# Supported trait types in Security Hub Amazon Security Hub generates an exposure finding when Amazon Security Hub CSPM control findings and findings generated by other supported Amazon Web Services services, such as Amazon Inspector, contain exposure traits for a resource. The following table provides information about the supported trait types. | Trait type | Description | Source | Impacted resources | | --- | --- | --- | --- | | Assumability | Indicates a resource with vended Amazon Identity and Access Management permissions | Resource configuration from Amazon Config | Amazon resources with associated Amazon Identity and Access Management roles | | Misconfiguration | Indicates a misconfigured resource | Amazon Security Hub CSPM control findings, Amazon GuardDuty threat findings, and information about resource confirmation in Amazon Config. | All resource types | | Reachability | Indicates open network paths to a resource | Amazon Security Hub CSPM control findings, Amazon GuardDuty threat findings, and Amazon Inspector network reachability findings. | Amazon EC2 instances, Amazon EKS clusters, Lambda functions, and Amazon S3 buckets | | Sensitive Data | Indicates that a resource contains sensitive data | Macie sensitive data findings | Amazon S3 buckets | | Vulnerability | Indicates that a resource has a weakness which could be exploited by a threat source. | Amazon Inspector package vulnerability findings and Amazon GuardDuty Amazon EC2 Malware findings. | Amazon EC2 instances, Amazon ECS services, Amazon EKS clusters, and Lambda functions | Each trait can be associated with multiple titles that provide details about the exposure affecting the resource. For example, you might see an **Exploit Available** title for the **Vulnerability** trait in the details for an EC2 exposure finding.