# Supported trait types in Security Hub
<a name="exposure-findings-supported-traits"></a>

AWS Security Hub generates an exposure finding when AWS Security Hub CSPM control findings and findings generated by other supported AWS services, such as Amazon Inspector, contain exposure traits for a resource. The following table provides information about the supported trait types. 


| Trait type | Description | Source | Impacted resources | 
| --- | --- | --- | --- | 
|  Assumability  |  Indicates a resource with vended AWS Identity and Access Management permissions  |  Resource configuration from AWS Config  |  AWS resources with associated AWS Identity and Access Management roles  | 
|  Misconfiguration  |  Indicates a misconfigured resource  |  AWS Security Hub CSPM control findings, Amazon GuardDuty threat findings, and information about resource confirmation in AWS Config.  |  All resource types  | 
|  Reachability  |  Indicates open network paths to a resource  |  AWS Security Hub CSPM control findings, Amazon GuardDuty threat findings, and Amazon Inspector network reachability findings.  |  Amazon EC2 instances, Amazon EKS clusters, Lambda functions, and Amazon S3 buckets  | 
|  Sensitive Data  |  Indicates that a resource contains sensitive data  |  Macie sensitive data findings  | Amazon S3 buckets | 
| Vulnerability |  Indicates that a resource has a weakness which could be exploited by a threat source.  |  Amazon Inspector package vulnerability findings and Amazon GuardDuty Amazon EC2 Malware findings.  |  Amazon EC2 instances, Amazon ECS services, Amazon EKS clusters, and Lambda functions  | 

 Each trait can be associated with multiple titles that provide details about the exposure affecting the resource. For example, you might see an **Exploit Available** title for the **Vulnerability** trait in the details for an EC2 exposure finding.