- Newest
- Most votes
- Most comments
There are conditions for an automatic deletion. AWS Security Hub findings backed by AWS Config are automatically archived when AWS Config identifies that a resource has been deleted. However, for some AWS service integrations, such as Amazon GuardDuty and third-party partner products, findings aren’t automatically resolved or archived when a resource is deleted. This can result in orphaned findings for resources that no longer exist: https://docs.aws.amazon.com/securityhub/latest/userguide/controls-findings-create-update.html#securityhub-standards-results-updating
Here is a blog post you can review in order to control the deletion workflow: https://aws.amazon.com/blogs/security/automatically-resolve-security-hub-findings-for-resources-that-no-longer-exist/
Hope it helps,
Jon
Currently, we are using the Security hub Automation feature to resolve those findings. AWS Security Hub launches a new capability for automating actions to update findings | AWS Security Blog https://aws.amazon.com/blogs/security/aws-security-hub-launches-a-new-capability-for-automating-actions-to-update-findings/
Relevant content
- Accepted Answerasked 2 years ago
AWS OFFICIALUpdated 10 months ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago
