Wiz Cloud Vulnerability Triage

Overview

Wiz is excellent at detecting cloud misconfigurations and vulnerabilities, but acting on them requires human judgment. This playbook catches high and critical Wiz alerts, surfaces the details in Slack with the full context, and asks the security team whether to open a ServiceNow incident, mapping Wiz severity to ServiceNow urgency automatically.

Who this is for: Cloud security engineers and SOC analysts running Wiz across multi-cloud environments

Why automate this

Wiz alerts can be noisy. Too much automation leads to alert fatigue, too little leads to missed criticals. This playbook strikes the balance: every high/critical gets immediate visibility in Slack, and the human decides whether it deserves a formal ticket. No alert is lost, and no ticket is wasted.

How it works

1. 01

   Poll the Wiz API for new alerts matching the severity filter

2. 02

   Extract alert metadata: resource, severity, CVE, recommendation

3. 03

   Post a detailed Slack message with the alert context

4. 04

   Include an interactive 'Create Ticket' button in Slack

5. 05

   On click, create a ServiceNow incident with severity-mapped urgency

Impact

• Human-in-the-loop triage for Wiz cloud security alerts

• Maps Wiz severity to ServiceNow urgency consistently

• Slack-first UX for fast analyst decisions

• Creates auditable ticket trails only when warranted