AWS Macie not work with sensitive data
I tried setting the AWS Macie to analyze sensitive data. but not work. I create the following "custom data identifiers"
Name: Test01 Regular expression: (?i)batman\.txt.* Keywords: None Ignore words: None Maximum match distance: 50 Occurrences threshold: 1 Severity Level: Medium
Create the job.
I analysing the session file of the SSM. I connect to the server EC2 via session manager and run the command "scp batman.txt server:~" for example. Is it possible to get this?
The bucket s3 https://capsula-01.s3.amazonaws.com/AWS_MACIE03.png
But not work. Let me know if i'm doing something wrong.
Hi ricardobarbosams - would you able to include an excerpt of a few lines of context in the relevant log file that contains "scp batman.txt server:~" or similar? You can obfuscate things like your servername or any user names, as long as the format is preserved. Thanks!
Hi, Chris, thanks for replying
of course, follow
]0;root@ip-172-30-102-209: ~root@ip-172-30-102-209:~# scp batman.txt server01:~ ssh: Could not resolve hostname server01: Temporary failure in name resolution lost connection ]0;root@ip-172-30-102-209: ~root@ip-172-30-102-209:~# scp batman.txt server01:~[1P:~[1P:~[1P:~[1P:~[1P:~[1P:~[1P:~[1P:~[1P:~ :~1:~2:~7:~.:~0:~.:~0:~.:~1:~ The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts. firstname.lastname@example.org: Permission denied (publickey). lost connection ]0;root@ip-172-30-102-209: ~root@ip-172-30-102-209:~# scp batman.txt 127.0.0.1:~ email@example.com: Permission denied (publickey). lost connection ]0;root@ip-172-30-102-209: ~root@ip-172-30-102-209:~# exit
Thank you for the context, this is very helpful.
On first investigation it appears that the issue is not with the custom detection, but rather the format of the log file. Using the excerpt you provided above, I ran this through Macie and the file was not scanned due to an UNSUPPORTED_FILE_TYPE_EXCEPTION. This is visible in the discovery results that are published to your S3 bucket.
The team is having a look to see if this is something that's easily addressable.
Thanks for replying Cris :)
I tested by creating a file with string
scp batman server:~ and it worked.
CloudWatch: Posted custom metric data successfully, but can't find the dataasked a month ago
Exception in User Class: org.postgresql.util.PSQLException : ERROR: column "id" does not existasked 6 months ago
Bug Report - AWS SES - Email as case sensitiveasked 6 months ago
Stream Manager to IOT Analytics does not work after following Doc.asked 7 months ago
AWS Glue - setting data target for RDS mysqlasked 2 months ago
How to locate pii information reported in Macie json file ?asked 3 months ago
Data movement from prod to dev with anonymization of PIIAccepted Answerasked 4 years ago
AWS Macie not work with sensitive dataasked 14 days ago
MACIE not analyzing all filesasked 2 months ago
If I have enabled sensitive redaction data on Contact Lens, am I still able to listen to the unredacted audio through the console?asked 2 months ago