Table: aws_securityhub_findings

This table shows data for AWS Security Hub Findings.

https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html (opens in a new tab) The request_account_id and request_region columns are added to show the account and region of where the request was made from. This is useful when multi region and account aggregation is enabled.

The composite primary key for this table is (request_account_id, request_region, aws_account_id, created_at, description, generator_id, id, product_arn, schema_version, title, updated_at, region).

Columns

NameType
_cq_iduuid
_cq_parent_iduuid
request_account_id (PK)utf8
request_region (PK)utf8
aws_account_id (PK)utf8
created_at (PK)timestamp[us, tz=UTC]
description (PK)utf8
generator_id (PK)utf8
id (PK)utf8
product_arn (PK)utf8
resourcesjson
schema_version (PK)utf8
title (PK)utf8
updated_at (PK)timestamp[us, tz=UTC]
actionjson
company_nameutf8
compliancejson
confidenceint64
criticalityint64
finding_provider_fieldsjson
first_observed_attimestamp[us, tz=UTC]
last_observed_attimestamp[us, tz=UTC]
malwarejson
networkjson
network_pathjson
notejson
patch_summaryjson
processjson
product_fieldsjson
product_nameutf8
record_stateutf8
region (PK)utf8
related_findingsjson
remediationjson
samplebool
severityjson
source_urlutf8
threat_intel_indicatorsjson
threatsjson
typeslist<item: utf8, nullable>
user_defined_fieldsjson
verification_stateutf8
vulnerabilitiesjson
workflowjson
workflow_stateutf8