Findings in AWS Security Hub

AWS Security Hub eliminates the complexity of addressing large volumes of findings from multiple providers. It reduces the effort required to manage and improve the security of all of your AWS accounts, resources, and workloads.

Security Hub receives findings from the following sources.

Integrations with AWS security services that you enable. See Available AWS service integrations.
Integrations with third-party products that you enable. See Available third-party partner product integrations.
Custom integrations that you configure. See Using custom product integrations to send findings to AWS Security Hub.
Security Hub checks against enabled controls. See Generating and updating control findings.

Security Hub consumes findings using a standard findings format called the AWS Security Finding Format. For more information about the finding format, see AWS Security Finding Format (ASFF).

Security Hub correlates the findings across integrated products to prioritize the most important ones.

Finding providers can update findings to reflect additional instances of the finding. You can update findings to provide details about your investigation and its results.

Security Hub also allows you to aggregate findings across Regions, so that you can view all of your findings from one place. See Cross-Region aggregation.

Topics

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Stopping cross-Region aggregation

Creating and updating findings