Viewing findings on the Amazon Macie console - Amazon Macie

Viewing findings on the Amazon Macie console

Amazon Macie monitors your AWS environment and generates policy findings when it detects potential policy violations for your Amazon Simple Storage Service (Amazon S3) buckets. Macie generates sensitive data findings when it discovers sensitive data in S3 objects that you configure it to analyze as part of a sensitive data discovery job. Macie stores your policy and sensitive data findings for 30 days.

By using the Amazon Macie console, you can review and analyze findings, and view the details of individual findings. Each finding provides a severity rating, information about the affected resource, and additional details, such as the exact nature of the issue, and when and how Macie found the issue.

To help you streamline your analysis, the console offers several options for building custom views of findings.

Use predefined groupings

Use specific pages to view findings that are grouped by criteria such as affected S3 bucket, finding type, or sensitive data discovery job. With these pages, you can view aggregated statistics for each group, such as the count of findings by severity. You can also drill down to view the details of individual findings in a group, and you can apply filters to refine your analysis.

For example, if you view all findings grouped by S3 bucket and see that a particular S3 bucket has a policy violation, you can quickly determine whether the bucket also contains sensitive data. To do this, choose By bucket in the navigation pane (under Findings), and then choose the bucket. In the details panel that appears, the Findings by type section lists the types of findings that apply to the bucket. To investigate a specific type, choose the number for the type. Macie displays a table of all the findings that both match the selected type and apply to the bucket. To refine the results, filter the table.

Apply attribute-based filters

Use specific finding attributes to include or exclude certain findings from a Findings table. A finding attribute is a field that stores specific data for a finding, such as finding type, severity, or the name of the S3 bucket that the finding applies to. If you filter a table, you can more easily identify findings that have specific characteristics. Then you can drill down to view the details of those findings.

For example, to review all of your policy findings, add filter criteria for the Category field. To refine your view and include only a specific type of policy finding, add filter criteria for the Finding type field. To then review the details of a particular finding, choose the finding. The details panel displays information for the finding.

You can also sort findings in ascending or descending order by certain fields. To do this, click the column heading for the field. To change the sort order, click the column heading again.

To view findings on the console

  1. Open the Macie console at https://console.aws.amazon.com/macie/.

  2. In the navigation pane, choose Findings. The Findings page displays findings that Macie created or updated for your account in the current AWS Region during the past 30 days. By default, this doesn't include findings that were suppressed by a suppression rule.

  3. (Optional) To view and pivot on findings by a predefined logical group, choose By bucket, By type, or By job in the navigation pane (under Findings), and then choose an item in the table. In the details panel, choose the link for the field to pivot on.

  4. (Optional) To filter the findings by specific criteria, use the filter bar above the table:

    
     The filter bar above the table on the Findings page.
    • To display findings that were suppressed by a suppression rule, choose Current in the filter bar. Then choose Archived to display only suppressed findings, or choose All to display both current and suppressed findings.

    • To display only those findings that have a specific attribute, place your cursor in the filter bar and add a filter condition for the attribute. To further refine the results, add conditions for additional attributes. For information about using filter conditions, see Creating and applying filters to findings.

    • To remove a filter condition, choose the remove condition icon ( A circle with an X in it ) in the filter box.

    To save your filter settings, choose Save rule in the filter bar. Then enter a name and, optionally, a description for the settings. When you finish, choose Save.

  5. (Optional) To sort the findings by a specific field, click the column heading for the field. To change the sort order, click the column heading again.

  6. To view the details of a specific finding, choose any field other than the check box for the finding. The details panel displays information for the finding.

    Tip

    You can use the details panel to pivot and drill down on certain fields by choosing a magnifying glass for the field. Choose A magnifying glass with a plus sign to show findings with the same value, or choose A magnifying glass with a minus sign to show findings with other values.

    For a sensitive data finding, you can also use the details panel to locate occurrences of sensitive data in the affected object, or navigate to the corresponding sensitive data discovery result for the finding:

    • To locate occurrences of sensitive data, choose a link in an Occurrences field. Macie displays information (in JSON format) about where Macie found the data. To learn more, see Locating sensitive data with findings.

    • To navigate to the corresponding sensitive data discovery result, choose the link in the Detailed result location field. Macie opens the Amazon S3 console and displays the file or folder that contains the discovery result. To learn more, see Reviewing job statistics and results.

You can also download and save the details of one or more findings as a JSON file. To do this, select the check box for each finding that you want to download and save. Then choose Export (JSON) from the Actions menu at the top of the Findings page. In the window that appears, choose Download.