required scopes exactly, then re-enter credentials in Vanta.
The integration is connected but no data is appearing
Likely cause: No Wiz products were selected during setup, the service account is scoped to a specific project that does not contain data, or the initial sync has not completed.
How to confirm: In Vanta, go to Integrations, find the Connected Wiz integration, click Manage and then Edit. Confirm that at least one product (Vulnerability Management, Issues, Configuration Findings, or User Accounts) is selected. Check that the integration status shows Connected and not a pending or error state.
Fix: If no products are selected, edit the integration to enable the desired data types. If the service account is project-scoped, follow the recommended approach in Prerequisites.
Configuration findings are not appearing in Vanta
Likely cause: The Configuration Findings product was not selected during setup, or the
read:cloud_configurationscope is missing from the Wiz service account.How to confirm: In Vanta, check the Wiz integration settings to confirm Configuration Findings is enabled. Verify the service account includes the
read:cloud_configurationpermission.Fix: Enable Configuration Findings in your Wiz integration settings in Vanta and ensure the service account has the
read:cloud_configurationscope. Data will appear after the next scheduled sync.
Connection fails with an "invalid characters" error
Likely cause: The client secret contains invisible formatting characters. This can happen when copying the secret from a rich-text source like a PDF, email, or password manager that adds hidden characters.
How to confirm: Look for an error message that says "Client secret contains invalid characters."
Fix: Open a plain-text editor (like Notepad or TextEdit in plain-text mode), paste the client secret there, then re-copy it from the plain-text editor and paste it into Vanta. If the issue persists, retype the secret manually in Vanta.