Findings Filters - Amazon Macie

Findings Filters

The Findings Filters resource represents the repository of filters that you create and save to view, analyze, and manage findings. A findings filter, also referred to as a filter, is a set of criteria that specifies which findings to include in the results of a query for findings. A findings filter can also perform specific actions on findings that meet the filter's criteria. For example, you can configure a filter to suppress (automatically archive) findings that meet the filter's criteria. For more information about creating and using filters, see Filtering findings in the Amazon Macie User Guide.

You can use the Findings Filters resource to create a new filter or retrieve information about all the existing filters for your account. To update, delete, or retrieve detailed information about an individual filter, use the Findings Filter resource.

URI

/findingsfilters

HTTP Methods

GET

Operation ID: ListFindingsFilters

Retrieves a subset of information about all the findings filters for an account.

Query Parameters
Name Type Required Description
nextToken String False

The nextToken string that specifies which page of results to return in a paginated response.

maxResults String False

The maximum number of items to include in each page of a paginated response.

Responses
Status Code Response Model Description
200 ListFindingsFiltersResponse

The request succeeded.

400 ValidationException

The request failed because it contains a syntax error.

402 ServiceQuotaExceededException

The request failed because fulfilling the request would exceed one or more service quotas for your account.

403 AccessDeniedException

The request was denied because you don't have sufficient access to the specified resource.

404 ResourceNotFoundException

The request failed because the specified resource wasn't found.

409 ConflictException

The request failed because it conflicts with the current state of the specified resource.

429 ThrottlingException

The request failed because you sent too many requests during a certain amount of time.

500 InternalServerException

The request failed due to an unknown internal server error, exception, or failure.

POST

Operation ID: CreateFindingsFilter

Creates and defines the criteria and other settings for a findings filter.

Responses
Status Code Response Model Description
200 CreateFindingsFilterResponse

The request succeeded.

400 ValidationException

The request failed because it contains a syntax error.

402 ServiceQuotaExceededException

The request failed because fulfilling the request would exceed one or more service quotas for your account.

403 AccessDeniedException

The request was denied because you don't have sufficient access to the specified resource.

404 ResourceNotFoundException

The request failed because the specified resource wasn't found.

409 ConflictException

The request failed because it conflicts with the current state of the specified resource.

429 ThrottlingException

The request failed because you sent too many requests during a certain amount of time.

500 InternalServerException

The request failed due to an unknown internal server error, exception, or failure.

Schemas

Request Bodies

Example POST

{ "findingCriteria": { "criterion": { } }, "clientToken": "string", "name": "string", "description": "string", "action": enum, "position": integer, "tags": { } }

Response Bodies

Example ListFindingsFiltersResponse

{ "nextToken": "string", "findingsFilterListItems": [ { "name": "string", "action": enum, "id": "string", "arn": "string", "tags": { } } ] }

Example CreateFindingsFilterResponse

{ "id": "string", "arn": "string" }

Example ValidationException

{ "message": "string" }

Example ServiceQuotaExceededException

{ "message": "string" }

Example AccessDeniedException

{ "message": "string" }

Example ResourceNotFoundException

{ "message": "string" }

Example ConflictException

{ "message": "string" }

Example ThrottlingException

{ "message": "string" }

Example InternalServerException

{ "message": "string" }

Properties

AccessDeniedException

Provides information about an error that occurred due to insufficient access to a specified resource.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

ConflictException

Provides information about an error that occurred due to a versioning conflict for a specified resource.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

CreateFindingsFilterRequest

Specifies the criteria and other settings for a new findings filter.

Property Type Required Description
findingCriteria

FindingCriteria

True

The criteria to use to filter findings.

clientToken

string

False

A unique, case-sensitive token that you provide to ensure the idempotency of the request.

name

string

True

A custom name for the filter. The name must contain at least 3 characters and can contain as many as 64 characters.

We strongly recommend that you avoid including any sensitive data in the name of a filter. Other users of your account might be able to see the filter's name, depending on the actions that they're allowed to perform in Amazon Macie.

description

string

False

A custom description of the filter. The description can contain as many as 512 characters.

We strongly recommend that you avoid including any sensitive data in the description of a filter. Other users of your account might be able to see the filter's description, depending on the actions that they're allowed to perform in Amazon Macie.

action

FindingsFilterAction

True

The action to perform on findings that meet the filter criteria (findingCriteria). Valid values are: ARCHIVE, suppress (automatically archive) the findings; and, NOOP, don't perform any action on the findings.

position

integer

Format: int32

False

The position of the filter in the list of saved filters on the Amazon Macie console. This value also determines the order in which the filter is applied to findings, relative to other filters that are also applied to the findings.

tags

TagMap

False

A map of key-value pairs that specifies the tags to associate with the filter.

A findings filter can have a maximum of 50 tags. Each tag consists of a tag key and an associated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.

CreateFindingsFilterResponse

Provides information about a findings filter that was created in response to a request.

Property Type Required Description
id

string

False

The unique identifier for the filter that was created.

arn

string

False

The Amazon Resource Name (ARN) of the filter that was created.

Criterion

Specifies a condition that defines a property, operator, and one or more values to filter the results of a query for findings. The number of values depends on the property and operator specified by the condition. For information about defining filter conditions, see Fundamentals of filtering findings in the Amazon Macie User Guide.

Property Type Required Description

*

object

False

CriterionAdditionalProperties

Specifies the operator to use in a property-based condition that filters the results of a query for findings. For detailed information and examples of each operator, see Fundamentals of filtering findings in the Amazon Macie User Guide.

Property Type Required Description
eqExactMatch

Array of type string

False

The value for the property exclusively matches (equals an exact match for) all the specified values. If you specify multiple values, Amazon Macie uses AND logic to join the values.

You can use this operator with the following properties: customDataIdentifiers.detections.arn, customDataIdentifiers.detections.name, resourcesAffected.s3Bucket.tags.key, resourcesAffected.s3Bucket.tags.value, resourcesAffected.s3Object.tags.key, resourcesAffected.s3Object.tags.value, sensitiveData.category, and sensitiveData.detections.type.

lt

integer

Format: int64

False

The value for the property is less than the specified value.

gte

integer

Format: int64

False

The value for the property is greater than or equal to the specified value.

neq

Array of type string

False

The value for the property doesn't match (doesn't equal) any specified value. If you specify multiple values, Macie uses OR logic to join the values.

lte

integer

Format: int64

False

The value for the property is less than or equal to the specified value.

eq

Array of type string

False

The value for the property matches (equals) any specified value. If you specify multiple values, Macie uses OR logic to join the values.

gt

integer

Format: int64

False

The value for the property is greater than the specified value.

FindingCriteria

Specifies, as a map, one or more property-based conditions that filter the results of a query for findings.

Property Type Required Description
criterion

Criterion

False

A condition that specifies the property, operator, and one or more values to use to filter the results.

FindingsFilterAction

The action to perform on findings that meet the filter criteria. To suppress (automatically archive) findings that meet the criteria, set this value to ARCHIVE. Valid values are:

  • ARCHIVE

  • NOOP

FindingsFilterListItem

Provides information about a findings filter.

Property Type Required Description
name

string

False

The custom name of the filter.

action

FindingsFilterAction

False

The action that's performed on findings that meet the filter criteria. Possible values are: ARCHIVE, suppress (automatically archive) the findings; and, NOOP, don't perform any action on the findings.

id

string

False

The unique identifier for the filter.

arn

string

False

The Amazon Resource Name (ARN) of the filter.

tags

TagMap

False

A map of key-value pairs that identifies the tags (keys and values) that are associated with the filter.

InternalServerException

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

ListFindingsFiltersResponse

Provides information about all the findings filters for an account.

Property Type Required Description
nextToken

string

False

The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.

findingsFilterListItems

Array of type FindingsFilterListItem

False

An array of objects, one for each filter that's associated with the account.

ResourceNotFoundException

Provides information about an error that occurred because a specified resource wasn't found.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

ServiceQuotaExceededException

Provides information about an error that occurred due to one or more service quotas for an account.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

TagMap

A string-to-string map of key-value pairs that specifies the tags (keys and values) for a classification job, custom data identifier, findings filter, or member account.

Property Type Required Description

*

string

False

ThrottlingException

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

ValidationException

Provides information about an error that occurred due to a syntax error in a request.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

See Also

For more information about using this API in one of the language-specific AWS SDKs and references, see the following:

ListFindingsFilters

CreateFindingsFilter