To support integration with other applications, services, and systems, such as monitoring or event management systems, Amazon Macie automatically publishes policy and sensitive data findings to Amazon EventBridge as events. For additional support and broader analysis of your organization's security posture, you can configure Macie to also publish policy and sensitive data findings to AWS Security Hub.
- Amazon EventBridge
-
Amazon EventBridge, formerly Amazon CloudWatch Events, is a serverless event bus service that delivers a stream of real-time data from applications and services, and routes that data to targets such as AWS Lambda functions, Amazon Simple Notification Service topics, and Amazon Kinesis streams. With EventBridge, you can automate monitoring and processing of certain types of events, including events that Macie publishes for findings. To learn more, see Processing findings with Amazon EventBridge.
If you integrate AWS User Notifications with Macie, you can also use EventBridge events to automatically generate notifications about events that Macie publishes for findings. With User Notifications, you create custom rules and configure delivery channels for receiving notifications about EventBridge events of interest. The delivery channels include email, Amazon Q Developer in chat applications chat notifications, and AWS Console Mobile Application push notifications. You can also review notifications in a central location on the AWS Management Console. To learn more, see Monitoring findings with AWS User Notifications.
- AWS Security Hub
-
AWS Security Hub is a security service that provides you with a comprehensive view of your security state across your AWS environment. It collects security data from AWS services and supported AWS Partner Network security solutions, and helps you check your environment against security industry standards and best practices. It also helps you analyze security trends and identify high-priority issues.
With Security Hub, you can review and evaluate Macie findings as part of a broader analysis of your organization's security posture. You can also aggregate findings from multiple AWS Regions, and monitor and process aggregated findings data from a single Region. To learn more, see Evaluating findings with AWS Security Hub.
When Macie creates a finding, it automatically publishes the finding to EventBridge as a new event. Depending on the publication settings that you choose for your account, Macie can also publish the finding to Security Hub. Macie publishes each new finding immediately after it finishes processing the finding. If Macie detects a subsequent occurrence of an existing policy finding, it publishes an update to the existing EventBridge event for the finding. Depending on your publication settings, Macie can also publish the update to Security Hub. Macie publishes these updates on a recurring basis, using a publication frequency that you specify in the publication settings for your account.
In addition to the preceding options, you can query and retrieve findings data directly by using the Amazon Macie API. The Amazon Macie API gives you comprehensive, programmatic access to the data. To query the data, you can send HTTPS requests directly to Macie or use a current version of an AWS SDK or an AWS command line tool. If you query the data, Macie returns the results in a JSON response. You can then pass the results to another service or application for additional processing, monitoring, or reporting. For more information, see the Amazon Macie API Reference.
Topics
