AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2025-10-16 · Documentation low

File: securityhub/latest/userguide/exposure-findings-generate.md

Summary

Clarified exposure findings generation process and uniqueness criteria

Security assessment

Improved documentation about Security Hub's exposure findings aggregation process. While related to security monitoring, there's no evidence of addressing a specific vulnerability. Changes enhance understanding of existing security features.

Diff

diff --git a/securityhub/latest/userguide/exposure-findings-generate.md b/securityhub/latest/userguide/exposure-findings-generate.md
index eb6f8ab07..e1e89ee9b 100644
--- a//securityhub/latest/userguide/exposure-findings-generate.md
+++ b//securityhub/latest/userguide/exposure-findings-generate.md
@@ -11 +11 @@ Security Hub is in preview release and is subject to change.
-Security Hub generates exposure findings every 6 hours. During each 6-hour period, Security Hub considers the available exposure traits for a resource. It produces at most one exposure finding per resource ID. The uniqueness of a finding is determined by ID, AWS Region, type, and account. This means you can have two resources with the same ID, but the resources would be different resource types. This exposure finding aggregates all of the applicable exposure traits that apply to the resource. 
+Security Hub generates exposure findings every 6 hours. During each 6-hour period, Security Hub considers the available exposure traits for a resource. It produces at most one exposure finding per resource ID. The uniqueness of a finding is determined by finding ID, AWS Region, exposure type, and account. This means you can have two resources with the same ID. However, the resources might have different types of exposures. This exposure finding aggregates all of the applicable exposure traits that apply to the resource. 
@@ -13 +13 @@ Security Hub generates exposure findings every 6 hours. During each 6-hour perio
-If a resource doesn't have any exposure traits or has insufficient traits, Security Hub doesn't generate an exposure finding for that resource. Security Hub doesn't publish exposure findings for resource types that don't support exposure findings. When a resource has a significant number and combination of traits, Security Hub generates an exposure finding. The number and combination of traits also determine the severity level of the exposure finding. 
+If a resource doesn't have any exposure traits or has insufficient traits, Security Hub doesn't generate an exposure finding for that resource. Security Hub doesn't publish exposure findings for resource types not supported by exposure findings. When a resource has a significant number and combination of traits, Security Hub generates an exposure finding. The number and combination of traits also determine the severity level of the exposure finding.