Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Reference for AWSSecurityHubFindings table in Azure Monitor Logs.
| Attribute | Value |
|---|---|
| Category | AWS |
| Basic Logs Eligible | ✓ Yes (source) |
| Supports Transformations | ✓ Yes (source) |
| Ingestion API Supported | ✓ Yes |
| Azure Monitor Tables Reference | View Documentation |
| Azure Monitor Logs Ingestion API | View Documentation |
Source: Azure Monitor documentation
| Column Name | Type | Description |
|---|---|---|
| _BilledSize | real | The record size in bytes |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable isfalseingestion isn't billed to your Azure account |
| AwsAccountId | string | The AWS account ID associated with the event. |
| AwsRegion | string | The AWS region where the event occurred. |
| AwsSecurityFindingCreatedAt | datetime | The timestamp when the security finding was created. |
| AwsSecurityFindingDescription | string | A detailed description of the AWS security finding. |
| AwsSecurityFindingFirstObservedAt | datetime | The timestamp when the security finding was first observed. |
| AwsSecurityFindingGeneratorId | string | The ID of the generator that created the security finding. |
| AwsSecurityFindingId | string | The unique identifier for the AWS security finding. |
| AwsSecurityFindingLastObservedAt | datetime | The timestamp when the security finding was last observed. |
| AwsSecurityFindingProcessedAt | datetime | The timestamp when the security finding was processed. |
| AwsSecurityFindingProductArn | string | The Amazon Resource Name (ARN) of the product that generated the finding. |
| AwsSecurityFindingProductFields | dynamic | Additional fields provided by the product that generated the finding. |
| AwsSecurityFindingProductName | string | The name of the product that generated the finding. |
| AwsSecurityFindingSeverity | dynamic | The severity level of the security finding. |
| AwsSecurityFindingTitle | string | The title of the AWS security finding. |
| AwsSecurityFindingTypes | dynamic | The types or categories of the AWS security finding. |
| AwsSecurityFindingUpdatedAt | datetime | The timestamp when the security finding was last updated. |
| ComplianceAssociatedStandards | dynamic | The compliance standards associated with the resource. |
| ComplianceRelatedRequirements | dynamic | The related compliance requirements. |
| ComplianceSecurityControlId | string | The ID of the security control related to compliance. |
| ComplianceSecurityControlParameters | dynamic | Parameters associated with the security control. |
| ComplianceStatus | string | The compliance status of the resource (e.g., COMPLIANT, NON_COMPLIANT). |
| ComplianceStatusReasons | dynamic | The reasons for the compliance status. |
| RawData | dynamic | The raw data associated with the finding. |
| RecordState | string | The state of the record (e.g., ACTIVE, ARCHIVED). |
| Remediation | dynamic | Details about how to remediate the security finding. |
| Resources | dynamic | The resources associated with the security finding. |
| SchemaVersion | string | The version of the schema used for the finding. |
| SourceSystem | string | The type of agent the event was collected by. For example,OpsManagerfor Windows agent, either direct connect or Operations Manager,Linuxfor all Linux agents, orAzurefor Azure Diagnostics |
| TenantId | string | The Log Analytics workspace ID |
| TimeGenerated | datetime | The timestamp when the event was generated. |
| Type | string | The name of the table |
| WorkflowState | string | The workflow state of the finding (e.g., NEW, RESOLVED). |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| AWS Security Hub Findings (via Codeless Connector Framework) |
In solution AWS Security Hub:
In solution AWS Security Hub:
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊