Running sensitive data discovery jobs in Amazon Macie - Amazon Macie

Running sensitive data discovery jobs in Amazon Macie

With Amazon Macie, you create and run sensitive data discovery jobs to automate discovery, logging, and reporting of sensitive data in Amazon Simple Storage Service (Amazon S3) buckets. A sensitive data discovery job analyzes objects in S3 buckets to determine whether the objects contain sensitive data, and it provides detailed reports of the sensitive data that it finds and the analysis that it performs.

To help you meet and maintain compliance with your data security and privacy requirements, Macie provides several options for scheduling and defining the scope of each job. With these options, you can build and maintain a comprehensive view of the data that your organization stores in Amazon S3 and any security or compliance risks for that data.

You can configure a job to run only once for on-demand analysis and assessment, or on a recurring basis for periodic analysis, assessment, and monitoring. In addition, you define the breadth and depth of each job's analysis. When you create a job, you start by specifying which S3 buckets you want the job to analyze—specific buckets that you select or buckets that match specific criteria. You can then refine the scope of that analysis by choosing various options, including custom include and exclude criteria that derive from properties of S3 objects. You can also specify the types of sensitive data that you want the job to detect. A job can analyze objects by using the managed data identifiers that Macie provides, custom data identifiers that you define, or a combination of the two. By selecting specific managed and custom data identifiers for a job, you can tailor the job's analysis to focus on specific types of sensitive data.

Each job produces records of the sensitive data that it finds and the analysis that it performs—sensitive data findings and sensitive data discovery results. A sensitive data finding is a detailed report of sensitive data that Macie found in an object. A sensitive data discovery result is a record that logs details about the analysis of an object. Macie creates a sensitive data discovery result for each object that you configure a job to analyze, including objects that don’t contain sensitive data. Each type of record adheres to a standardized schema, which can help you query, monitor, and process the records to meet your security and compliance requirements.