Monitoring and processing Amazon Macie findings - Amazon Macie

Monitoring and processing Amazon Macie findings

To support integration with other applications, services, and systems, such as monitoring or event management systems, Amazon Macie automatically publishes policy and sensitive data findings to Amazon EventBridge as events. For additional support, you can configure Macie to also publish policy and sensitive data findings to AWS Security Hub.

Amazon EventBridge, formerly called Amazon CloudWatch Events, is a serverless event bus service that delivers a stream of real-time data from applications and services, and routes that data to targets such as AWS Lambda functions, Amazon Simple Notification Service topics, and Amazon Kinesis streams. With EventBridge, you can automate monitoring and processing of certain types of events, including events that Macie publishes for findings. To learn more about EventBridge, see the Amazon EventBridge User Guide. To learn about using EventBridge to monitor and process findings, see EventBridge integration.

AWS Security Hub is a security service that provides you with a comprehensive view of your security state in AWS and helps you check your environment against security industry standards and best practices. Security Hub collects security data from multiple AWS services and supported AWS Partner Network security solutions, and it helps you analyze your security trends and identify the highest priority security issues. With Security Hub, you can analyze Macie findings as part of a broader analysis of your organization's security posture. To learn more about Security Hub, see the AWS Security Hub User Guide. To learn about using Security Hub to monitor and process findings, see Security Hub integration.

When Macie creates a finding, it automatically publishes the finding to EventBridge as a new event. Depending on the publication settings that you choose for your account, Macie can also publish the finding to Security Hub. Macie publishes each new finding immediately after it finishes processing the finding. If Macie detects a subsequent occurrence of an existing policy finding, it publishes an update to the existing EventBridge event for the finding. Depending on your publication settings, Macie can also publish the update to Security Hub. Macie publishes these updates on a recurring basis, using a publication frequency that you specify in the publication settings for your account. For details about these settings and the timing with which Macie publishes findings, see Configuring publication settings for findings.