AWS securityhub documentation change
Summary
Added 'Assumability' trait for IAM permissions and reformatted existing traits
Security assessment
The change adds documentation for a new security trait ('Assumability') related to IAM permissions but doesn't address a specific vulnerability. It enhances security awareness by documenting exposure types.
Diff
diff --git a/securityhub/latest/userguide/exposure-findings-supported-traits.md b/securityhub/latest/userguide/exposure-findings-supported-traits.md index cb563da83..7811b0ca3 100644 --- a//securityhub/latest/userguide/exposure-findings-supported-traits.md +++ b//securityhub/latest/userguide/exposure-findings-supported-traits.md @@ -15,4 +15,5 @@ Trait type | Description | Source | Impacted resources -Misconfiguration | Indicates a misconfigured resource. | Security Hub CSPM control findings and information about resource confirmation in AWS Config. | All resource types. -Reachability | Indicates open network paths to a resource. | Security Hub CSPM control findings and Amazon Inspector network reachability findings. | Amazon EC2 instances -Sensitive Data | Indicates that a resource contains sensitive data. | Macie sensitive data findings. | Amazon S3 buckets -Vulnerability | Indicates that a resource is exposed to Common Vulnerabilities and Exposure (CVEs). | Amazon Inspector package vulnerability findings. | Amazon EC2 instances, Amazon ECS services, Amazon EKS clusters, and Lambda functions +Assumability | Indicates a resource with vended AWS Identity and Access Management permissions | Resource configuration from AWS Config | AWS resources with associated AWS Identity and Access Management roles +Misconfiguration | Indicates a misconfigured resource | Security Hub CSPM control findings | All resource types +Reachability | Indicates open network paths to a resource | Security Hub CSPM control findings and Amazon Inspector network reachability findings | Amazon EC2 instances +Sensitive Data | Indicates that a resource contains sensitive data | Macie sensitive data findings | Amazon S3 buckets +Vulnerability | Indicates that a resource is exposed to Common Vulnerabilities and Exposure (CVEs) | Amazon Inspector package vulnerability findings | Amazon EC2 instances, Amazon ECS services, Amazon EKS clusters, and Lambda functions