Amazon Security Hub Finding Structure
An AWS Security Finding Format (ASFF) finding object that provides a normalized format for security findings.
Type: object
Properties: 15
Required: 11
ComplianceMonitoringSecurity
Finding is a JSON Structure definition published by Amazon Security Hub, describing 15 properties, of which 11 are required. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.
{
"$schema": "https://json-structure.org/meta/core/v0/#",
"$id": "https://raw.githubusercontent.com/api-evangelist/amazon-security-hub/refs/heads/main/json-structure/amazon-security-hub-finding-structure.json",
"name": "Finding",
"description": "An AWS Security Finding Format (ASFF) finding object that provides a normalized format for security findings.",
"type": "object",
"properties": {
"SchemaVersion": {
"type": "string",
"description": "The schema version that a finding is formatted for."
},
"Id": {
"type": "string",
"description": "The identifier for the finding."
},
"ProductArn": {
"type": "string",
"description": "The ARN generated by Security Hub for the product that generated the finding."
},
"GeneratorId": {
"type": "string",
"description": "The identifier for the solution-specific component that generated the finding."
},
"AwsAccountId": {
"type": "string",
"description": "The AWS account ID where the finding was generated."
},
"Types": {
"type": "array",
"description": "One or more finding types in the format of namespace/category/classifier.",
"items": {
"type": "string"
}
},
"CreatedAt": {
"type": "string",
"format": "date-time",
"description": "Indicates when the finding was created."
},
"UpdatedAt": {
"type": "string",
"format": "date-time",
"description": "Indicates when the finding was most recently updated."
},
"Severity": {
"type": "object",
"description": "The severity of the finding.",
"properties": {
"Label": {
"type": "string",
"enum": [
"INFORMATIONAL",
"LOW",
"MEDIUM",
"HIGH",
"CRITICAL"
]
},
"Normalized": {
"type": "integer",
"minimum": 0,
"maximum": 100
}
}
},
"Title": {
"type": "string",
"description": "A finding title."
},
"Description": {
"type": "string",
"description": "A finding description."
},
"Resources": {
"type": "array",
"description": "A set of resource data types describing the resources the finding refers to.",
"items": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Id": {
"type": "string"
},
"Partition": {
"type": "string"
},
"Region": {
"type": "string"
},
"Details": {
"type": "object"
}
}
}
},
"Compliance": {
"type": "object",
"properties": {
"Status": {
"type": "string",
"enum": [
"PASSED",
"WARNING",
"FAILED",
"NOT_AVAILABLE"
]
},
"RelatedRequirements": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"Workflow": {
"type": "object",
"properties": {
"Status": {
"type": "string",
"enum": [
"NEW",
"NOTIFIED",
"RESOLVED",
"SUPPRESSED"
]
}
}
},
"RecordState": {
"type": "string",
"enum": [
"ACTIVE",
"ARCHIVED"
]
}
},
"required": [
"SchemaVersion",
"Id",
"ProductArn",
"GeneratorId",
"AwsAccountId",
"CreatedAt",
"UpdatedAt",
"Severity",
"Title",
"Description",
"Resources"
]
}