SecurityHub / Client / get_finding_history
get_finding_history#
- SecurityHub.Client.get_finding_history(**kwargs)#
Returns history for a Security Hub finding in the last 90 days. The history includes changes made to any fields in the Amazon Web Services Security Finding Format (ASFF).
See also: AWS API Documentation
Request Syntax
response = client.get_finding_history( FindingIdentifier={ 'Id': 'string', 'ProductArn': 'string' }, StartTime=datetime(2015, 1, 1), EndTime=datetime(2015, 1, 1), NextToken='string', MaxResults=123 )
- Parameters:
FindingIdentifier (dict) –
[REQUIRED]
Identifies which finding to get the finding history for.
Id (string) – [REQUIRED]
The identifier of the finding that was specified by the finding provider.
ProductArn (string) – [REQUIRED]
The ARN generated by Security Hub that uniquely identifies a product that generates findings. This can be the ARN for a third-party product that is integrated with Security Hub, or the ARN for a custom integration.
StartTime (datetime) –
An ISO 8601-formatted timestamp that indicates the start time of the requested finding history. A correctly formatted example is
2020-05-21T20:16:34.724Z
. The value cannot contain spaces, and date and time should be separated byT
. For more information, see RFC 3339 section 5.6, Internet Date/Time Format.If you provide values for both
StartTime
andEndTime
, Security Hub returns finding history for the specified time period. If you provide a value forStartTime
but not forEndTime
, Security Hub returns finding history from theStartTime
to the time at which the API is called. If you provide a value forEndTime
but not forStartTime
, Security Hub returns finding history from the CreatedAt timestamp of the finding to theEndTime
. If you provide neitherStartTime
norEndTime
, Security Hub returns finding history from the CreatedAt timestamp of the finding to the time at which the API is called. In all of these scenarios, the response is limited to 100 results, and the maximum time period is limited to 90 days.EndTime (datetime) –
An ISO 8601-formatted timestamp that indicates the end time of the requested finding history. A correctly formatted example is
2020-05-21T20:16:34.724Z
. The value cannot contain spaces, and date and time should be separated byT
. For more information, see RFC 3339 section 5.6, Internet Date/Time Format.If you provide values for both
StartTime
andEndTime
, Security Hub returns finding history for the specified time period. If you provide a value forStartTime
but not forEndTime
, Security Hub returns finding history from theStartTime
to the time at which the API is called. If you provide a value forEndTime
but not forStartTime
, Security Hub returns finding history from the CreatedAt timestamp of the finding to theEndTime
. If you provide neitherStartTime
norEndTime
, Security Hub returns finding history from the CreatedAt timestamp of the finding to the time at which the API is called. In all of these scenarios, the response is limited to 100 results, and the maximum time period is limited to 90 days.NextToken (string) – A token for pagination purposes. Provide
NULL
as the initial value. In subsequent requests, provide the token included in the response to get up to an additional 100 results of finding history. If you don’t provideNextToken
, Security Hub returns up to 100 results of finding history for each request.MaxResults (integer) – The maximum number of results to be returned. If you don’t provide it, Security Hub returns up to 100 results of finding history.
- Return type:
dict
- Returns:
Response Syntax
{ 'Records': [ { 'FindingIdentifier': { 'Id': 'string', 'ProductArn': 'string' }, 'UpdateTime': datetime(2015, 1, 1), 'FindingCreated': True|False, 'UpdateSource': { 'Type': 'BATCH_UPDATE_FINDINGS'|'BATCH_IMPORT_FINDINGS', 'Identity': 'string' }, 'Updates': [ { 'UpdatedField': 'string', 'OldValue': 'string', 'NewValue': 'string' }, ], 'NextToken': 'string' }, ], 'NextToken': 'string' }
Response Structure
(dict) –
Records (list) –
A list of events that altered the specified finding during the specified time period.
(dict) –
A list of events that changed the specified finding during the specified time period. Each record represents a single finding change event.
FindingIdentifier (dict) –
Identifies which finding to get the finding history for.
Id (string) –
The identifier of the finding that was specified by the finding provider.
ProductArn (string) –
The ARN generated by Security Hub that uniquely identifies a product that generates findings. This can be the ARN for a third-party product that is integrated with Security Hub, or the ARN for a custom integration.
UpdateTime (datetime) –
An ISO 8601-formatted timestamp that indicates when Security Hub processed the updated finding record.
A correctly formatted example is
2020-05-21T20:16:34.724Z
. The value cannot contain spaces, and date and time should be separated byT
. For more information, see RFC 3339 section 5.6, Internet Date/Time Format.FindingCreated (boolean) –
Identifies whether the event marks the creation of a new finding. A value of
True
means that the finding is newly created. A value ofFalse
means that the finding isn’t newly created.UpdateSource (dict) –
Identifies the source of the event that changed the finding. For example, an integrated Amazon Web Service or third-party partner integration may call BatchImportFindings, or an Security Hub customer may call BatchUpdateFindings.
Type (string) –
Describes the type of finding change event, such as a call to BatchImportFindings (by an integrated Amazon Web Service or third party partner integration) or BatchUpdateFindings (by a Security Hub customer).
Identity (string) –
The identity of the source that initiated the finding change event. For example, the Amazon Resource Name (ARN) of a partner that calls BatchImportFindings or of a customer that calls BatchUpdateFindings.
Updates (list) –
An array of objects that provides details about the finding change event, including the Amazon Web Services Security Finding Format (ASFF) field that changed, the value of the field before the change, and the value of the field after the change.
(dict) –
An array of objects that provides details about a change to a finding, including the Amazon Web Services Security Finding Format (ASFF) field that changed, the value of the field before the change, and the value of the field after the change.
UpdatedField (string) –
The ASFF field that changed during the finding change event.
OldValue (string) –
The value of the ASFF field before the finding change event.
NewValue (string) –
The value of the ASFF field after the finding change event. To preserve storage and readability, Security Hub omits this value if FindingHistoryRecord exceeds database limits.
NextToken (string) –
A token for pagination purposes. Provide this token in the subsequent request to GetFindingsHistory to get up to an additional 100 results of history for the same finding that you specified in your initial request.
NextToken (string) –
A token for pagination purposes. Provide this token in the subsequent request to
GetFindingsHistory
to get up to an additional 100 results of history for the same finding that you specified in your initial request.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException