By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Security Hub controls marked as RESOLVED do not go away.

0

I have lots of findings in different controls that have been resolved. So I set their workflow as RESOLVED. Days latter I am still seeing them marked RESOLVED and they are truly resolved.

Why are they not getting marked as PASSED?

Topics
Security, Identity, & Compliance
Tags
AWS Security Hub
Language
English
rePost-User-7973960
asked 5 months ago155 views
1 Answer
0
Accepted Answer

Security Hub uses the Compliance.Status value from each control's findings to determine the overall control status. The Overall control status is Passed when all findings have a Compliance.Status of PASSED.

Security Hub > Controls > Search for the control ID eg. EC2.19 > Check the Compliance Status of all the Checks

For administrator accounts, the control status reflects the aggregated status across both the administrator account and all of the member accounts.

If you have set an aggregation Region, control statuses in the aggregation Region reflect control statuses across all of your linked Regions. Specifically, the overall status of a control appears as Failed if the control has one or more failed findings in at least one account and one linked Region.

Also Security Hub updates the control status every 24 hours based on the findings from the previous 24 hours.

[+] Determining the overall status of a control from its findings - https://docs.aws.amazon.com/securityhub/latest/userguide/controls-overall-status.html

profile picture
Navya Shukla
answered 5 months ago
profile picture
EXPERT
Gary Mclean
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content