{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://raw.githubusercontent.com/api-evangelist/amazon-security-hub/refs/heads/main/json-schema/amazon-security-hub-finding-schema.json",
  "title": "Finding",
  "description": "An AWS Security Finding Format (ASFF) finding object that provides a normalized format for security findings.",
  "type": "object",
  "properties": {
    "SchemaVersion": {
      "type": "string",
      "description": "The schema version that a finding is formatted for."
    },
    "Id": {
      "type": "string",
      "description": "The identifier for the finding."
    },
    "ProductArn": {
      "type": "string",
      "description": "The ARN generated by Security Hub for the product that generated the finding."
    },
    "GeneratorId": {
      "type": "string",
      "description": "The identifier for the solution-specific component that generated the finding."
    },
    "AwsAccountId": {
      "type": "string",
      "description": "The AWS account ID where the finding was generated."
    },
    "Types": {
      "type": "array",
      "description": "One or more finding types in the format of namespace/category/classifier.",
      "items": {
        "type": "string"
      }
    },
    "CreatedAt": {
      "type": "string",
      "format": "date-time",
      "description": "Indicates when the finding was created."
    },
    "UpdatedAt": {
      "type": "string",
      "format": "date-time",
      "description": "Indicates when the finding was most recently updated."
    },
    "Severity": {
      "type": "object",
      "description": "The severity of the finding.",
      "properties": {
        "Label": {
          "type": "string",
          "enum": [
            "INFORMATIONAL",
            "LOW",
            "MEDIUM",
            "HIGH",
            "CRITICAL"
          ]
        },
        "Normalized": {
          "type": "integer",
          "minimum": 0,
          "maximum": 100
        }
      }
    },
    "Title": {
      "type": "string",
      "description": "A finding title."
    },
    "Description": {
      "type": "string",
      "description": "A finding description."
    },
    "Resources": {
      "type": "array",
      "description": "A set of resource data types describing the resources the finding refers to.",
      "items": {
        "type": "object",
        "properties": {
          "Type": {
            "type": "string"
          },
          "Id": {
            "type": "string"
          },
          "Partition": {
            "type": "string"
          },
          "Region": {
            "type": "string"
          },
          "Details": {
            "type": "object"
          }
        }
      }
    },
    "Compliance": {
      "type": "object",
      "properties": {
        "Status": {
          "type": "string",
          "enum": [
            "PASSED",
            "WARNING",
            "FAILED",
            "NOT_AVAILABLE"
          ]
        },
        "RelatedRequirements": {
          "type": "array",
          "items": {
            "type": "string"
          }
        }
      }
    },
    "Workflow": {
      "type": "object",
      "properties": {
        "Status": {
          "type": "string",
          "enum": [
            "NEW",
            "NOTIFIED",
            "RESOLVED",
            "SUPPRESSED"
          ]
        }
      }
    },
    "RecordState": {
      "type": "string",
      "enum": [
        "ACTIVE",
        "ARCHIVED"
      ]
    }
  },
  "required": [
    "SchemaVersion",
    "Id",
    "ProductArn",
    "GeneratorId",
    "AwsAccountId",
    "CreatedAt",
    "UpdatedAt",
    "Severity",
    "Title",
    "Description",
    "Resources"
  ]
}