This is the new AWS CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.
AWS::SecurityHub::AutomationRule WorkflowUpdate
Used to update information about the investigation into the finding.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Status" :String}
YAML
Status:String
Properties
Status-
The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to
SUPPRESSEDorRESOLVEDdoes not prevent a new finding for the same issue.The allowed values are the following.
-
NEW- The initial state of a finding, before it is reviewed.Security Hub also resets
WorkFlowStatusfromNOTIFIEDorRESOLVEDtoNEWin the following cases:-
The record state changes from
ARCHIVEDtoACTIVE. -
The compliance status changes from
PASSEDto eitherWARNING,FAILED, orNOT_AVAILABLE.
-
-
NOTIFIED- Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner. -
RESOLVED- The finding was reviewed and remediated and is now considered resolved. -
SUPPRESSED- Indicates that you reviewed the finding and don't believe that any action is needed. The finding is no longer updated.
Required: Yes
Type: String
Allowed values:
NEW | NOTIFIED | RESOLVED | SUPPRESSEDUpdate requires: No interruption
-
