Filtering and grouping findings in Security Hub

You can display a list of findings on the Findings page, Integrations page, and Insights page of the AWS Security Hub console. The findings lists are pre-filtered based on the record state and workflow status. This is in addition to the filters for an insight or integration.

Record state indicates whether a finding is active or archived. By default, a finding list only shows active findings. A finding provider can archive a finding if it's no longer active or important. Security Hub also automatically archives control findings if the associated resource is deleted.

Workflow status indicates the status of an investigation into a finding. By default, a finding list only shows findings with a workflow status of NEW or NOTIFIED. You can update the workflow status of a finding.

If you enabled finding aggregation and are signed in to the aggregation Region, you can filter findings by Region on the Findings and Insights pages.

For information about working with control findings, see Filtering and sorting control findings. The information in this sections applies to finding lists on the Findings, Insights, and Integrations pages.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Reviewing finding details and history

Adding filters