AWS Macie not work with sensitive data
I tried setting the AWS Macie to analyze sensitive data. but not work. I create the following "custom data identifiers"
Name: Test01
Regular expression: (?i)batman\.txt.*
Keywords: None
Ignore words: None
Maximum match distance: 50
Occurrences threshold: 1
Severity Level: Medium
https://capsula-01.s3.amazonaws.com/AWS_MACIE01.png
Create the job.
https://capsula-01.s3.amazonaws.com/AWS_MACIE02.png
I analysing the session file of the SSM. I connect to the server EC2 via session manager and run the command "scp batman.txt server:~" for example. Is it possible to get this?
The bucket s3 https://capsula-01.s3.amazonaws.com/AWS_MACIE03.png
But not work. Let me know if i'm doing something wrong.
Hi, Chris, thanks for replying
of course, follow
]0;root@ip-172-30-102-209: ~root@ip-172-30-102-209:~# scp batman.txt server01:~
ssh: Could not resolve hostname server01: Temporary failure in name resolution
lost connection
]0;root@ip-172-30-102-209: ~root@ip-172-30-102-209:~# scp batman.txt server01:~[1P:~[1P:~[1P:~[1P:~[1P:~[1P:~[1P:~[1P:~[1P:~ :~1:~2:~7:~.:~0:~.:~0:~.:~1:~
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts.
root@127.0.0.1: Permission denied (publickey).
lost connection
]0;root@ip-172-30-102-209: ~root@ip-172-30-102-209:~# scp batman.txt 127.0.0.1:~
root@127.0.0.1: Permission denied (publickey).
lost connection
]0;root@ip-172-30-102-209: ~root@ip-172-30-102-209:~# exit
Thank you for the context, this is very helpful.
On first investigation it appears that the issue is not with the custom detection, but rather the format of the log file. Using the excerpt you provided above, I ran this through Macie and the file was not scanned due to an UNSUPPORTED_FILE_TYPE_EXCEPTION. This is visible in the discovery results that are published to your S3 bucket.
The team is having a look to see if this is something that's easily addressable.
I tested by creating a file with string scp batman server:~ and it worked.
Relevant questions
CloudWatch: Posted custom metric data successfully, but can't find the data
asked a month agoException in User Class: org.postgresql.util.PSQLException : ERROR: column "id" does not exist
asked 6 months agoBug Report - AWS SES - Email as case sensitive
asked 6 months agoStream Manager to IOT Analytics does not work after following Doc.
asked 7 months agoAWS Glue - setting data target for RDS mysql
asked 2 months agoHow to locate pii information reported in Macie json file ?
asked 3 months agoData movement from prod to dev with anonymization of PII
Accepted Answerasked 4 years agoAWS Macie not work with sensitive data
asked 14 days agoMACIE not analyzing all files
asked 2 months agoIf I have enabled sensitive redaction data on Contact Lens, am I still able to listen to the unredacted audio through the console?
asked 2 months ago
Hi ricardobarbosams - would you able to include an excerpt of a few lines of context in the relevant log file that contains "scp batman.txt server:~" or similar? You can obfuscate things like your servername or any user names, as long as the format is preserved. Thanks!