Supported trait types in Security Hub

Note

Security Hub is in preview release and is subject to change.

Security Hub generates an exposure finding when AWS Security Hub CSPM control findings and findings generated by other supported AWS services, such as Amazon Inspector, contain exposure traits for a resource. The following table provides information about the supported trait types.

Trait type	Description	Source	Impacted resources
Misconfiguration	Indicates a misconfigured resource.	Security Hub CSPM control findings.	All resource types.
Reachability	Indicates open network paths to a resource.	Security Hub CSPM control findings and Amazon Inspector network reachability findings.	Amazon EC2 instances
Sensitive Data	Indicates that a resource contains sensitive data.	Macie sensitive data findings.	Amazon S3 buckets
Vulnerability	Indicates that a resource is exposed to Common Vulnerabilities and Exposure (CVEs).	Amazon Inspector package vulnerability findings.	Amazon EC2 instances, Amazon ECS services, Amazon EKS clusters, and Lambda functions

Each trait can be associated with multiple titles that provide details about the exposure affecting the resource. For example, you might see an Exploit Available title for the Vulnerability trait in the details for an EC2 exposure finding.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Supported resources

Generating exposure findings