How can I resolve the error "seek path [detail findings] failed" when connecting AWS Security Hub to Panther via EventBridge and SNS?

Last updated: February 9, 2026

Issue

When onboarding AWS Security Hub logs to Panther using EventBridge and SNS, the following error occurs:

seek path [detail findings] failed: invalid stream: seekJSONPath: key "detail" not found, error found in #10 byte of ...|12345"}|..., bigger context ...|curity-hub:12344abcdrg"}|...

Resolution

To resolve this issue:

  1. Navigate to your SNS topic subscription settings in the AWS Console

  2. Enable Raw message delivery for the SNS subscription that sends Security Hub findings to your SQS queue

Cause

This error occurs when Raw message delivery is not enabled in the SNS subscription.

For AWS Security Hub logs using the AWS.SecurityFindingFormat parser, Panther expects the payload to arrive in this structure:

{  "detail": {    "findings": [event1, event2]  }}

Without Raw message delivery enabled, the SNS wrapper prevents Panther from finding the detail key at the expected location, causing the parser to fail.