Investigating sensitive data with Amazon Macie findings - Amazon Macie

Investigating sensitive data with Amazon Macie findings

Amazon Macie captures details about the location of each occurrence of sensitive data that it finds in an Amazon Simple Storage Service (Amazon S3) object. This includes sensitive data that Macie detects using managed data identifiers, and data that matches the criteria of custom data identifiers.

With sensitive data findings, you can review these details for as many as 15 occurrences of sensitive data that Macie detects in an affected S3 object. The details provide insight into the breadth of the categories and types of sensitive data that specific S3 buckets and objects might contain. They can help you locate individual occurrences of sensitive data in S3 objects, and determine whether to perform a deeper investigation of specific buckets and objects.

For additional insight, you can optionally configure and use Macie to retrieve samples of sensitive data that Macie reports in individual findings. The samples can help you verify the nature of the sensitive data that Macie found, and tailor your investigation of an affected S3 bucket and object. If you choose to retrieve sensitive data samples for a finding, Macie uses data in the finding to locate 1-10 occurrences of each type of sensitive data reported by the finding. Macie then extracts those occurrences of sensitive data from the affected S3 object and displays the data for you to review.

If an S3 object contains many occurrences of sensitive data, a finding can also help you navigate to the corresponding sensitive data discovery result. Unlike a sensitive data finding, a sensitive data discovery result provides detailed location data for as many as 1,000 occurrences of each type of sensitive data that Macie finds in an object. Macie uses the same schema for location data in sensitive data findings and sensitive data discovery results.

The topics in this section explain how to locate and optionally retrieve occurrences of sensitive data by using sensitive data findings. They also explain the schema that Macie uses to report the location of individual occurrences of sensitive data.