Questions tagged with Amazon Macie
Content language: English
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
I am attempting to build a lambda (with boto3/python) using the list_findings call.
My function is:
```
response = client.list_findings(
findingCriteria={
'criterion': {
'Job ID': {
'eq': ['5e8ff9bf55ba3508199d22e984129be6']
}
}
},
maxResults=50,
nextToken='continued',
sortCriteria={
'attributeName': 'bucketArn',
'orderBy': 'DESC'
}
)
```
The Job ID does exist within my Macie console. (And is intentionally 'hard coded' here at the moment however once working will be a variable.). When I attempt to test I receive the below error. Has anyone else ran into this issue? If so how is it corrected?
Response
```
>{
"errorMessage": "An error occurred (ValidationException) when calling the ListFindings operation: 1 validation error detected: Value '{Job ID=FindingCondition(gt=null, gte=null, lt=null, lte=null, eq=[5e8ff9bf55ba3508199d22e984129be6], neq=null, eqExactMatch=null)}' at 'findingCriteria.criterion' failed to satisfy constraint: Map keys must satisfy constraint: [Member must have length less than or equal to 255, Member must have length greater than or equal to 1, Member must satisfy regular expression pattern: [\\w\\.]+]",
"errorType": "ValidationException",
"stackTrace": [
" File \"/var/task/grp_data_public_cloud_sdm_usaa_macie_scalable_solution_src/src/lmbd/list_findings.py\", line 35, in list_findings\n response = client.list_findings(\n",
" File \"/opt/python/botocore/client.py\", line 530, in _api_call\n return self._make_api_call(operation_name, kwargs)\n",
" File \"/opt/python/botocore/client.py\", line 960, in _make_api_call\n raise error_class(parsed_response, operation_name)\n"
]
}
```
Tried looking at the API documentation at: https://docs.aws.amazon.com/macie/latest/APIReference/findings.html however according to it, none of the fields appear to be required (all show as false).
I have also tried it with several variations on the job ID (variable, f string variable, tuple, etc...).
Macie provides detailed positions of sensitive data in output file. But, I want to extract that data using positions from output file. Also, macie reveal only 10 samples.
Is there any way to get more than 10 samples in aws macie "reveal samples"? If don't, is there any other solution(like sql query or something) to extract the complete data from sensitive files?
I have administrator access.
I follow [Amazon macie Getting Started](https://docs.aws.amazon.com/macie/latest/user/getting-started.html)
I make sure that I successfully generate sample findings
But I want to delete bucket: macie-sample-finding-bucket
however I can not see this bucket in the S3 console
and in the command
how to delete this bucket?
If you set up an Amazon Macie job and choose to use all managed data identifiers, and then you set it to run on a schedule, will it start including more and more managed data identifiers if and when more get added by AWS?
asked 3 months ago
It looks like passwords are not [one of the managed identifiers](https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html). Is there a recommendation for how to create a custom identifier that has a good balance of false positives and false negatives?
I see an SO answer with many RegEx examples for passwords: https://stackoverflow.com/a/21456918 I guess this could be combined with Macie's custom identifiers capability of only showing results that have a certain word within a certain proximity.
Just trying to see what has given other people success?
asked 3 months ago
Can Macie consolidate the findings across various regions and report from one central location (like Security Hub), or does it have to be enabled region wise?
asked 4 months ago
So I have started using the Macie service to do some data classification for a project I am building. I originally tried it with some JSON data that was put into a text file that contained US SSN numbers. I ran the Macie service to have it try and find this data and the scan did not return any findings.
Next I figured that I would try the Macie scan on a an excel file with three columns. The first column had 5 first names, the second column had 5 last names, and the third column had 5 SSN numbers. Nothing else was in the excel file. I ran the Macie scan again and it still failed to find any sensitive data. I tried using the all managed identifiers scan and just the individual SSN scan and neither of them returned any findings.
Does anyone know what I might be doing wrong and why Macie cant find simple SSN numbers? I am happy to provide more context as well as share the files if it will be helpful (all the SSNs are fake numbers for testing).
Hello,
I tried running Macie job on a bucket with just a few small files. The job is running for more than 10 hours and it does not look like it is going to end. There are no errors anywhere (including in cloudtrail). Any idea of what could be the issue?
I tried setting the AWS Macie to analyze sensitive data. but not work. I create the following "custom data identifiers"
```
Name: Test01
Regular expression: (?i)batman\.txt.*
Keywords: None
Ignore words: None
Maximum match distance: 50
Occurrences threshold: 1
Severity Level: Medium
```
[https://capsula-01.s3.amazonaws.com/AWS_MACIE01.png]()
Create the job.
[https://capsula-01.s3.amazonaws.com/AWS_MACIE02.png]()
I analysing the session file of the SSM. I connect to the server EC2 via session manager and run the command "scp batman.txt server:~" for example. Is it possible to get this?
The bucket s3 [https://capsula-01.s3.amazonaws.com/AWS_MACIE03.png]()
But not work. Let me know if i'm doing something wrong.
Hi,
I have .xlsx , .csv and .txt files in a bucket but macie analyzes only the .xlsx files and not showing findings for any of the other file types.
Any idea ?
Hello everyone,
I am having difficulty in locating pii information reported in Macie json file ...
The only indicated locator I have is the following:
"detailedResultsLocation": "s3://[export-config-not-set]/AWSLogs/account-id/Macie/us-east-1/filename.jsonl.gz
How do I access this file and its contents ? Thanks in advance.
Kind regards
--osman
Hi All, Are there best practices and recommended tools for moving a copy of production data (in RDS/Dynamo/S3) to dev, with the ability to detect and anonymize personally identifiable information (PII) along the way?