Module Values.AwsSecurityFindingSource

The schema version that a finding is formatted for. The value is 2018-10-08.

The security findings provider-specific identifier for a finding. Length Constraints: Minimum length of 1. Maximum length of 512.

The ARN generated by Security Hub CSPM that uniquely identifies a product that generates findings. This can be the ARN for a third-party product that is integrated with Security Hub CSPM, or the ARN for a custom integration. Length Constraints: Minimum length of 12. Maximum length of 2048.

The name of the product that generated the finding. Security Hub CSPM populates this attribute automatically for each finding. You cannot update this attribute with BatchImportFindings or BatchUpdateFindings. The exception to this is a custom integration. When you use the Security Hub CSPM console or API to filter findings by product name, you use this attribute. Length Constraints: Minimum length of 1. Maximum length of 128.

The name of the company for the product that generated the finding. Security Hub CSPM populates this attribute automatically for each finding. You cannot update this attribute with BatchImportFindings or BatchUpdateFindings. The exception to this is a custom integration. When you use the Security Hub CSPM console or API to filter findings by company name, you use this attribute. Length Constraints: Minimum length of 1. Maximum length of 128.

The Region from which the finding was generated. Security Hub CSPM populates this attribute automatically for each finding. You cannot update it using BatchImportFindings or BatchUpdateFindings. Length Constraints: Minimum length of 1. Maximum length of 16.

The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security findings providers' solutions, this generator can be called a rule, a check, a detector, a plugin, or something else. Length Constraints: Minimum length of 1. Maximum length of 512.

The Amazon Web Services account ID that a finding is generated in. Length Constraints: 12.

One or more finding types in the format of namespace/category/classifier that classify a finding. Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications Array Members: Maximum number of 50 items.

Indicates when the security findings provider first observed the potential security issue that a finding captured. For more information about the validation and formatting of timestamp fields in Security Hub CSPM, see Timestamps.

Indicates when the security findings provider most recently observed a change in the resource that is involved in the finding. For more information about the validation and formatting of timestamp fields in Security Hub CSPM, see Timestamps.

Indicates when the security findings provider created the potential security issue that a finding captured. For more information about the validation and formatting of timestamp fields in Security Hub CSPM, see Timestamps.

Indicates when the security findings provider last updated the finding record. For more information about the validation and formatting of timestamp fields in Security Hub CSPM, see Timestamps.

A finding's severity.

A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

The level of importance assigned to the resources associated with the finding. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

A finding's title. Title is a required property. Length Constraints: Minimum length of 1. Maximum length of 256.

A finding's description. Description is a required property. Length Constraints: Minimum length of 1. Maximum length of 1024.

A data type that describes the remediation options for a finding.

A URL that links to a page about the current finding in the security findings provider's solution.

A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format. Can contain up to 50 key-value pairs. For each key-value pair, the key can contain up to 128 characters, and the value can contain up to 2048 characters.

A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding. Can contain up to 50 key-value pairs. For each key-value pair, the key can contain up to 128 characters, and the value can contain up to 1024 characters.

A list of malware related to a finding. Array Members: Maximum number of 5 items.

The details of network-related information about a finding.

Provides information about a network path that is relevant to a finding. Each entry under NetworkPath represents a component of that path.

The details of process-related information about a finding.

Details about the threat detected in a security finding and the file paths that were affected by the threat. Array Members: Minimum number of 1 item. Maximum number of 32 items.

Threat intelligence details related to a finding. Array Members: Minimum number of 1 item. Maximum number of 5 items.

A set of resource data types that describe the resources that the finding refers to. Array Members: Minimum number of 1 item. Maximum number of 32 items.

This data type is exclusive to findings that are generated as the result of a check run against a specific rule in a supported security standard, such as CIS Amazon Web Services Foundations. Contains security standard-related finding details.

Indicates the veracity of a finding.

The workflow state of a finding.

Provides information about the status of the investigation into a finding.

The record state of a finding.

A list of related findings. Array Members: Minimum number of 1 item. Maximum number of 10 items.

A user-defined note added to a finding.

Provides a list of vulnerabilities associated with the findings.

Provides an overview of the patch compliance status for an instance against a selected compliance standard.

Provides details about an action that affects or that was taken on a resource.

In a BatchImportFindings request, finding providers use FindingProviderFields to provide and update their own values for confidence, criticality, related findings, severity, and types.

Indicates whether the finding is a sample finding.

Provides metadata for the Amazon CodeGuru detector associated with a finding. This field pertains to findings that relate to Lambda functions. Amazon Inspector identifies policy violations and vulnerabilities in Lambda function code based on internal detectors developed in collaboration with Amazon CodeGuru. Security Hub CSPM receives those findings.

A timestamp that indicates when Security Hub CSPM received a finding and begins to process it. For more information about the validation and formatting of timestamp fields in Security Hub CSPM, see Timestamps.

The name of the Amazon Web Services account from which a finding was generated. Length Constraints: Minimum length of 1. Maximum length of 50.

Provides details about an Amazon GuardDuty Extended Threat Detection attack sequence. GuardDuty generates an attack sequence finding when multiple events align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub CSPM, you must have GuardDuty enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.