AwsSecurityFinding
import type { AwsSecurityFinding } from "https://aws-api.deno.dev/v0.4/services/securityhub.ts?docs=full";
Provides a consistent format for Security Hub findings.
AwsSecurityFinding
format allows you to share findings between Amazon Web Services security services and third-party solutions.
Note: A finding is a potential security issue generated either by Amazon Web Services services or by the integrated third-party solutions and standards checks.
§Properties
The name of the company for the product that generated the finding.
Security Hub populates this attribute automatically for each finding.
You cannot update this attribute with BatchImportFindings
or BatchUpdateFindings
.
The exception to this is a custom integration.
When you use the Security Hub console or API to filter findings by company name, you use this attribute.
This data type is exclusive to findings that are generated as the result of a check run against a specific rule in a supported security standard, such as CIS Amazon Web Services Foundations. Contains security standard-related finding details.
A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.
Indicates when the security-findings provider created the potential security issue that a finding captured.
Uses the date-time
format specified in RFC 3339 section 5.6, Internet Date/Time Format.
The value cannot contain spaces, and date and time should be separated by T
.
For example, 2020-03-22T13:22:13.933Z
.
The level of importance assigned to the resources associated with the finding.
A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
A finding's description.
Note:
In this release, Description
is a required property.
In a BatchImportFindings
request, finding providers use FindingProviderFields
to provide and update their own values for confidence, criticality, related findings, severity, and types.
Indicates when the security-findings provider first observed the potential security issue that a finding captured.
Uses the date-time
format specified in RFC 3339 section 5.6, Internet Date/Time Format.
The value cannot contain spaces, and date and time should be separated by T
.
For example, 2020-03-22T13:22:13.933Z
.
The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security-findings providers' solutions, this generator can be called a rule, a check, a detector, a plugin, etc.
Indicates when the security-findings provider most recently observed the potential security issue that a finding captured.
Uses the date-time
format specified in RFC 3339 section 5.6, Internet Date/Time Format.
The value cannot contain spaces, and date and time should be separated by T
.
For example, 2020-03-22T13:22:13.933Z
.
Provides information about a network path that is relevant to a finding.
Each entry under NetworkPath
represents a component of that path.
Provides an overview of the patch compliance status for an instance against a selected compliance standard.
The details of process-related information about a finding.
The ARN generated by Security Hub that uniquely identifies a product that generates findings. This can be the ARN for a third-party product that is integrated with Security Hub, or the ARN for a custom integration.
A data type where security-findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding
format.
Can contain up to 50 key-value pairs. For each key-value pair, the key can contain up to 128 characters, and the value can contain up to 2048 characters.
The name of the product that generated the finding.
Security Hub populates this attribute automatically for each finding.
You cannot update this attribute with BatchImportFindings
or BatchUpdateFindings
.
The exception to this is a custom integration.
When you use the Security Hub console or API to filter findings by product name, you use this attribute.
The record state of a finding.
The Region from which the finding was generated.
Security Hub populates this attribute automatically for each finding.
You cannot update it using BatchImportFindings
or BatchUpdateFindings
.
A list of related findings.
A data type that describes the remediation options for a finding.
A URL that links to a page about the current finding in the security-findings provider's solution.
Threat intelligence details related to a finding.
One or more finding types in the format of namespace/category/classifier
that classify a finding.
Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications
Indicates when the security-findings provider last updated the finding record.
Uses the date-time
format specified in RFC 3339 section 5.6, Internet Date/Time Format.
The value cannot contain spaces, and date and time should be separated by T
.
For example, 2020-03-22T13:22:13.933Z
.
A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
Indicates the veracity of a finding.
Provides a list of vulnerabilities associated with the findings.
The workflow state of a finding.