AWS securityhub documentation change
Summary
Updated documentation for 'FirstObservedAt' timestamp to clarify behavior for CSPM control findings
Security assessment
Clarifies how Security Hub's CSPM feature uses timestamps for compliance status changes. While related to security monitoring features, this is a documentation refinement rather than addressing a specific security vulnerability.
Diff
diff --git a/securityhub/latest/userguide/asff-top-level-attributes.md b/securityhub/latest/userguide/asff-top-level-attributes.md index 5540c807c..19940d9b2 100644 --- a//securityhub/latest/userguide/asff-top-level-attributes.md +++ b//securityhub/latest/userguide/asff-top-level-attributes.md @@ -337 +337 @@ This timestamp specifies when the event or vulnerability was first observed. Con -This timestamp should be immutable between updates of the finding record but can be updated if a more accurate timestamp is determined. +For control findings that Security Hub CSPM generates and updates, this timestamp can also indicate when the compliance status of a resource most recently changed. For other types of findings, this timestamp should be immutable between updates of the finding record, but can be updated if a more accurate timestamp is determined.