AwsSecurityFinding
Provides a consistent format for Security Hub findings. AwsSecurityFinding format allows you to share findings between Amazon Web Services security services and third-party solutions.
A finding is a potential security issue generated either by Amazon Web Services services or by the integrated third-party solutions and standards checks.
Types
Properties
The Amazon Web Services account ID that a finding is generated in.
The name of the Amazon Web Services account from which a finding was generated.
The name of the company for the product that generated the finding.
This data type is exclusive to findings that are generated as the result of a check run against a specific rule in a supported security standard, such as CIS Amazon Web Services Foundations. Contains security standard-related finding details.
A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
The level of importance assigned to the resources associated with the finding.
A finding's description.
In a BatchImportFindings request, finding providers use FindingProviderFields to provide and update their own values for confidence, criticality, related findings, severity, and types.
Indicates when the security findings provider first observed the potential security issue that a finding captured.
Provides metadata for the Amazon CodeGuru detector associated with a finding. This field pertains to findings that relate to Lambda functions. Amazon Inspector identifies policy violations and vulnerabilities in Lambda function code based on internal detectors developed in collaboration with Amazon CodeGuru. Security Hub receives those findings.
The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security findings providers' solutions, this generator can be called a rule, a check, a detector, a plugin, etc.
Indicates when the security findings provider most recently observed the potential security issue that a finding captured.
Provides information about a network path that is relevant to a finding. Each entry under NetworkPath represents a component of that path.
Provides an overview of the patch compliance status for an instance against a selected compliance standard.
The details of process-related information about a finding.
An ISO8601-formatted timestamp that indicates when Security Hub received a finding and begins to process it.
The ARN generated by Security Hub that uniquely identifies a product that generates findings. This can be the ARN for a third-party product that is integrated with Security Hub, or the ARN for a custom integration.
A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.
The name of the product that generated the finding.
The record state of a finding.
A list of related findings.
A data type that describes the remediation options for a finding.
The schema version that a finding is formatted for.
Threat intelligence details related to a finding.
A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
Indicates the veracity of a finding.
Provides a list of vulnerabilities associated with the findings.
The workflow state of a finding.