你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
AWS Security Hub Findings, which are collected in AWS S3 buckets, into Microsoft Sentinel. AWS Security Hub Finding is a detailed record of a security check or security-related detection, which can originate from various sources like enabled controls, integrations with other AWS services, third-party products, or custom integrations.
Table attributes
| Attribute | Value |
|---|---|
| Resource types | - |
| Categories | Security |
| Solutions | SecurityInsights |
| Basic log | Yes |
| Ingestion-time transformation | No |
| Sample Queries | - |
Columns
| Column | Type | Description |
|---|---|---|
| AwsAccountId | string | The AWS account ID associated with the event. |
| AwsRegion | string | The AWS region where the event occurred. |
| AwsSecurityFindingCreatedAt | datetime | The timestamp when the security finding was created. |
| AwsSecurityFindingDescription | string | A detailed description of the AWS security finding. |
| AwsSecurityFindingFirstObservedAt | datetime | The timestamp when the security finding was first observed. |
| AwsSecurityFindingGeneratorId | string | The ID of the generator that created the security finding. |
| AwsSecurityFindingId | string | The unique identifier for the AWS security finding. |
| AwsSecurityFindingLastObservedAt | datetime | The timestamp when the security finding was last observed. |
| AwsSecurityFindingProcessedAt | datetime | The timestamp when the security finding was processed. |
| AwsSecurityFindingProductArn | string | The Amazon Resource Name (ARN) of the product that generated the finding. |
| AwsSecurityFindingProductFields | dynamic | Additional fields provided by the product that generated the finding. |
| AwsSecurityFindingProductName | string | The name of the product that generated the finding. |
| AwsSecurityFindingSeverity | dynamic | The severity level of the security finding. |
| AwsSecurityFindingTitle | string | The title of the AWS security finding. |
| AwsSecurityFindingTypes | dynamic | The types or categories of the AWS security finding. |
| AwsSecurityFindingUpdatedAt | datetime | The timestamp when the security finding was last updated. |
| _BilledSize | real | The record size in bytes |
| ComplianceAssociatedStandards | dynamic | The compliance standards associated with the resource. |
| ComplianceRelatedRequirements | dynamic | The related compliance requirements. |
| ComplianceSecurityControlId | string | The ID of the security control related to compliance. |
| ComplianceSecurityControlParameters | dynamic | Parameters associated with the security control. |
| ComplianceStatus | string | The compliance status of the resource (e.g., COMPLIANT, NON_COMPLIANT). |
| ComplianceStatusReasons | dynamic | The reasons for the compliance status. |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account |
| RawData | dynamic | The raw data associated with the finding. |
| RecordState | string | The state of the record (e.g., ACTIVE, ARCHIVED). |
| Remediation | dynamic | Details about how to remediate the security finding. |
| Resources | dynamic | The resources associated with the security finding. |
| SchemaVersion | string | The version of the schema used for the finding. |
| SourceSystem | string | The type of agent the event was collected by. For example, OpsManager for Windows agent, either direct connect or Operations Manager, Linux for all Linux agents, or Azure for Azure Diagnostics |
| TenantId | string | The Log Analytics workspace ID |
| TimeGenerated | datetime | The timestamp when the event was generated. |
| Type | string | The name of the table |
| WorkflowState | string | The workflow state of the finding (e.g., NEW, RESOLVED). |