workflowStatus

The status of the investigation into a finding. Allowed values are the following.

• NEW - The initial state of a finding, before it is reviewed.Security Hub also resets the workflow status from NOTIFIED or RESOLVED to NEW in the following cases:

• RecordState changes from ARCHIVED to ACTIVE.

• Compliance.Status changes from PASSED to either WARNING, FAILED, or NOT_AVAILABLE.

• NOTIFIED - Indicates that the resource owner has been notified about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.If one of the following occurs, the workflow status is changed automatically from NOTIFIED to NEW:

• RecordState changes from ARCHIVED to ACTIVE.

• Compliance.Status changes from PASSED to FAILED, WARNING, or NOT_AVAILABLE.

• SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is needed.The workflow status of a SUPPRESSED finding does not change if RecordState changes from ARCHIVED to ACTIVE.

• RESOLVED - The finding was reviewed and remediated and is now considered resolved. The finding remains RESOLVED unless one of the following occurs:

• RecordState changes from ARCHIVED to ACTIVE.

• Compliance.Status changes from PASSED to FAILED, WARNING, or NOT_AVAILABLE. In those cases, the workflow status is automatically reset to NEW.For findings from controls, if Compliance.Status is PASSED, then Security Hub automatically sets the workflow status to RESOLVED.