Public documentation for governed AI labor
SDKs/Governance/Connectors
Arx / Docs / Wiz Finding Distribution

Documentation

Wiz Finding Distribution

Project-Agent / library/workflows/wiz-finding-distribution/README.md

Project-Agent repo-root library/workflows/wiz-finding-distribution/README.md

Automatically distributes critical and high-severity Wiz findings to engineering teams via Jira tickets and Slack notifications.

Maturity: L3+ (Enforced and up)  ·  See the 5-level maturity model for where this workflow fits in your program.

What It Does

  1. Queries Wiz API for critical and high-severity findings from the last scan cycle
  2. Deduplicates against existing Jira tickets to prevent duplicates
  3. Creates prioritized Jira tickets with full finding context (resource, severity, remediation guidance)
  4. Sends Slack notifications to the owning team's channel with ticket links
  5. Logs all actions to the ARX audit trail

Time Saved

Before: 4 hours/week — analyst manually reviews Wiz dashboard, copies findings into Jira, pings teams in Slack.

After: 4 minutes — automated on a 4-hour schedule, analyst reviews the audit log.

Connectors

| Connector | Operations | Risk | |-----------|-----------|------| | Wiz | findings:read | LOW | | Jira | issues:create | MEDIUM | | Slack | messages:send | LOW |

Overall Risk: LOW — All operations are reads or create-only. No destructive actions.

ARX Governance

  • HITL Gate: Disabled — all actions are low-risk create/read operations
  • Risk Threshold: 70 — auto-approved below this score
  • Audit Trail: Every finding processed, ticket created, and Slack message sent is logged
  • Schedule: Every 4 hours (0 */4 * * *)

Setup

Prerequisites

``bash pip install arx ``

Environment Variables

``bash export WIZ_CLIENT_ID="your-wiz-client-id" export WIZ_CLIENT_SECRET="your-wiz-client-secret" export JIRA_URL="https://your-org.atlassian.net" export JIRA_API_TOKEN="your-jira-api-token" export JIRA_PROJECT_KEY="SEC" export SLACK_BOT_TOKEN="xoxb-your-slack-bot-token" export SLACK_CHANNEL="#security-findings" ``

Run

```bash

One-time execution

arx run workflow.py

Register on schedule

arx register --config arx.yaml ```

Customization

  • Adjust severity filter in workflow.py (CRITICAL, HIGH, MEDIUM)
  • Change the Jira project key and issue type
  • Modify Slack channel routing per team using the TEAM_CHANNEL_MAP
  • Adjust the schedule in arx.yaml