AWS Security Academy · Lesson

The ASFF Finding Format

Read the normalized format that unifies findings from every source.

Why a Common Format

Security Hub aggregates findings from dozens of sources, each with its own structure. To make them comparable it converts everything into one schema: the AWS Security Finding Format (ASFF). Understanding ASFF lets you read, filter, and automate on any finding regardless of where it came from.

What ASFF Is

ASFF is a standardized JSON structure with defined fields that every finding must populate. Because the fields are consistent, you can write one set of rules, filters, or automations that work across GuardDuty, Macie, Inspector, and partner findings alike.

All lessons in this course

What Security Hub Aggregates
Security Standards and Compliance Scores
The ASFF Finding Format
Insights and Custom Finding Actions

← Back to AWS Security Academy