Public documentation for governed AI labor
SDKs/Governance/Connectors
Arx / Docs / Cloud Misconfiguration Remediation

Documentation

Cloud Misconfiguration Remediation

arxsec-site / library/workflows/cloud-misconfig-remediation/README.md

arxsec-site repo-root library/workflows/cloud-misconfig-remediation/README.md

Pulls cloud misconfiguration findings from Wiz, prioritizes them by severity, creates Jira tickets assigned to the appropriate cloud team, and posts a summary to the team Slack channel.

Maturity: L3-4 (Enforced to Governed)  ยท  See the 5-level maturity model for where this workflow fits in your program.

Time Saved

Before: ~5 hours per week manually triaging Wiz findings, creating tickets, and notifying cloud teams.

After: Automated prioritization and ticket creation. Engineers receive pre-triaged Jira tickets with full context.

Connectors

| Connector | Operations | Risk | |-----------|-----------|------| | Wiz | findings:read | LOW | | Jira | issues:create | MEDIUM | | Slack | chat:write | LOW |

Overall Risk: MEDIUM -- Jira issues:create generates tickets that trigger team workflows. Read and notify operations are low risk.

How It Works

  1. Query Wiz for open cloud misconfiguration findings.
  2. Group findings by severity (Critical, High, Medium) and cloud account.
  3. Map each finding to the responsible team using account_owner_map.
  4. Create Jira tickets with severity-mapped priorities assigned to the correct team.
  5. Post a Slack summary with finding counts per severity and team.

ARX Governance

  • Risk Classification:
  • Wiz:findings:read -- LOW -- read-only query of cloud posture data
  • Jira:issues:create -- MEDIUM -- creates tickets that enter team backlogs
  • Slack:chat:write -- LOW -- informational notifications only
  • HITL Gate: Disabled -- no destructive or high-risk operations. Jira ticket creation is auto-approved as it creates work items only.
  • Policy Rules:
  • PERMITTED: Reading Wiz findings, posting Slack summaries
  • PERMITTED (auto-approved): Creating Jira tickets with severity-mapped priority
  • DENIED: Any write-back to Wiz or direct remediation actions
  • Audit Trail: Every Wiz finding processed, Jira ticket created (with ticket ID), and Slack notification sent is logged with timestamps and severity classifications.
  • Config: See arx.yaml for connector permissions, schedule, and policy rules.

Setup

Prerequisites

``bash pip install arx ``

Environment Variables

``bash export WIZ_CLIENT_ID="your-wiz-client-id" export WIZ_CLIENT_SECRET="your-wiz-client-secret" export WIZ_API_URL="https://api.wiz.io" export JIRA_URL="https://your-org.atlassian.net" export JIRA_API_TOKEN="your-jira-api-token" export JIRA_PROJECT_KEY="CLOUD" export SLACK_BOT_TOKEN="xoxb-your-slack-token" export SLACK_CLOUD_CHANNEL="#cloud-security" ``

Run

```bash

One-time execution

arx run workflow.py

Register on schedule (daily at 06:00 UTC)

arx register --config arx.yaml ```

Customization

  • Map cloud accounts to Jira assignees in account_owner_map
  • Adjust severity-to-priority mapping in workflow config
  • Change the Slack notification channel in arx.yaml