Cloud security platform for risk assessment.
## Wiz MCP Server: Cloud Security Graph Platform The **Wiz MCP Server** integrates agentless cloud security into Google Antigravity, enabling complete visibility into cloud risks through a unified security graph that connects vulnerabilities, misconfigurations, and attack paths. ### Why Wiz MCP? - **Security graph** - Unified view of all cloud risks and relationships - **Agentless scanning** - Complete visibility without deploying agents - **Attack path analysis** - Understand how attackers could exploit issues - **Multi-cloud** - AWS, Azure, GCP, and Kubernetes in one platform - **Risk prioritization** - Focus on what matters with context-aware scoring ### Key Features #### 1. Issue Discovery ```python # Get critical security issues issues = await mcp.call("wiz", "get_issues", { "severity": ["CRITICAL", "HIGH"], "status": "OPEN", "has_attack_path": True }) for issue in issues: print(f"[{issue[\"severity\"]}] {issue[\"title\"]}") print(f" Resource: {issue[\"resource\"][\"name\"]}") print(f" Cloud: {issue[\"cloud_provider\"]}") print(f" Attack Path: {issue[\"attack_path_count\"]} paths") ``` #### 2. Attack Path Analysis ```python # Get attack paths to sensitive data paths = await mcp.call("wiz", "get_attack_paths", { "target_type": "DATA_STORE", "severity": "CRITICAL" }) for path in paths: print(f"Path: {path[\"name\"]}") print(f" Risk: {path[\"risk_score\"]}") for step in path["steps"]: print(f" -> {step[\"resource\"]}: {step[\"issue\"]}") ``` #### 3. Cloud Configuration ```python # Audit cloud configurations config_issues = await mcp.call("wiz", "get_cloud_config_issues", { "cloud": "aws", "frameworks": ["CIS", "SOC2"], "resource_types": ["S3", "EC2", "RDS"] }) for issue in config_issues: print(f"{issue[\"resource\"]}: {issue[\"rule\"]}") print(f" Framework: {issue[\"framework\"]}") print(f" Remediation: {issue[\"remediation\"]}") ``` #### 4. Container Security ```python # Scan container workloads containers = await mcp.call("wiz", "get_container_vulnerabilities", { "cluster": "production-eks", "severity": ["CRITICAL"], "exploitable": True }) for container in containers: print(f"Pod: {container[\"pod_name\"]}") print(f" Image: {container[\"image\"]}") for vuln in container["vulnerabilities"]: print(f" - {vuln[\"cve\"]}: {vuln[\"package\"]}") ``` ### Configuration ```json { "mcpServers": { "wiz": { "command": "npx", "args": ["-y", "@anthropic/mcp-wiz"], "env": { "WIZ_CLIENT_ID": "your-client-id", "WIZ_CLIENT_SECRET": "your-client-secret", "WIZ_API_URL": "https://api.wiz.io" } } } } ``` ### Use Cases **Risk Prioritization**: Focus on vulnerabilities with actual attack paths. **Cloud Posture**: Maintain secure configurations across all cloud accounts. **Container Security**: Protect Kubernetes workloads from runtime threats. **Compliance**: Continuous compliance monitoring against security frameworks. The Wiz MCP Server enables risk-based cloud security through the security graph.
{
"mcpServers": {
"wiz": {}
}
}