diff --git a/SecurityHub_CISPlaybooks_CloudFormation.yaml b/SecurityHub_CISPlaybooks_CloudFormation.yaml
index c7f8281..987ce9f 100644
--- a/SecurityHub_CISPlaybooks_CloudFormation.yaml
+++ b/SecurityHub_CISPlaybooks_CloudFormation.yaml
@@ -1607,7 +1607,7 @@ Resources:
               # import lambda env var
               lambdaFunctionName = os.environ['AWS_LAMBDA_FUNCTION_NAME']
               # parse details from sechub finding
-              myDefaultSecGroupId = str(event['detail']['findings'][0]['Resources'][0]['Details']['Other']['groupId'])
+              myDefaultSecGroupId = str(event['detail']['findings'][0]['Resources'][0]['Details']['AwsEc2SecurityGroup']['GroupId'])
               findingId = str(event['detail']['findings'][0]['Id'])
               try:
                   # sg ec2 resource object
@@ -1714,4 +1714,4 @@ Resources:
       SourceArn: 
         Fn::GetAtt: 
           - "CIS43RREventRule"
-          - "Arn"
\ No newline at end of file
+          - "Arn"