AWS Security Finding Format (ASFF)
AWS Security Hub consumes, aggregates, organizes, and prioritizes findings from AWS security services and from the third-party product integrations. Security Hub processes these findings using a standard findings format called the AWS Security Finding Format (ASFF), which eliminates the need for time-consuming data conversion efforts. Then it correlates ingested findings across products to prioritize the most important ones.
Contents
- ASFF syntax
- ASFF attributes
- Required attributes
- Other top-level attributes
- Action
- Compliance
- Malware
- Network
- NetworkPath
- Note
- PatchSummary
- Process
- RelatedFindings
- Remediation
- Resources
- AwsApiGatewayRestApi
- AwsApiGatewayStage
- AwsApiGatewayV2Api
- AwsApiGatewayV2Stage
- AwsAutoScalingAutoScalingGroup
- AwsCertificateManagerCertificate
- AwsCloudFrontDistribution
- AwsCloudTrailTrail
- AwsCodeBuildProject
- AwsDynamoDbTable
- AwsEc2Eip
- AwsEc2Instance
- AwsEc2NetworkInterface
- AwsEc2SecurityGroup
- AwsEc2Volume
- AwsEc2Vpc
- AwsElasticSearchDomain
- AwsElbLoadBalancer
- AwsElbv2LoadBalancer
- AwsIamAccessKey
- AwsIamGroup
- AwsIamPolicy
- AwsIamRole
- AwsIamUser
- AwsKmsKey
- AwsLambdaFunction
- AwsLambdaLayerVersion
- AwsRdsDbCluster
- AwsRdsDbClusterSnapshot
- AwsRdsDbInstance
- AwsRdsDbSnapshot
- AwsRedshiftCluster
- AwsS3Bucket
- AwsS3Object
- AwsSecretsManagerSecret
- AwsSnsTopic
- AwsSqsQueue
- AwsSsmPatchCompliance
- AwsWafWebAcl
- Container
- Other
- Severity
- ThreatIntelIndicators
- Vulnerabilities
- Workflow
- Types taxonomy for ASFF