OCSF findings in Security Hub

Note

Security Hub is in preview release and is subject to change.

All findings in Security Hub are formatted in the Open Cybersecurity Schema Framework (OCSF). Security Hub considers findings with activity_name != Close as active findings. Active findings are automatically deleted if they aren’t updated in 90 days. Security Hub considers findings with Activity_name = Close as closed findings. Closed findings are automatically deleted if they aren’t updated in 14 days. Security Hub determines when a finding is updated using the most recent value of the finding modified_time_dt. At the end of a finding’s retention period, Security Hub permanently deletes the finding. Finding providers can change the value of the finding.info.modified_time_dt field when they update a finding. For information about other Activity_name values, see Vulnerability Finding in the OCSF schema.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Concepts

Coverage findings