The Wiz Defend Alert Passthrough Rule is designed to enhance the security posture of cloud environments monitored by Wiz by contextualizing security alerts based on findings from Wiz detections, specifically leveraging AWS GuardDuty. When vulnerabilities such as open ports on EC2 instances are detected, this rule aggregates important information about the incident, including actor addresses, involved resources, severity ratings assigned by GuardDuty, and links to more extensive threat details. The rule employs a dynamic mechanism for severity classification and can produce alerts of varying severities—high, low, and informational—depending on the context and impact of the detected threats. The rule aims to ensure timely and informed responses to potential threats, emphasizing continuous monitoring and alert refinement through a structured runbook guidance for analysts.