Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Amazon AWS Security Hub Sample Event Message

Use these sample event messages as a way of verifying a successful integration with JSA.

The following table provides a sample event message when you use the Amazon Web Services protocol for the Amazon AWS Security Hub DSM

Table 1: Amazon AWS Security Hub Sample Message Supported by Amazon AWS Security Hub.

Event name

Low level category

Sample log message

Updated Finding

Security Protocol

{LogStreamName: SecurityHubLogStream,Timestamp:
1568035216780,Message:
{"version":"0","id":"2b91a1e3-38d5-0160-
7d19-8b21b5359b4c","detail-type":"Security Hub
Findings - Impor
ted","source":"aws.securityhub","account":
"111111111111","time"
:"2019-09-09T13:20:16Z","region":"useast-
1","resources":["...
"],"detail":{"findings":
[{"SchemaVersion":"2018-10-08","Id":".
..","ProductArn":"arn:aws:securityhub:useast-
1::product/aws/g
uardduty","GeneratorId":"...","AwsAccountId":"111
111111111","T
ypes":["TTPs/UnauthorizedAccess:IAMUser-
MaliciousIPCaller.Cust
om"],"FirstObservedAt":"2019-04-22T18:52:24.444Z","
LastObserve
dAt":"...","CreatedAt":"...","UpdatedAt":"...","Sever
ity":{"Product":5,"Normalized":50},"Title":"API
Generated
FindingAPIName was invoked from an IP address on a
custom
threat list.","Description":"API was invoked from an
IP ad
dress on the custom threat list.","ProductFields":
{},"Res
ources":
[{"Type":"AwsIamAccessKey","Id":"AWS::IAM::Access
Key:GeneratedFindingAccessKeyId","Partition":"aws",
"Region":"us-east-1","Details":{"AwsIamAccessKey":
{"UserName":"GeneratedFindingAWSService"}}}],"RecordSt
ate":"ACTIVE","WorkflowState":"NEW","approximateArriva
lTimestamp":1568035214.555}]}},IngestionTime:
15680352
16790,EventId:
349683538317335097971020828834079158036
95330140453142528}