Use Cases
Software Products MSPs Schools Development & Marketing DevOps Agencies Help Desk
 
Internet Status Blog Pricing Log In Try IsDown for free now

Outage in Wiz

Investigating Issue with IP-ASO Based Threat Rules

Resolved Minor
January 23, 2026 - Started 2 days ago - Lasted about 7 hours
Official incident page

Incident Report

We are addressing a surge in detections related to IP-ASO rules (for example, activity outside AWS, Azure, or GCP). This was triggered by changes in ASO naming conventions. Actions Taken: • 16:30 UTC (Completed): Impacted detection rules have been suspended to prevent further false positive alerts. • 17:15 UTC (In Progress): Our team is currently investigating the root cause of the ASO name changes and identifying all affected variations. • Ongoing (In Progress): We are developing a logic update to account for the new ASO names. The rules will be resumed once the update is validated and released.
Components affected
Wiz Defend
Latest Updates ( sorted recent to last )
RESOLVED 2 days ago - at 01/24/2026 01:15AM

We identified an issue that caused an increase in false alerts from a subset of Threat Detection Rules. To prevent additional noise, we temporarily paused the affected alerting while we confirmed the cause and deployed a fix. The hotfix has now been fully deployed, and the affected detections are operating normally again.

MONITORING 2 days ago - at 01/23/2026 07:48PM

Fix Deployment in Progress

Actions Taken:
• 17:30 UTC (Completed): Suspended the impacted detection rules to prevent additional false positive alerts.
• 20:00 UTC (Completed): Confirmed the root cause as an upstream ASN data update that changed ASO naming and triggered detections.
• Ongoing (In Progress): Deploying a hotfix to update detection logic and align with the updated naming.

MONITORING 2 days ago - at 01/23/2026 06:35PM

We are addressing a surge in detections related to IP-ASO rules (for example, activity outside AWS, Azure, or GCP). This was triggered by changes in ASO naming conventions.

Actions Taken:
• 16:30 UTC (Completed): Impacted detection rules have been suspended to prevent further false positive alerts.
• 17:15 UTC (In Progress): Our team is currently investigating the root cause of the ASO name changes and identifying all affected variations.
• Ongoing (In Progress): We are developing a logic update to account for the new ASO names. The rules will be resumed once the update is validated and released.

Latest Wiz outages

Degraded performance of Security Graph in DC US10 + US19 - about 2 months ago
Policy updates were skipped due to a technical issue, causing a possible spike in opened issues for control wc-id-140 after a controls logic change - 2 months ago
Threats Page and Cloud Events Explorer Intermittent Loading Failures - 3 months ago
Intermittent login failures for some users due to email verification issues, sign ins via the IdP are not impacted. - 3 months ago
Potential impact to Wiz Code pull request scanning - 3 months ago

The Status Page Aggregator with Early Outage Detection

With IsDown, you can monitor all your critical services' official status pages from one centralized dashboard and receive instant alerts the moment an outage is detected. Say goodbye to constantly checking multiple sites for updates and stay ahead of outages with IsDown.

Start free trial

No credit card required · Cancel anytime · 5450 services available

Integrations with Slack Microsoft Teams Google Chat Datadog PagerDuty Zapier Discord Webhook