Skip to content

[wiz] Various minor improvements#19203

Merged
chrisberkhout merged 21 commits into
elastic:mainfrom
chrisberkhout:wiz-tidy-up
May 27, 2026
Merged

[wiz] Various minor improvements#19203
chrisberkhout merged 21 commits into
elastic:mainfrom
chrisberkhout:wiz-tidy-up

Conversation

@chrisberkhout
Copy link
Copy Markdown
Contributor

@chrisberkhout chrisberkhout commented May 26, 2026
edited
Loading

Proposed commit message

[wiz] Various minor improvements

- Fix the logo file.

  It was raster data with formatting that wasn't strictly correct. Now
  it's vector data.

- Set the right User-Agent header.

  A workaround for https://github.com/elastic/beats/issues/50867.

- Don't use the demo env URL as a default value.

- Make `cloud_configuration_finding_full_posture`'s 24h interval an
  advanced options.

  That may be helpful for debugging or workarounds.

- Use `updatedAt` rather than `analyzedAt` in queries for cloud
  configuration finding data.

  The `analyzedAt` field remains and is mapped in the same way, but the
  `updatedAt` field is added and that's what's used for query filtering,
  as recommended by Wiz

- Tolerate URLs with a `/graphql` or `/graphql/` path.

  We expect just the base: `https://api.somedc.app.wiz.io`. Wiz provides
  an "API Endpoint" with the path:
  `https://api.somedc.app.wiz.io/graphql`, so that should work too.

- Set a static request rate of 0.5 rps per data stream, increase
  retries.

  Testing shows that 5 rps should be okay (4 rps is fine for 10s, 8 rps
  occasionally returns 429). We have 5 data streams using the GraphQL
  API.  Four run frequently (by default every 5 mins), one is a daily
  sync.
    
  Setting a request rate limit of 0.5 rps for each data stream means we
  should never exceed 2.5 rps in total, and never reach the rate limit.
  
  The only feedback from the server about the rate limit is that it
  responds with 429, with retry-after / reset information, once the
  limit has been exceeded. If a 429 response is received, the input will
  retry the request, respecting the retry-after period.
  
  We set a conservative static rate because the different data streams
  are unable to coordinate on the client side, and they receive no
  request budget feedback from the server side until its too late.
  
  We don't expect retries, but since they are possible due to rate
  limiting rather than just request or server errors, the maximum number
  of retry attempts is raised from 5 to 10.

- Make Token URL a non-advanced setting.

  Since apparently it can vary, and will be provided by Wiz along with
  the API Endpoint and credentials.

- Tell the user the interval setting 'must be 5m or longer'.

- Add a screenshot of the policy editor UI.

  This was specifically requested by Wiz.

- README: Clarify information about transforms and their outputs.

- Dashboards: Use panel-level filters, fix the nav/overview panel
  formatting, and some other minor tidying.

Note to reviewers

This is best read commit-by-commit.

It's batch of updates based on discussion with Wiz and a general review of the current state.

I'm open to breaking it into multiple PRs, if you think that's worthwhile.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

@chrisberkhout
Fix logo file.
8bcf3b7 
The logo was not showing in Firefox because it had embedded base64
encoded PNG data that was formatted with whitespace that isn't strictly
allowed.

Replaced with an actual vector version of the logo.
@chrisberkhout
Set the right User-Agent header.
33acc29 
This is a workaround for elastic/beats#50867.
@chrisberkhout
Don't use the demo env URL as a default value.
df492e1
@chrisberkhout
Make cloud_configuration_finding_full_posture's 24h interval configur…
621ef53 
…able as an advanced options. May be helpful for debugging or workarounds.
@chrisberkhout chrisberkhout self-assigned this May 26, 2026
@chrisberkhout chrisberkhout requested review from a team as code owners May 26, 2026 10:31
@chrisberkhout chrisberkhout added enhancement New feature or request bugfix Pull request that fixes a bug issue Integration:wiz Wiz Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels May 26, 2026
@infra-vault-gh-plugin-prod
Copy link
Copy Markdown

infra-vault-gh-plugin-prod Bot commented May 26, 2026

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 26, 2026
edited
Loading

✅ Vale Linting Results

No issues found on modified lines!

The Vale linter checks documentation changes against the Elastic Docs style guide.

To use Vale locally or report issues, refer to Elastic style guide for Vale.

@andrewkroh andrewkroh added dashboard Relates to a Kibana dashboard bug, enhancement, or modification. documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. labels May 26, 2026
@chrisberkhout
Use updatedAt rather than analyzedAt in queries for cloud configurati…
7bfabfe 
…on finding data.

The `analyzedAt` field remains and is mapped in the same way, but the
`updatedAt` field is added and that's what's used for query filtering,
as recommended by Wiz.
@chrisberkhout chrisberkhout force-pushed the wiz-tidy-up branch 2 times, most recently from 90427a2 to d36b682 Compare May 26, 2026 12:35
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod Bot commented May 26, 2026

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

kcreddy
kcreddy reviewed May 26, 2026
View reviewed changes
Comment thread packages/wiz/data_stream/audit/agent/stream/cel.yml.hbs Outdated
Comment thread packages/wiz/data_stream/cloud_configuration_finding/manifest.yml
mohitjha-elastic
mohitjha-elastic reviewed May 27, 2026
View reviewed changes
Comment thread packages/wiz/changelog.yml Outdated
@chrisberkhout chrisberkhout force-pushed the wiz-tidy-up branch 2 times, most recently from 56395f4 to 7dd4727 Compare May 27, 2026 09:24
@chrisberkhout
Tolerate URLs with a /graphql path (or /graphql/).
14f0d2e 
We expect just the base: `https://api.somedc.app.wiz.io`. Wiz provides
an "API Endpoint" with the path: `https://api.somedc.app.wiz.io/graphql`,
so that should work too.

Better URL cleaning.
@chrisberkhout
Set a static request rate of 0.5 rps per data stream, increase retries.
a67020c 
Testing shows that 5 rps should be okay (4 rps is fine for 10s, 8 rps
occasionally returns 429). We have 5 data streams using the GraphQL API.
Four run frequently (by default every 5 mins), one is a daily sync.

Setting a request rate limit of 0.5 rps for each data stream means we
should never exceed 2.5 rps in total, and never reach the rate limit.

The only feedback from the server about the rate limit is that it
responds with 429, with retry-after / reset information, once the limit
has been exceeded. If a 429 response is received, the input will retry
the request, respecting the retry-after period.

We set a conservative static rate because the different data streams are
unable to coordinate on the client side, and they receive no request
budget feedback from the server side until its too late.

We don't expect retries, but since they are possible due to rate
limiting rather than just request or server errors, the maximum number
of retry attempts is raised from 5 to 10.
@chrisberkhout
Make Token URL a non-advanced setting.
8a90238 
Since apparently it can vary, and will be provided by Wiz along with the
API Endpoint and credentials.
@chrisberkhout
Tell the user the interval setting 'must be 5m or longer'.
d91824f
@chrisberkhout
Add a screenshot of the 'config UI' (policy editor UI).
78e0820 
This was specifically requested by Wiz.
@chrisberkhout
README: Clearer information about transforms and using their outputs.
45e619e
@chrisberkhout
Add a labels.is_transform_source field for source and destination for…
5f879f8 
… data that has a transform.
@chrisberkhout
Revert "Add a labels.is_transform_source field for source and destina…
960a680 
…tion for data that has a transform."

This reverts commit 166ea075774515ed3bade16d678318cedf9529b9.
@chrisberkhout
Dashboards: no-op export.
fc8189b
@chrisberkhout
Dashboards: use panel-level filters.
75246f0
@chrisberkhout
Dashboards: Remove duplicated search reference.
62374d2
@chrisberkhout
Dashboards: Remove redundant tag references.
7d72a4d
@chrisberkhout
Dashboards: Remove Defend dashboard description for consistency, etc.
3eac3da
@chrisberkhout
Dashboards: Fix nav/overview panel formatting.
fcc5d43
@chrisberkhout
Version bump, changelog entry.
f4ab859
@chrisberkhout
Fix typo in manifest title.
13fa74f
kcreddy
kcreddy approved these changes May 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@kcreddy kcreddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

mohitjha-elastic
mohitjha-elastic approved these changes May 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@mohitjha-elastic mohitjha-elastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@elasticmachine
Copy link
Copy Markdown

elasticmachine commented May 27, 2026

💚 Build Succeeded

History

cc @chrisberkhout

@chrisberkhout chrisberkhout merged commit 110d0b0 into elastic:main May 27, 2026
13 checks passed
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod Bot commented May 27, 2026

Package wiz - 4.3.0 containing this change is available at https://epr.elastic.co/package/wiz/4.3.0/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kcreddy kcreddy kcreddy approved these changes

@mohitjha-elastic mohitjha-elastic mohitjha-elastic approved these changes

Assignees

@chrisberkhout chrisberkhout

Labels

bugfix Pull request that fixes a bug issue dashboard Relates to a Kibana dashboard bug, enhancement, or modification. documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request Integration:wiz Wiz Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@chrisberkhout @elasticmachine @kcreddy @mohitjha-elastic @andrewkroh