AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2025-12-10 · Documentation low

File: securityhub/latest/partnerguide/guidelines-asff-mapping.md

Summary

Updated references from 'Security Hub' to 'Security Hub CSPM' throughout the document, including user guide references, console mentions, and team contacts.

Security assessment

Changes are purely rebranding/naming updates (Security Hub → Security Hub CSPM) without modifying security guidance, vulnerability details, or security controls. No evidence of security vulnerability fixes or new security features.

Diff

diff --git a/securityhub/latest/partnerguide/guidelines-asff-mapping.md b/securityhub/latest/partnerguide/guidelines-asff-mapping.md
index da073b87e..aae613636 100644
--- a//securityhub/latest/partnerguide/guidelines-asff-mapping.md
+++ b//securityhub/latest/partnerguide/guidelines-asff-mapping.md
@@ -9 +9 @@ Identifying informationTitle and DescriptionFinding typesTimestampsSeverityRemed
-Use the following guidelines to map your findings to the ASFF. For detailed descriptions of each ASFF field and object, see [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) in the _AWS Security Hub User Guide_.
+Use the following guidelines to map your findings to the ASFF. For detailed descriptions of each ASFF field and object, see [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) in the _AWS Security Hub CSPM User Guide_.
@@ -15 +15 @@ Use the following guidelines to map your findings to the ASFF. For detailed desc
-`ProductArn` is the ARN that AWS Security Hub assigns to you.
+`ProductArn` is the ARN that AWS Security Hub CSPM assigns to you.
@@ -17 +17 @@ Use the following guidelines to map your findings to the ASFF. For detailed desc
-`Id` is the value that Security Hub uses to index findings. The finding identifier must be unique, to ensure that other findings are not overwritten. To update a finding, resubmit the finding with the same identifier.
+`Id` is the value that Security Hub CSPM uses to index findings. The finding identifier must be unique, to ensure that other findings are not overwritten. To update a finding, resubmit the finding with the same identifier.
@@ -75 +75 @@ The severity value from your system. `Original` can be any string, to accommodat
-The required Security Hub indicator of the finding severity. The allowed values are as follows.
+The required Security Hub CSPM indicator of the finding severity. The allowed values are as follows.
@@ -98 +98 @@ Your integration documentation must include your mapping rationale.
-`Remediation` has two elements. These elements are combined on the Security Hub console.
+`Remediation` has two elements. These elements are combined on the Security Hub CSPM console.
@@ -102 +102 @@ Your integration documentation must include your mapping rationale.
-Currently, only findings from Security Hub standards, IAM Access Analyzer, and Firewall Manager display hyperlinks to documentation on how to remediate the finding.
+Currently, only findings from Security Hub CSPM standards, IAM Access Analyzer, and Firewall Manager display hyperlinks to documentation on how to remediate the finding.
@@ -108 +108 @@ Only use `SourceUrl` if you can provide a deep-linked URL to your console for th
-Security Hub does not support hyperlinks from this field, but it is exposed on the Security Hub console.
+Security Hub CSPM does not support hyperlinks from this field, but it is exposed on the Security Hub CSPM console.
@@ -112 +112 @@ Security Hub does not support hyperlinks from this field, but it is exposed on t
-Where applicable, use `Malware`, `Network`, `Process`, or `ThreatIntelIndicators`. Each of these objects is exposed in the Security Hub console. Use these objects in the context of the finding that you are sending.
+Where applicable, use `Malware`, `Network`, `Process`, or `ThreatIntelIndicators`. Each of these objects is exposed in the Security Hub CSPM console. Use these objects in the context of the finding that you are sending.
@@ -157 +157 @@ Indicates the type of malware. The allowed values are `ADWARE` | `BLENDED_THREAT
-If you need an additional value for `Type`, contact the Security Hub team.
+If you need an additional value for `Type`, contact the Security Hub CSPM team.
@@ -247 +247 @@ Create two `ThreatIntelIndicator` objects. One is for the malware. The other is
-For `Resources`, use our provided resource types and detail fields whenever possible. Security Hub is constantly adding new resources to the ASFF. To receive a monthly log of the changes to ASFF, contact `<[[email protected]](mailto:[email protected])>`.
+For `Resources`, use our provided resource types and detail fields whenever possible. Security Hub CSPM is constantly adding new resources to the ASFF. To receive a monthly log of the changes to ASFF, contact `<[[email protected]](mailto:[email protected])>`.
@@ -265 +265 @@ Only use `Compliance` if your findings are related to compliance.
-Security Hub uses `Compliance` for the findings it generates based on controls.
+Security Hub CSPM uses `Compliance` for the findings it generates based on controls.
@@ -292 +292 @@ For these fields, map to the fields that are in the `FindingProviderFields` obje
-  * `RelatedFindings` – Only provide related findings if you can keep track of findings related to the same resource or finding type. To identify a related finding, you must refer to the finding identifier of a finding that is already in Security Hub.
+  * `RelatedFindings` – Only provide related findings if you can keep track of findings related to the same resource or finding type. To identify a related finding, you must refer to the finding identifier of a finding that is already in Security Hub CSPM.