Monitoring and processing Amazon Macie findings
To support integration with other applications, services, and systems, such as monitoring or event management systems, Amazon Macie automatically publishes policy and sensitive data findings to Amazon EventBridge as events. For additional support and broader analysis of your organization's security posture, you can configure Macie to also publish policy and sensitive data findings to AWS Security Hub.
- Amazon EventBridge
-
Amazon EventBridge, formerly Amazon CloudWatch Events, is a serverless event bus service that delivers a stream of real-time data from applications and services, and routes that data to targets such as AWS Lambda functions, Amazon Simple Notification Service topics, and Amazon Kinesis streams. With EventBridge, you can automate monitoring and processing of certain types of events, including events that Macie publishes for findings. To learn more about EventBridge, see the Amazon EventBridge User Guide.
If you integrate AWS User Notifications with Macie, you can also use EventBridge events to automatically generate notifications about events that Macie publishes for findings. With User Notifications, you create custom rules and configure delivery channels for receiving notifications about EventBridge events of interest. The delivery channels include email, AWS Chatbot chat notifications, and AWS Console Mobile Application push notifications. You can also review notifications in a central location on the AWS Management Console. To learn more about User Notifications, see the AWS User Notifications User Guide.
- AWS Security Hub
-
AWS Security Hub is a security service that provides you with a comprehensive view of your security state across your AWS environment. It collects security data from AWS services and supported AWS Partner Network security solutions, and helps you check your environment against security industry standards and best practices. It also helps you analyze security trends and identify the highest priority security issues. With Security Hub, you can review Macie findings as part of a broader analysis of your organization's security posture. You can also aggregate findings from multiple AWS Regions, and monitor and process aggregated findings data from a single Region. To learn more about Security Hub, see the AWS Security Hub User Guide.
When Macie creates a finding, it automatically publishes the finding to EventBridge as a new event. Depending on the publication settings that you choose for your account, Macie can also publish the finding to Security Hub. Macie publishes each new finding immediately after it finishes processing the finding. If Macie detects a subsequent occurrence of an existing policy finding, it publishes an update to the existing EventBridge event for the finding. Depending on your publication settings, Macie can also publish the update to Security Hub. Macie publishes these updates on a recurring basis, using a publication frequency that you specify in the publication settings for your account.
Topics
