GETFINDINGHISTORY()`¶

About GetFindingHistory¶

Returns the history of a Security Hub finding. The history includes changes made to any fields in the Amazon Web Services Security Finding Format (ASFF) except top-level timestamp fields, such as the CreatedAt and UpdatedAt fields.

This operation might return fewer results than the maximum number of results (MaxResults) specified in a request, even when more results are available. If this occurs, the response includes a NextToken value, which you should use to retrieve the next set of results in the response. The presence of a NextToken value in a response doesn't necessarily indicate that the results are incomplete. However, you should continue to specify a NextToken value until you receive a response that doesn't include this value.

Method Signature¶

IMPORTING¶

Required arguments:¶

`io_findingidentifier` `TYPE REF TO /AWS1/CL_SHBAWSSECFINDINGID` `/AWS1/CL_SHBAWSSECFINDINGID`¶

FindingIdentifier

Optional arguments:¶

`iv_starttime` `TYPE /AWS1/SHBTIMESTAMP` `/AWS1/SHBTIMESTAMP`¶

A timestamp that indicates the start time of the requested finding history.

If you provide values for both StartTime and EndTime, Security Hub returns finding history for the specified time period. If you provide a value for StartTime but not for EndTime, Security Hub returns finding history from the StartTime to the time at which the API is called. If you provide a value for EndTime but not for StartTime, Security Hub returns finding history from the CreatedAt timestamp of the finding to the EndTime. If you provide neither StartTime nor EndTime, Security Hub returns finding history from the CreatedAt timestamp of the finding to the time at which the API is called. In all of these scenarios, the response is limited to 100 results.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

`iv_endtime` `TYPE /AWS1/SHBTIMESTAMP` `/AWS1/SHBTIMESTAMP`¶

An ISO 8601-formatted timestamp that indicates the end time of the requested finding history.

If you provide values for both StartTime and EndTime, Security Hub returns finding history for the specified time period. If you provide a value for StartTime but not for EndTime, Security Hub returns finding history from the StartTime to the time at which the API is called. If you provide a value for EndTime but not for StartTime, Security Hub returns finding history from the CreatedAt timestamp of the finding to the EndTime. If you provide neither StartTime nor EndTime, Security Hub returns finding history from the CreatedAt timestamp of the finding to the time at which the API is called. In all of these scenarios, the response is limited to 100 results.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

`iv_nexttoken` `TYPE /AWS1/SHBNEXTTOKEN` `/AWS1/SHBNEXTTOKEN`¶

A token for pagination purposes. Provide NULL as the initial value. In subsequent requests, provide the token included in the response to get up to an additional 100 results of finding history. If you don’t provide NextToken, Security Hub returns up to 100 results of finding history for each request.

`iv_maxresults` `TYPE /AWS1/SHBMAXRESULTS` `/AWS1/SHBMAXRESULTS`¶

The maximum number of results to be returned. If you don’t provide it, Security Hub returns up to 100 results of finding history.

RETURNING¶

`oo_output` `TYPE REF TO /aws1/cl_shbgetfndghistoryrsp` `/AWS1/CL_SHBGETFNDGHISTORYRSP`¶

Domain /AWS1/RT_ACCOUNT_ID

Primitive Type NUMC

Examples¶

Syntax Example¶

This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.

DATA(lo_result) = lo_client->/aws1/if_shb~getfindinghistory(
  io_findingidentifier = new /aws1/cl_shbawssecfindingid(
    iv_id = |string|
    iv_productarn = |string|
  )
  iv_endtime = '20150101000000.0000000'
  iv_maxresults = 123
  iv_nexttoken = |string|
  iv_starttime = '20150101000000.0000000'
).

This is an example of reading all possible response values

lo_result = lo_result.
IF lo_result IS NOT INITIAL.
  LOOP AT lo_result->get_records( ) into lo_row.
    lo_row_1 = lo_row.
    IF lo_row_1 IS NOT INITIAL.
      lo_awssecurityfindingident = lo_row_1->get_findingidentifier( ).
      IF lo_awssecurityfindingident IS NOT INITIAL.
        lv_nonemptystring = lo_awssecurityfindingident->get_id( ).
        lv_nonemptystring = lo_awssecurityfindingident->get_productarn( ).
      ENDIF.
      lv_timestamp = lo_row_1->get_updatetime( ).
      lv_boolean = lo_row_1->get_findingcreated( ).
      lo_findinghistoryupdatesou = lo_row_1->get_updatesource( ).
      IF lo_findinghistoryupdatesou IS NOT INITIAL.
        lv_findinghistoryupdatesou_1 = lo_findinghistoryupdatesou->get_type( ).
        lv_nonemptystring = lo_findinghistoryupdatesou->get_identity( ).
      ENDIF.
      LOOP AT lo_row_1->get_updates( ) into lo_row_2.
        lo_row_3 = lo_row_2.
        IF lo_row_3 IS NOT INITIAL.
          lv_nonemptystring = lo_row_3->get_updatedfield( ).
          lv_nonemptystring = lo_row_3->get_oldvalue( ).
          lv_nonemptystring = lo_row_3->get_newvalue( ).
        ENDIF.
      ENDLOOP.
      lv_nexttoken = lo_row_1->get_nexttoken( ).
    ENDIF.
  ENDLOOP.
  lv_nexttoken = lo_result->get_nexttoken( ).
ENDIF.

/AWS1/IF_SHB=>GETFINDINGHISTORY()¶