Wiz Audit Logs connector reference

Beta

This feature is in Beta. Workspace admins can control access to this feature from the Previews page. See Manage Databricks previews.

This page has reference information for the managed Wiz Audit Logs connector, including supported source tables and destination table schemas.

Supported source tables

The Wiz Audit Logs connector supports the following source tables, all under the default source schema. Every table supports incremental ingestion.

Source table	Description	Incremental ingestion
`audit_log_entries`	Audit log entries for your Wiz tenant, such as user actions, service account activity, and configuration changes.	Supported
`issues`	Wiz issues representing risks detected in your cloud environment, including status, severity, and affected resources.	Supported
`vulnerability_findings`	Vulnerability findings detected across your cloud assets, including severity, CVE details, and remediation guidance.	Supported

Destination table schemas

All tables use lw_id as the primary key and use liquid clustering on the time column.

`audit_log_entries`

Field	Data type
`lw_id`	`string`
`time`	`timestamp`
`id`	`string`
`action`	`string`
`requestId`	`string`
`status`	`string`
`timestamp`	`timestamp`
`actionParameters`	`string`
`userAgent`	`string`
`sourceIP`	`string`
`serviceAccount`	`struct<id: string, name: string>`
`user`	`struct<id: string, name: string>`

`issues`

Field	Data type
`lw_id`	`string`
`time`	`timestamp`
`id`	`string`
`sourceRule`	`string`
`createdAt`	`timestamp`
`updatedAt`	`timestamp`
`dueAt`	`timestamp`
`type`	`string`
`resolvedAt`	`timestamp`
`statusChangedAt`	`timestamp`
`projects`	`array<struct<id: string, name: string, slug: string, businessUnit: string, riskProfile: string>>`
`status`	`string`
`severity`	`string`
`entitySnapshot`	`string`
`serviceTickets`	`string`
`notes`	`string`

`vulnerability_findings`

Field	Data type
`lw_id`	`string`
`time`	`timestamp`
`id`	`string`
`portalUrl`	`string`
`name`	`string`
`CVEDescription`	`string`
`CVSSSeverity`	`string`
`score`	`double`
`exploitabilityScore`	`double`
`impactScore`	`double`
`dataSourceName`	`string`
`hasExploit`	`boolean`
`hasCisaKevExploit`	`boolean`
`status`	`string`
`vendorSeverity`	`string`
`firstDetectedAt`	`timestamp`
`lastDetectedAt`	`timestamp`
`updatedAt`	`timestamp`
`resolvedAt`	`timestamp`
`description`	`string`
`remediation`	`string`
`detailedName`	`string`
`version`	`string`
`fixedVersion`	`string`
`detectionMethod`	`string`
`link`	`string`
`locationPath`	`string`
`resolutionReason`	`string`
`epssSeverity`	`string`
`epssPercentile`	`double`
`epssProbability`	`double`
`validatedInRuntime`	`string`
`layerMetadata`	`string`
`projects`	`array<struct<id: string, name: string, slug: string, businessUnit: string>>`
`ignoreRules`	`array<struct<id: string, name: string, enabled: boolean>>`
`vulnerableAsset`	`string`

Required Wiz service account permissions

The Wiz service account must have read access to the audit log entries, issues, and vulnerability findings you want to ingest. For details, see Configure authentication to Wiz.

Supported source tables​

Destination table schemas​

audit_log_entries​

issues​

vulnerability_findings​

Required Wiz service account permissions​