Finding history Viewing the complete .json for a finding Viewing information about a finding resource Viewing the configuration timeline for a finding resource Viewing the Amazon Config rule for a finding resource Viewing notes for findings

Viewing details about a control finding and finding resource

Amazon Security Hub provides the following details for each control finding to help you investigate it:

A history of changes that users have made to the finding
A .json file for the finding
Information about the resource related to the finding
The configuration rule related to the finding
Notes that users have added to the finding

The following section explains how to access these details.

Finding history

Finding history is a Security Hub feature that lets you track changes made to a finding during the last 90 days.

Finding history is available for control findings and other Security Hub findings. For more information, see Reviewing finding history.

Viewing the complete .json for a finding

You can display and download the full .json of a finding.

To display the .json, in the Finding .json column, choose the icon.

On the Finding JSON panel, to download the .json, choose Download.

Viewing information about a finding resource

The Resource column contains the resource type and resource identifier.

To display information about the resource, choose the resource identifier. For Amazon Web Services accounts, if the account is an organization member account, then the information includes both the account ID and the account name. For accounts that were invited manually, the information only includes the account ID.

If you have permission to view the resource in its original service, then the resource identifier displays a link to the service. For example, for an Amazon user, the resource details provide a link to the view the user details in IAM.

If the resource is in a different account, Security Hub displays a message to notify you.

Viewing the configuration timeline for a finding resource

One avenue of investigation is the configuration timeline for the resource in Amazon Config.

If you have permission to view the configuration timeline for the finding resource, then the finding list provides a link to the timeline.

Security Hub displays a message to notify you if the resource is in a different account.

To navigate to the configuration timeline in Amazon Config

In the Investigate column, choose the icon.
On the menu, choose Configuration timeline. If you do not have access to the configuration timeline, then the link does not appear.

Viewing the Amazon Config rule for a finding resource

If the control is based on an Amazon Config rule, then you might also want to view the details for the Amazon Config rule. The Amazon Config rule information can help you to get a better understanding why a check passed or failed.

If you have permission to view the Amazon Config rule for the control, then the finding list provides a link to the Amazon Config rule in Amazon Config.

Security Hub displays a message to notify you if the resource is in a different account.

To navigate to the Amazon Config rule

In the Investigate column, choose the icon.
On the menu, choose Config rule. If you do not have access to the Amazon Config rule, then Config rule is not linked.

Viewing notes for findings

If a finding has an associated note, then the Updated column displays a note icon.

To display the note that is associated with a finding

In the Updated column, choose the note icon.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Viewing and taking action on control findings

Sample control findings