Workflow - AWS Security Hub
ContentsSee Also

Workflow

Provides details about the status of the investigation into a finding.

Contents

Status

The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED or RESOLVED does not prevent a new finding for the same issue.

The allowed values are the following.

  • NEW - The initial state of a finding, before it is reviewed.

    Security Hub also resets the workflow status from NOTIFIED or RESOLVED to NEW in the following cases:

    • RecordState changes from ARCHIVED to ACTIVE.

    • ComplianceStatus changes from PASSED to either WARNING, FAILED, or NOT_AVAILABLE.

  • NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.

  • SUPPRESSED - Indicates that you reviewed the finding and don't believe that any action is needed. The finding is no longer updated.

  • RESOLVED - The finding was reviewed and remediated and is now considered resolved.

Type: String

Valid Values: NEW | NOTIFIED | RESOLVED | SUPPRESSED

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: