Filtering and grouping findings in Security Hub
You can display a list of findings on the Findings page, Integrations page, and Insights page of the AWS Security Hub console. The findings lists are pre-filtered based on the record state and workflow status. This is in addition to the filters for an insight or integration.
Record state indicates whether a finding is active or archived. By default, a finding list only shows active findings. A finding provider can archive a finding if it's no longer active or important. Security Hub also automatically archives control findings if the associated resource is deleted.
Workflow status indicates the status of an investigation into a finding. By default, a finding list only shows findings with a workflow status of NEW
or NOTIFIED
. You can update the workflow
status of a finding.
If you enabled finding aggregation and are signed in to the aggregation Region, you can filter findings by Region on the Findings and Insights pages.
For information about working with control findings, see Filtering and sorting control findings. The information in this sections applies to finding lists on the Findings, Insights, and Integrations pages.