Amazon Security Hub · Schema
Finding
An AWS Security Finding Format (ASFF) finding object that provides a normalized format for security findings.
ComplianceMonitoringSecurity
Properties
| Name | Type | Description |
|---|---|---|
| SchemaVersion | string | The schema version that a finding is formatted for. |
| Id | string | The identifier for the finding. |
| ProductArn | string | The ARN generated by Security Hub for the product that generated the finding. |
| GeneratorId | string | The identifier for the solution-specific component that generated the finding. |
| AwsAccountId | string | The AWS account ID where the finding was generated. |
| Types | array | One or more finding types in the format of namespace/category/classifier. |
| CreatedAt | string | Indicates when the finding was created. |
| UpdatedAt | string | Indicates when the finding was most recently updated. |
| Severity | object | The severity of the finding. |
| Title | string | A finding title. |
| Description | string | A finding description. |
| Resources | array | A set of resource data types describing the resources the finding refers to. |
| Compliance | object | |
| Workflow | object | |
| RecordState | string |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://raw.githubusercontent.com/api-evangelist/amazon-security-hub/refs/heads/main/json-schema/amazon-security-hub-finding-schema.json",
"title": "Finding",
"description": "An AWS Security Finding Format (ASFF) finding object that provides a normalized format for security findings.",
"type": "object",
"properties": {
"SchemaVersion": {
"type": "string",
"description": "The schema version that a finding is formatted for."
},
"Id": {
"type": "string",
"description": "The identifier for the finding."
},
"ProductArn": {
"type": "string",
"description": "The ARN generated by Security Hub for the product that generated the finding."
},
"GeneratorId": {
"type": "string",
"description": "The identifier for the solution-specific component that generated the finding."
},
"AwsAccountId": {
"type": "string",
"description": "The AWS account ID where the finding was generated."
},
"Types": {
"type": "array",
"description": "One or more finding types in the format of namespace/category/classifier.",
"items": {
"type": "string"
}
},
"CreatedAt": {
"type": "string",
"format": "date-time",
"description": "Indicates when the finding was created."
},
"UpdatedAt": {
"type": "string",
"format": "date-time",
"description": "Indicates when the finding was most recently updated."
},
"Severity": {
"type": "object",
"description": "The severity of the finding.",
"properties": {
"Label": {
"type": "string",
"enum": [
"INFORMATIONAL",
"LOW",
"MEDIUM",
"HIGH",
"CRITICAL"
]
},
"Normalized": {
"type": "integer",
"minimum": 0,
"maximum": 100
}
}
},
"Title": {
"type": "string",
"description": "A finding title."
},
"Description": {
"type": "string",
"description": "A finding description."
},
"Resources": {
"type": "array",
"description": "A set of resource data types describing the resources the finding refers to.",
"items": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Id": {
"type": "string"
},
"Partition": {
"type": "string"
},
"Region": {
"type": "string"
},
"Details": {
"type": "object"
}
}
}
},
"Compliance": {
"type": "object",
"properties": {
"Status": {
"type": "string",
"enum": [
"PASSED",
"WARNING",
"FAILED",
"NOT_AVAILABLE"
]
},
"RelatedRequirements": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"Workflow": {
"type": "object",
"properties": {
"Status": {
"type": "string",
"enum": [
"NEW",
"NOTIFIED",
"RESOLVED",
"SUPPRESSED"
]
}
}
},
"RecordState": {
"type": "string",
"enum": [
"ACTIVE",
"ARCHIVED"
]
}
},
"required": [
"SchemaVersion",
"Id",
"ProductArn",
"GeneratorId",
"AwsAccountId",
"CreatedAt",
"UpdatedAt",
"Severity",
"Title",
"Description",
"Resources"
]
}