Wiz
The Wiz bi-directional app for Slack enables teams to streamline security communication by sending real-time, actionable security alerts directly to Slack channels and managing their Issues and Threats on their Slack workspace.Note: Using Wiz AI for Slack requires a paid Slack plan and has a potential to generate inaccurate responses
Permissions
Wiz will be able to view:
Wiz will be able to do:
Review the details to better understand this app’s security practices. To learn more about assessing apps for your workspace visit our Help Center.
General
Privacy & data governance
Data retention policy
Different types of data are retained for different amounts of time in accordance with Wiz’s data retention policy. For the most up to date policy information, always refer to the Wiz documentation: https://docs.wiz.io/wiz-docs/docs/data-retention
Data archiving and removal policy
If a paid subscription ends or is terminated, Wiz retains customer data stored in the Wiz database in a limited-function account for 90 days to enable the subscriber to extract the data. After the 90-day retention period ends, Wiz disables the account and deletes the customer data. Once deleted, data may reside in Wiz's backups for up to 180 days.
Data storage policy
Wiz’s backend environment is hosted in AWS, by default in the US, but this can be changed upon customer request. All data stored at Wiz is AES-encrypted, following industry standards in motion and at rest.
Data hosting details
Confirming here that Wiz verifies that the signature on incoming requests from Slack, to ensure the requests are genuinely from Slack.
Since the signature uses a symmetric key, and we want to avoid exposing this key to publicly accessible resources (our gateway Lambda), we perform the signature verification after the request passes through the queue and enters our cluster.
As an additional safety measure and sanity check, we do validate the verification token in the Lambda function.
App/service has sub-processors
no
App/service uses large language models (LLM)
yes
LLM model(s) used
Anthropic Sonnet 3.5 (Bedrock Service)
LLM retention settings
We stored the data for 90 days
LLM data tenancy policy
For the user question we use RAG and prompt engineering based on Wiz generic data like Wiz Documentation or generic example questions->answers
LLM data residency policy
The data is stored and managed as part of Wiz BE. We also collect logs to Wiz telemetry stored in SF.
Certifications & compliance
Data deletion request procedure
We have a documented internal procedure to handle right of erasure requests. Data subjects can exercise their rights by contacting us through the Wiz Privacy Center: https://wiz.privacy.saymine.io/wiz
HIPAA compliant
yes
While this app may offer HIPAA compliance, Slack does not have a business associate agreement with any third-party application providers, including those in the Slack Marketplace, so you are responsible for validating the provider's compliance and executing an appropriate agreement before enabling.
Security
Supports Single Sign On (SSO) with the following providers
Okta
Supports Security Assertion Markup Language (SAML)
yes
Has a dedicated security team
yes
Contact for security issues
security@wiz.io
Has a vulnerability disclosure program
no
Has a bug bounty program
no
Requires third party authorization/connections
no
Uses token rotation
no