@aws-sdk/client-securityhub 3.325.0 → 3.327.0

package/dist-types/commands/UntagResourceCommand.d.ts

@@ -34,6 +34,8 @@ export interface UntagResourceCommandOutput extends UntagResourceResponse, __Met
  * };
  * const command = new UntagResourceCommand(input);
  * const response = await client.send(command);
+ * // {};
+ *
  * ```
  *
  * @param UntagResourceCommandInput - {@link UntagResourceCommandInput}
@@ -52,6 +54,8 @@ export interface UntagResourceCommandOutput extends UntagResourceResponse, __Met
  * @throws {@link ResourceNotFoundException} (client fault)
  *  <p>The request was rejected because we can't find the specified resource.</p>
  *
+ * @throws {@link SecurityHubServiceException}
+ * <p>Base exception class for all service exceptions from SecurityHub service.</p>
  *
  * @example To remove tags from a resource
  * ```javascript

package/dist-types/commands/UpdateActionTargetCommand.d.ts

@@ -33,6 +33,8 @@ export interface UpdateActionTargetCommandOutput extends UpdateActionTargetRespo
  * };
  * const command = new UpdateActionTargetCommand(input);
  * const response = await client.send(command);
+ * // {};
+ *
  * ```
  *
  * @param UpdateActionTargetCommandInput - {@link UpdateActionTargetCommandInput}
@@ -54,6 +56,8 @@ export interface UpdateActionTargetCommandOutput extends UpdateActionTargetRespo
  * @throws {@link ResourceNotFoundException} (client fault)
  *  <p>The request was rejected because we can't find the specified resource.</p>
  *
+ * @throws {@link SecurityHubServiceException}
+ * <p>Base exception class for all service exceptions from SecurityHub service.</p>
  *
  * @example To update the name and description of a custom action target
  * ```javascript

package/dist-types/commands/UpdateFindingAggregatorCommand.d.ts

@@ -37,6 +37,15 @@ export interface UpdateFindingAggregatorCommandOutput extends UpdateFindingAggre
  * };
  * const command = new UpdateFindingAggregatorCommand(input);
  * const response = await client.send(command);
+ * // { // UpdateFindingAggregatorResponse
+ * //   FindingAggregatorArn: "STRING_VALUE",
+ * //   FindingAggregationRegion: "STRING_VALUE",
+ * //   RegionLinkingMode: "STRING_VALUE",
+ * //   Regions: [ // StringList
+ * //     "STRING_VALUE",
+ * //   ],
+ * // };
+ *
  * ```
  *
  * @param UpdateFindingAggregatorCommandInput - {@link UpdateFindingAggregatorCommandInput}
@@ -65,6 +74,8 @@ export interface UpdateFindingAggregatorCommandOutput extends UpdateFindingAggre
  * @throws {@link ResourceNotFoundException} (client fault)
  *  <p>The request was rejected because we can't find the specified resource.</p>
  *
+ * @throws {@link SecurityHubServiceException}
+ * <p>Base exception class for all service exceptions from SecurityHub service.</p>
  *
  * @example To update cross-Region aggregation settings
  * ```javascript

package/dist-types/commands/UpdateFindingsCommand.d.ts

@@ -291,6 +291,8 @@ export interface UpdateFindingsCommandOutput extends UpdateFindingsResponse, __M
  * };
  * const command = new UpdateFindingsCommand(input);
  * const response = await client.send(command);
+ * // {};
+ *
  * ```
  *
  * @param UpdateFindingsCommandInput - {@link UpdateFindingsCommandInput}
@@ -316,6 +318,8 @@ export interface UpdateFindingsCommandOutput extends UpdateFindingsResponse, __M
  * @throws {@link ResourceNotFoundException} (client fault)
  *  <p>The request was rejected because we can't find the specified resource.</p>
  *
+ * @throws {@link SecurityHubServiceException}
+ * <p>Base exception class for all service exceptions from SecurityHub service.</p>
  *
  */
 export declare class UpdateFindingsCommand extends $Command<UpdateFindingsCommandInput, UpdateFindingsCommandOutput, SecurityHubClientResolvedConfig> {

package/dist-types/commands/UpdateInsightCommand.d.ts

@@ -284,6 +284,8 @@ export interface UpdateInsightCommandOutput extends UpdateInsightResponse, __Met
  * };
  * const command = new UpdateInsightCommand(input);
  * const response = await client.send(command);
+ * // {};
+ *
  * ```
  *
  * @param UpdateInsightCommandInput - {@link UpdateInsightCommandInput}
@@ -309,6 +311,8 @@ export interface UpdateInsightCommandOutput extends UpdateInsightResponse, __Met
  * @throws {@link ResourceNotFoundException} (client fault)
  *  <p>The request was rejected because we can't find the specified resource.</p>
  *
+ * @throws {@link SecurityHubServiceException}
+ * <p>Base exception class for all service exceptions from SecurityHub service.</p>
  *
  * @example To update an insight
  * ```javascript

package/dist-types/commands/UpdateOrganizationConfigurationCommand.d.ts

@@ -33,6 +33,8 @@ export interface UpdateOrganizationConfigurationCommandOutput extends UpdateOrga
  * };
  * const command = new UpdateOrganizationConfigurationCommand(input);
  * const response = await client.send(command);
+ * // {};
+ *
  * ```
  *
  * @param UpdateOrganizationConfigurationCommandInput - {@link UpdateOrganizationConfigurationCommandInput}
@@ -55,6 +57,8 @@ export interface UpdateOrganizationConfigurationCommandOutput extends UpdateOrga
  *  <p>The request was rejected because it attempted to create resources beyond the current Amazon Web Services
  *          account or throttling limits. The error code describes the limit exceeded.</p>
  *
+ * @throws {@link SecurityHubServiceException}
+ * <p>Base exception class for all service exceptions from SecurityHub service.</p>
  *
  * @example To update organization configuration
  * ```javascript

package/dist-types/commands/UpdateSecurityHubConfigurationCommand.d.ts

@@ -32,6 +32,8 @@ export interface UpdateSecurityHubConfigurationCommandOutput extends UpdateSecur
  * };
  * const command = new UpdateSecurityHubConfigurationCommand(input);
  * const response = await client.send(command);
+ * // {};
+ *
  * ```
  *
  * @param UpdateSecurityHubConfigurationCommandInput - {@link UpdateSecurityHubConfigurationCommandInput}
@@ -57,6 +59,8 @@ export interface UpdateSecurityHubConfigurationCommandOutput extends UpdateSecur
  * @throws {@link ResourceNotFoundException} (client fault)
  *  <p>The request was rejected because we can't find the specified resource.</p>
  *
+ * @throws {@link SecurityHubServiceException}
+ * <p>Base exception class for all service exceptions from SecurityHub service.</p>
  *
  * @example To update Security Hub settings
  * ```javascript

package/dist-types/commands/UpdateStandardsControlCommand.d.ts

@@ -34,6 +34,8 @@ export interface UpdateStandardsControlCommandOutput extends UpdateStandardsCont
  * };
  * const command = new UpdateStandardsControlCommand(input);
  * const response = await client.send(command);
+ * // {};
+ *
  * ```
  *
  * @param UpdateStandardsControlCommandInput - {@link UpdateStandardsControlCommandInput}
@@ -55,6 +57,8 @@ export interface UpdateStandardsControlCommandOutput extends UpdateStandardsCont
  * @throws {@link ResourceNotFoundException} (client fault)
  *  <p>The request was rejected because we can't find the specified resource.</p>
  *
+ * @throws {@link SecurityHubServiceException}
+ * <p>Base exception class for all service exceptions from SecurityHub service.</p>
  *
  * @example To update the enablement status of a standard control
  * ```javascript

package/dist-types/commands/index.d.ts

@@ -35,6 +35,7 @@ export * from "./EnableSecurityHubCommand";
 export * from "./GetAdministratorAccountCommand";
 export * from "./GetEnabledStandardsCommand";
 export * from "./GetFindingAggregatorCommand";
+export * from "./GetFindingHistoryCommand";
 export * from "./GetFindingsCommand";
 export * from "./GetInsightResultsCommand";
 export * from "./GetInsightsCommand";

package/dist-types/models/models_1.d.ts

@@ -7528,7 +7528,7 @@ export interface AwsSecurityFinding {
     Region?: string;
     /**
      * <p>The identifier for the solution-specific component (a discrete unit of logic) that
-     *          generated a finding. In various security-findings providers' solutions, this generator can
+     *          generated a finding. In various security findings providers' solutions, this generator can
      *          be called a rule, a check, a detector, a plugin, etc. </p>
      */
     GeneratorId: string | undefined;
@@ -7544,7 +7544,7 @@ export interface AwsSecurityFinding {
      */
     Types?: string[];
     /**
-     * <p>Indicates when the security-findings provider first observed the potential security
+     * <p>Indicates when the security findings provider first observed the potential security
      *          issue that a finding captured.</p>
      *          <p>Uses the <code>date-time</code> format specified in <a href="https://tools.ietf.org/html/rfc3339#section-5.6">RFC 3339 section 5.6, Internet
      *             Date/Time Format</a>. The value cannot contain spaces, and date and time should be separated by <code>T</code>. For example,
@@ -7552,7 +7552,7 @@ export interface AwsSecurityFinding {
      */
     FirstObservedAt?: string;
     /**
-     * <p>Indicates when the security-findings provider most recently observed the potential
+     * <p>Indicates when the security findings provider most recently observed the potential
      *          security issue that a finding captured.</p>
      *          <p>Uses the <code>date-time</code> format specified in <a href="https://tools.ietf.org/html/rfc3339#section-5.6">RFC 3339 section 5.6, Internet
      *             Date/Time Format</a>. The value cannot contain spaces, and date and time should be separated by <code>T</code>. For example,
@@ -7560,7 +7560,7 @@ export interface AwsSecurityFinding {
      */
     LastObservedAt?: string;
     /**
-     * <p>Indicates when the security-findings provider created the potential security issue that
+     * <p>Indicates when the security findings provider created the potential security issue that
      *          a finding captured.</p>
      *          <p>Uses the <code>date-time</code> format specified in <a href="https://tools.ietf.org/html/rfc3339#section-5.6">RFC 3339 section 5.6, Internet
      *             Date/Time Format</a>. The value cannot contain spaces, and date and time should be separated by <code>T</code>. For example,
@@ -7568,7 +7568,7 @@ export interface AwsSecurityFinding {
      */
     CreatedAt: string | undefined;
     /**
-     * <p>Indicates when the security-findings provider last updated the finding record.</p>
+     * <p>Indicates when the security findings provider last updated the finding record.</p>
      *          <p>Uses the <code>date-time</code> format specified in <a href="https://tools.ietf.org/html/rfc3339#section-5.6">RFC 3339 section 5.6, Internet
      *             Date/Time Format</a>. The value cannot contain spaces, and date and time should be separated by <code>T</code>. For example,
      *             <code>2020-03-22T13:22:13.933Z</code>.</p>
@@ -7610,12 +7610,12 @@ export interface AwsSecurityFinding {
      */
     Remediation?: Remediation;
     /**
-     * <p>A URL that links to a page about the current finding in the security-findings provider's
+     * <p>A URL that links to a page about the current finding in the security findings provider's
      *          solution.</p>
      */
     SourceUrl?: string;
     /**
-     * <p>A data type where security-findings providers can include additional solution-specific
+     * <p>A data type where security findings providers can include additional solution-specific
      *          details that aren't part of the defined <code>AwsSecurityFinding</code> format.</p>
      *          <p>Can contain up to 50 key-value pairs. For each key-value pair, the key can contain up to 128 characters, and the value can contain up to 2048 characters.</p>
      */
@@ -7992,7 +7992,7 @@ export interface AwsSecurityFindingFilters {
     Id?: StringFilter[];
     /**
      * <p>The identifier for the solution-specific component (a discrete unit of logic) that
-     *          generated a finding. In various security-findings providers' solutions, this generator can
+     *          generated a finding. In various security findings providers' solutions, this generator can
      *          be called a rule, a check, a detector, a plugin, etc.</p>
      */
     GeneratorId?: StringFilter[];
@@ -8006,25 +8006,25 @@ export interface AwsSecurityFindingFilters {
      */
     Type?: StringFilter[];
     /**
-     * <p>An ISO8601-formatted timestamp that indicates when the security-findings provider first
+     * <p>An ISO8601-formatted timestamp that indicates when the security findings provider first
      *          observed the potential security issue that a finding captured.</p>
      *          <p>A correctly formatted example is <code>2020-05-21T20:16:34.724Z</code>. The value cannot contain spaces, and date and time should be separated by <code>T</code>. For more information, see <a href="https://www.rfc-editor.org/rfc/rfc3339#section-5.6">RFC 3339 section 5.6, Internet Date/Time Format</a>.</p>
      */
     FirstObservedAt?: DateFilter[];
     /**
-     * <p>An ISO8601-formatted timestamp that indicates when the security-findings provider most
+     * <p>An ISO8601-formatted timestamp that indicates when the security findings provider most
      *          recently observed the potential security issue that a finding captured.</p>
      *          <p>A correctly formatted example is <code>2020-05-21T20:16:34.724Z</code>. The value cannot contain spaces, and date and time should be separated by <code>T</code>. For more information, see <a href="https://www.rfc-editor.org/rfc/rfc3339#section-5.6">RFC 3339 section 5.6, Internet Date/Time Format</a>.</p>
      */
     LastObservedAt?: DateFilter[];
     /**
-     * <p>An ISO8601-formatted timestamp that indicates when the security-findings provider
+     * <p>An ISO8601-formatted timestamp that indicates when the security findings provider
      *          captured the potential security issue that a finding captured.</p>
      *          <p>A correctly formatted example is <code>2020-05-21T20:16:34.724Z</code>. The value cannot contain spaces, and date and time should be separated by <code>T</code>. For more information, see <a href="https://www.rfc-editor.org/rfc/rfc3339#section-5.6">RFC 3339 section 5.6, Internet Date/Time Format</a>.</p>
      */
     CreatedAt?: DateFilter[];
     /**
-     * <p>An ISO8601-formatted timestamp that indicates when the security-findings provider last
+     * <p>An ISO8601-formatted timestamp that indicates when the security findings provider last
      *          updated the finding record. </p>
      *          <p>A correctly formatted example is <code>2020-05-21T20:16:34.724Z</code>. The value cannot contain spaces, and date and time should be separated by <code>T</code>. For more information, see <a href="https://www.rfc-editor.org/rfc/rfc3339#section-5.6">RFC 3339 section 5.6, Internet Date/Time Format</a>.</p>
      */
@@ -8032,7 +8032,7 @@ export interface AwsSecurityFindingFilters {
     /**
      * @deprecated
      *
-     * <p>The native severity as defined by the security-findings provider's solution that
+     * <p>The native severity as defined by the security findings provider's solution that
      *          generated the finding.</p>
      */
     SeverityProduct?: NumberFilter[];
@@ -8072,12 +8072,12 @@ export interface AwsSecurityFindingFilters {
      */
     RecommendationText?: StringFilter[];
     /**
-     * <p>A URL that links to a page about the current finding in the security-findings provider's
+     * <p>A URL that links to a page about the current finding in the security findings provider's
      *          solution.</p>
      */
     SourceUrl?: StringFilter[];
     /**
-     * <p>A data type where security-findings providers can include additional solution-specific
+     * <p>A data type where security findings providers can include additional solution-specific
      *          details that aren't part of the defined <code>AwsSecurityFinding</code> format.</p>
      */
     ProductFields?: MapFilter[];
@@ -8492,7 +8492,7 @@ export interface AwsSecurityFindingFilters {
 }
 /**
  * @public
- * <p>Identifies a finding to update using <code>BatchUpdateFindings</code>.</p>
+ * <p>Identifies which finding to get the finding history for.</p>
  */
 export interface AwsSecurityFindingIdentifier {
     /**

package/dist-types/models/models_2.d.ts

@@ -1,5 +1,5 @@
 import { AccountDetails, ActionTarget, AdminAccount, AssociationStatus, AutoEnableStandards } from "./models_0";
-import { AwsSecurityFinding, AwsSecurityFindingFilters, ControlFindingGenerator, ControlStatus, NoteUpdate, RecordState, SeverityRating, StandardsSubscription } from "./models_1";
+import { AwsSecurityFinding, AwsSecurityFindingFilters, AwsSecurityFindingIdentifier, ControlFindingGenerator, ControlStatus, NoteUpdate, RecordState, SeverityRating, StandardsSubscription } from "./models_1";
 /**
  * @public
  */
@@ -700,6 +700,126 @@ export interface FindingAggregator {
      */
     FindingAggregatorArn?: string;
 }
+/**
+ * @public
+ * <p> An array of objects that provides details about a change to a finding, including the
+ *                 Amazon Web Services Security Finding Format (ASFF) field that changed, the value of
+ *             the field before the change, and the value of the field after the change. </p>
+ */
+export interface FindingHistoryUpdate {
+    /**
+     * <p>
+     *          The ASFF field that changed during the finding change event.
+     *       </p>
+     */
+    UpdatedField?: string;
+    /**
+     * <p>
+     *          The value of the ASFF field before the finding change event.
+     *       </p>
+     */
+    OldValue?: string;
+    /**
+     * <p>
+     *          The value of the ASFF field after the finding change event. To preserve storage and readability, Security Hub omits this value
+     *           if <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_FindingHistoryRecord.html">
+     *                <code>FindingHistoryRecord</code>
+     *             </a> exceeds database limits.
+     *       </p>
+     */
+    NewValue?: string;
+}
+/**
+ * @public
+ * @enum
+ */
+export declare const FindingHistoryUpdateSourceType: {
+    readonly BATCH_IMPORT_FINDINGS: "BATCH_IMPORT_FINDINGS";
+    readonly BATCH_UPDATE_FINDINGS: "BATCH_UPDATE_FINDINGS";
+};
+/**
+ * @public
+ */
+export type FindingHistoryUpdateSourceType = (typeof FindingHistoryUpdateSourceType)[keyof typeof FindingHistoryUpdateSourceType];
+/**
+ * @public
+ * <p>
+ *          Identifies the source of the finding change event.
+ *       </p>
+ */
+export interface FindingHistoryUpdateSource {
+    /**
+     * <p>
+     *          Describes the type of finding change event, such as a call to <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html">
+     *                <code>BatchImportFindings</code>
+     *             </a> (by an integrated Amazon Web Service or third party partner integration) or <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html">
+     *                <code>BatchUpdateFindings</code>
+     *             </a> (by a Security Hub customer).
+     *       </p>
+     */
+    Type?: FindingHistoryUpdateSourceType | string;
+    /**
+     * <p>
+     *          The identity of the source that initiated the finding change event. For example, the Amazon Resource Name (ARN) of a partner that calls BatchImportFindings or of a customer that calls BatchUpdateFindings.
+     *       </p>
+     */
+    Identity?: string;
+}
+/**
+ * @public
+ * <p>
+ *          A list of events that changed the specified finding during the specified time period. Each record represents a single
+ *          finding change event.
+ *       </p>
+ */
+export interface FindingHistoryRecord {
+    /**
+     * <p>Identifies which finding to get the finding history for.</p>
+     */
+    FindingIdentifier?: AwsSecurityFindingIdentifier;
+    /**
+     * <p> An ISO 8601-formatted timestamp that indicates when the security findings provider last
+     *             updated the finding record. A correctly formatted example is
+     *                 <code>2020-05-21T20:16:34.724Z</code>. The value cannot contain spaces, and date and
+     *             time should be separated by <code>T</code>. For more information, see <a href="https://www.rfc-editor.org/rfc/rfc3339#section-5.6">RFC 3339 section 5.6,
+     *                 Internet Date/Time Format</a>. </p>
+     */
+    UpdateTime?: Date;
+    /**
+     * <p>
+     *          Identifies whether the event marks the creation of a new finding. A value of <code>True</code> means that the finding is
+     *          newly created. A value of <code>False</code> means that the finding isn’t newly created.
+     *       </p>
+     */
+    FindingCreated?: boolean;
+    /**
+     * <p> Identifies the source of the event that changed the finding. For example, an integrated
+     *                 Amazon Web Service or third-party partner integration may call <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html">
+     *                <code>BatchImportFindings</code>
+     *             </a>, or an Security Hub customer
+     *             may call <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html">
+     *                <code>BatchUpdateFindings</code>
+     *             </a>. </p>
+     */
+    UpdateSource?: FindingHistoryUpdateSource;
+    /**
+     * <p>
+     *          An array of objects that provides details about the finding change event, including the Amazon Web Services Security
+     *          Finding Format (ASFF) field that changed, the value of the field before the change, and the value of the field after
+     *          the change.
+     *       </p>
+     */
+    Updates?: FindingHistoryUpdate[];
+    /**
+     * <p>
+     *          A token for pagination purposes. Provide this token in the subsequent request to <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindingsHistory.html">
+     *                <code>GetFindingsHistory</code>
+     *             </a> to get
+     *          up to an additional 100 results of history for the same finding that you specified in your initial request.
+     *       </p>
+     */
+    NextToken?: string;
+}
 /**
  * @public
  */
@@ -801,6 +921,81 @@ export interface GetFindingAggregatorResponse {
      */
     Regions?: string[];
 }
+/**
+ * @public
+ */
+export interface GetFindingHistoryRequest {
+    /**
+     * <p>Identifies which finding to get the finding history for.</p>
+     */
+    FindingIdentifier: AwsSecurityFindingIdentifier | undefined;
+    /**
+     * <p>
+     *          An ISO 8601-formatted timestamp that indicates the start time of the requested finding history. A correctly formatted
+     *          example is <code>2020-05-21T20:16:34.724Z</code>. The value cannot contain spaces, and date and time should be separated
+     *          by <code>T</code>. For more information, see <a href="https://www.rfc-editor.org/rfc/rfc3339#section-5.6">RFC 3339
+     *             section 5.6, Internet Date/Time Format</a>.</p>
+     *          <p>If you provide values for both <code>StartTime</code> and <code>EndTime</code>,
+     *                 Security Hub returns finding history for the specified time period. If you
+     *             provide a value for <code>StartTime</code> but not for <code>EndTime</code>, Security Hub returns finding history from the <code>StartTime</code> to the time at
+     *             which the API is called. If you provide a value for <code>EndTime</code> but not for
+     *                 <code>StartTime</code>, Security Hub returns finding history from the <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecurityFindingFilters.html#securityhub-Type-AwsSecurityFindingFilters-CreatedAt">CreatedAt</a> timestamp of the finding to the <code>EndTime</code>. If you
+     *             provide neither <code>StartTime</code> nor <code>EndTime</code>, Security Hub
+     *             returns finding history from the CreatedAt timestamp of the finding to the time at which
+     *             the API is called. In all of these scenarios, the response is limited to 100 results, and the maximum time period is
+     *             limited to 90 days. </p>
+     */
+    StartTime?: Date;
+    /**
+     * <p>
+     *          An ISO 8601-formatted timestamp that indicates the end time of the requested finding history. A correctly formatted
+     *          example is <code>2020-05-21T20:16:34.724Z</code>. The value cannot contain spaces, and date and time should be separated
+     *          by <code>T</code>. For more information, see <a href="https://www.rfc-editor.org/rfc/rfc3339#section-5.6">RFC 3339
+     *             section 5.6, Internet Date/Time Format</a>.</p>
+     *          <p>If you provide values for both <code>StartTime</code> and <code>EndTime</code>,
+     *                 Security Hub returns finding history for the specified time period. If you
+     *             provide a value for <code>StartTime</code> but not for <code>EndTime</code>, Security Hub returns finding history from the <code>StartTime</code> to the time at
+     *             which the API is called. If you provide a value for <code>EndTime</code> but not for
+     *                 <code>StartTime</code>, Security Hub returns finding history from the <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecurityFindingFilters.html#securityhub-Type-AwsSecurityFindingFilters-CreatedAt">CreatedAt</a> timestamp of the finding to the <code>EndTime</code>. If you
+     *             provide neither <code>StartTime</code> nor <code>EndTime</code>, Security Hub
+     *             returns finding history from the CreatedAt timestamp of the finding to the time at which
+     *             the API is called. In all of these scenarios, the response is limited to 100 results, and the maximum time period is
+     *             limited to 90 days.</p>
+     */
+    EndTime?: Date;
+    /**
+     * <p>
+     *          A token for pagination purposes. Provide <code>NULL</code> as the initial value. In subsequent requests, provide the
+     *          token included in the response to get up to an additional 100 results of finding history. If you don’t provide
+     *          <code>NextToken</code>, Security Hub returns up to 100 results of finding history for each request.
+     *       </p>
+     */
+    NextToken?: string;
+    /**
+     * <p>
+     *          The maximum number of results to be returned. If you don’t provide it, Security Hub returns up to 100 results of finding history.
+     *       </p>
+     */
+    MaxResults?: number;
+}
+/**
+ * @public
+ */
+export interface GetFindingHistoryResponse {
+    /**
+     * <p>
+     *          A list of events that altered the specified finding during the specified time period.
+     *       </p>
+     */
+    Records?: FindingHistoryRecord[];
+    /**
+     * <p>
+     *          A token for pagination purposes. Provide this token in the subsequent request to <code>GetFindingsHistory</code> to
+     *          get up to an additional 100 results of history for the same finding that you specified in your initial request.
+     *       </p>
+     */
+    NextToken?: string;
+}
 /**
  * @public
  * @enum

package/dist-types/pagination/GetFindingHistoryPaginator.d.ts

@@ -0,0 +1,7 @@
+import { Paginator } from "@aws-sdk/types";
+import { GetFindingHistoryCommandInput, GetFindingHistoryCommandOutput } from "../commands/GetFindingHistoryCommand";
+import { SecurityHubPaginationConfiguration } from "./Interfaces";
+/**
+ * @public
+ */
+export declare function paginateGetFindingHistory(config: SecurityHubPaginationConfiguration, input: GetFindingHistoryCommandInput, ...additionalArguments: any): Paginator<GetFindingHistoryCommandOutput>;

package/dist-types/pagination/index.d.ts

@@ -3,6 +3,7 @@ export * from "./DescribeProductsPaginator";
 export * from "./DescribeStandardsControlsPaginator";
 export * from "./DescribeStandardsPaginator";
 export * from "./GetEnabledStandardsPaginator";
+export * from "./GetFindingHistoryPaginator";
 export * from "./GetFindingsPaginator";
 export * from "./GetInsightsPaginator";
 export * from "./Interfaces";

package/dist-types/protocols/Aws_restJson1.d.ts

@@ -37,6 +37,7 @@ import { EnableSecurityHubCommandInput, EnableSecurityHubCommandOutput } from ".
 import { GetAdministratorAccountCommandInput, GetAdministratorAccountCommandOutput } from "../commands/GetAdministratorAccountCommand";
 import { GetEnabledStandardsCommandInput, GetEnabledStandardsCommandOutput } from "../commands/GetEnabledStandardsCommand";
 import { GetFindingAggregatorCommandInput, GetFindingAggregatorCommandOutput } from "../commands/GetFindingAggregatorCommand";
+import { GetFindingHistoryCommandInput, GetFindingHistoryCommandOutput } from "../commands/GetFindingHistoryCommand";
 import { GetFindingsCommandInput, GetFindingsCommandOutput } from "../commands/GetFindingsCommand";
 import { GetInsightResultsCommandInput, GetInsightResultsCommandOutput } from "../commands/GetInsightResultsCommand";
 import { GetInsightsCommandInput, GetInsightsCommandOutput } from "../commands/GetInsightsCommand";
@@ -209,6 +210,10 @@ export declare const se_GetEnabledStandardsCommand: (input: GetEnabledStandardsC
  * serializeAws_restJson1GetFindingAggregatorCommand
  */
 export declare const se_GetFindingAggregatorCommand: (input: GetFindingAggregatorCommandInput, context: __SerdeContext) => Promise<__HttpRequest>;
+/**
+ * serializeAws_restJson1GetFindingHistoryCommand
+ */
+export declare const se_GetFindingHistoryCommand: (input: GetFindingHistoryCommandInput, context: __SerdeContext) => Promise<__HttpRequest>;
 /**
  * serializeAws_restJson1GetFindingsCommand
  */
@@ -453,6 +458,10 @@ export declare const de_GetEnabledStandardsCommand: (output: __HttpResponse, con
  * deserializeAws_restJson1GetFindingAggregatorCommand
  */
 export declare const de_GetFindingAggregatorCommand: (output: __HttpResponse, context: __SerdeContext) => Promise<GetFindingAggregatorCommandOutput>;
+/**
+ * deserializeAws_restJson1GetFindingHistoryCommand
+ */
+export declare const de_GetFindingHistoryCommand: (output: __HttpResponse, context: __SerdeContext) => Promise<GetFindingHistoryCommandOutput>;
 /**
  * deserializeAws_restJson1GetFindingsCommand
  */

package/dist-types/ts3.4/SecurityHub.d.ts

@@ -147,6 +147,10 @@ import {
   GetFindingAggregatorCommandInput,
   GetFindingAggregatorCommandOutput,
 } from "./commands/GetFindingAggregatorCommand";
+import {
+  GetFindingHistoryCommandInput,
+  GetFindingHistoryCommandOutput,
+} from "./commands/GetFindingHistoryCommand";
 import {
   GetFindingsCommandInput,
   GetFindingsCommandOutput,
@@ -750,6 +754,19 @@ export interface SecurityHub {
     options: __HttpHandlerOptions,
     cb: (err: any, data?: GetFindingAggregatorCommandOutput) => void
   ): void;
+  getFindingHistory(
+    args: GetFindingHistoryCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<GetFindingHistoryCommandOutput>;
+  getFindingHistory(
+    args: GetFindingHistoryCommandInput,
+    cb: (err: any, data?: GetFindingHistoryCommandOutput) => void
+  ): void;
+  getFindingHistory(
+    args: GetFindingHistoryCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: GetFindingHistoryCommandOutput) => void
+  ): void;
   getFindings(
     args: GetFindingsCommandInput,
     options?: __HttpHandlerOptions

package/dist-types/ts3.4/SecurityHubClient.d.ts

@@ -192,6 +192,10 @@ import {
   GetFindingAggregatorCommandInput,
   GetFindingAggregatorCommandOutput,
 } from "./commands/GetFindingAggregatorCommand";
+import {
+  GetFindingHistoryCommandInput,
+  GetFindingHistoryCommandOutput,
+} from "./commands/GetFindingHistoryCommand";
 import {
   GetFindingsCommandInput,
   GetFindingsCommandOutput,
@@ -331,6 +335,7 @@ export type ServiceInputTypes =
   | GetAdministratorAccountCommandInput
   | GetEnabledStandardsCommandInput
   | GetFindingAggregatorCommandInput
+  | GetFindingHistoryCommandInput
   | GetFindingsCommandInput
   | GetInsightResultsCommandInput
   | GetInsightsCommandInput
@@ -393,6 +398,7 @@ export type ServiceOutputTypes =
   | GetAdministratorAccountCommandOutput
   | GetEnabledStandardsCommandOutput
   | GetFindingAggregatorCommandOutput
+  | GetFindingHistoryCommandOutput
   | GetFindingsCommandOutput
   | GetInsightResultsCommandOutput
   | GetInsightsCommandOutput