FindingHistoryRecord - AWS Security Hub

FindingHistoryRecord

A list of events that changed the specified finding during the specified time period. Each record represents a single finding change event.

Contents

FindingCreated

Identifies whether the event marks the creation of a new finding. A value of True means that the finding is newly created. A value of False means that the finding isn’t newly created.

Type: Boolean

Required: No

FindingIdentifier

Identifies which finding to get the finding history for.

Type: AwsSecurityFindingIdentifier object

Required: No

NextToken

A token for pagination purposes. Provide this token in the subsequent request to GetFindingsHistory to get up to an additional 100 results of history for the same finding that you specified in your initial request.

Type: String

Required: No

Updates

An array of objects that provides details about the finding change event, including the AWS Security Finding Format (ASFF) field that changed, the value of the field before the change, and the value of the field after the change.

Type: Array of FindingHistoryUpdate objects

Required: No

UpdateSource

Identifies the source of the event that changed the finding. For example, an integrated AWS service or third-party partner integration may call BatchImportFindings, or an AWS Security Hub customer may call BatchUpdateFindings.

Type: FindingHistoryUpdateSource object

Required: No

UpdateTime

A timestamp that indicates when Security Hub processed the updated finding record.

This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:

  • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z)

  • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59)

  • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59)

If a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round 2024-10-31T23:00:00.123456789Z to 2024-10-31T23:00:00.123Z.

Type: Timestamp

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: