Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

Working with Macie sample findings

PDF
RSS
Focus mode
Working with Macie sample findings - Amazon Macie
Creating sample findingsReviewing sample findingsSuppressing sample findings

To explore and learn about the different types of findings that Amazon Macie can generate, you can create sample findings. Sample findings use example data and placeholder values to demonstrate the kinds of information that each type of finding might contain.

For example, the Policy:IAMUser/S3BucketPublic sample finding contains details about a fictitious Amazon Simple Storage Service (Amazon S3) bucket. The finding's details include example data about an actor and action that changed the access control list (ACL) for the bucket and made the bucket publicly accessible. Similarly, the SensitiveData:S3Object/Multiple sample finding contains details about a fictitious Microsoft Excel workbook. The finding's details include example data about the types and location of sensitive data in the workbook.

In addition to familiarizing yourself with the information that different types of findings might contain, you can use sample findings to test integration with other applications, services, and systems. Depending on the suppression rules for your account, Macie can publish sample findings to Amazon EventBridge as events. The example data in these events can help you develop and test automated solutions for monitoring and processing findings with EventBridge. Depending on the publication settings for your account, Macie can also publish sample findings to AWS Security Hub. This means that you can also use sample findings to develop and test solutions for evaluating Macie findings with Security Hub. For information about publishing findings to these services, see Monitoring and processing findings.

Creating sample findings

You can create sample findings by using the Amazon Macie console or the Amazon Macie API. If you use the console, Macie automatically generates one sample finding for each type of finding that Macie supports. If you use the API, you can create a sample for each type, or only certain types that you specify.

Console

Follow these steps to create sample findings by using the Amazon Macie console.

To create sample findings

  1. Open the Amazon Macie console at https://console.aws.amazon.com/macie/.

  2. In the navigation pane, choose Settings.

  3. Under Sample findings, choose Generate sample findings.

API

To create sample findings programmatically, use the CreateSampleFindings operation of the Amazon Macie API. When you submit your request, optionally use the findingTypes parameter to specify only certain types of sample findings to create. To automatically create samples of all types, don't include this parameter in your request.

To create sample findings by using the AWS Command Line Interface (AWS CLI), run the create-sample-findings command. To automatically create samples of all types of findings, don't include the finding-types parameter. To create samples of only certain types of findings, include this parameter and specify the types of sample findings to create. For example:

C:\> aws macie2 create-sample-findings --finding-types "SensitiveData:S3Object/Multiple" "Policy:IAMUser/S3BucketPublic"

Where SensitiveData:S3Object/Multiple is a type of sensitive data finding to create and Policy:IAMUser/S3BucketPublic is a type of policy finding to create.

If the command runs successfully, Macie returns an empty response.

anchoranchor

Follow these steps to create sample findings by using the Amazon Macie console.

To create sample findings

  1. Open the Amazon Macie console at https://console.aws.amazon.com/macie/.

  2. In the navigation pane, choose Settings.

  3. Under Sample findings, choose Generate sample findings.

If you create sample findings again within 90 days, Macie generates a new finding for each type of sensitive data finding that you create. For policy findings, Macie updates each existing sample finding by incrementing the count of occurrences and updating details about when the subsequent occurrence occurred.

Reviewing sample findings

To help you identify sample findings, Amazon Macie sets the value for the Sample field of each sample finding to True. In addition, the name of the affected S3 bucket is the same for all sample findings: macie-sample-finding-bucket. If you review sample findings by using Findings pages on the Amazon Macie console, Macie also displays the [SAMPLE] prefix in the Finding type field for each sample finding.

Console

Follow these steps to review sample findings by using the Amazon Macie console.

To review sample findings

  1. Open the Amazon Macie console at https://console.aws.amazon.com/macie/.

  2. In the navigation pane, choose Findings.

  3. On the Findings page, do any of the following:

    • In the Finding type column, locate findings whose type begins with [SAMPLE], as shown in the following image.

      The Finding type column on the Findings page. It lists findings that have the [SAMPLE] prefix.

    • By using the Filter criteria box above the table, filter the table to display only sample findings. To do this, place your cursor in the box. In the list of fields that appears, choose Sample. Then choose True, and then choose Apply.

  4. To review the details of a specific sample finding, choose the finding. The details panel displays information for the finding.

You can also download and save the details of one or more sample findings as a JSON file. To do this, select the checkbox for each sample finding that you want to download and save. Then choose Export (JSON) on the Actions menu at the top of the Findings page. In the window that appears, choose Download. For detailed descriptions of the JSON fields that a finding can include, see Findings in the Amazon Macie API Reference.

API

To review sample findings programmatically, first use the ListFindings operation of the Amazon Macie API to retrieve the unique identifier (findingId) for each sample finding that you created. Then use the GetFindings operation to retrieve the details of those findings.

When you submit the ListFindings request, you can specify filter criteria to include only sample findings in the results. To do this, add a filter condition where the value for the sample field is true. If you're using the AWS CLI, run the list-findings command and use the finding-criteria parameter to specify the filter condition. For example:

C:\> aws macie2 list-findings --finding-criteria={\"criterion\":{\"sample\":{\"eq\":[\"true\"]}}}

If your request succeeds, Macie returns a findingIds array. The array lists the unique identifier for each sample finding for your account in the current AWS Region.

To then retrieve the details of the sample findings, specify these unique identifiers in a GetFindings request or, for the AWS CLI, when you run the get-findings command.

anchoranchor

Follow these steps to review sample findings by using the Amazon Macie console.

To review sample findings

  1. Open the Amazon Macie console at https://console.aws.amazon.com/macie/.

  2. In the navigation pane, choose Findings.

  3. On the Findings page, do any of the following:

    • In the Finding type column, locate findings whose type begins with [SAMPLE], as shown in the following image.

      The Finding type column on the Findings page. It lists findings that have the [SAMPLE] prefix.

    • By using the Filter criteria box above the table, filter the table to display only sample findings. To do this, place your cursor in the box. In the list of fields that appears, choose Sample. Then choose True, and then choose Apply.

  4. To review the details of a specific sample finding, choose the finding. The details panel displays information for the finding.

You can also download and save the details of one or more sample findings as a JSON file. To do this, select the checkbox for each sample finding that you want to download and save. Then choose Export (JSON) on the Actions menu at the top of the Findings page. In the window that appears, choose Download. For detailed descriptions of the JSON fields that a finding can include, see Findings in the Amazon Macie API Reference.

Suppressing sample findings

Like other findings, Amazon Macie stores sample findings for 90 days. After you finish reviewing and experimenting with the samples, you can optionally archive them by creating a suppression rule. If you do this, the sample findings stop appearing by default on the console and their status changes to archived.

To archive sample findings by using the Amazon Macie console, configure the rule to archive findings where the value for the Sample field is True. To archive sample findings by using the Amazon Macie API, configure the rule to archive findings where the value for the sample field is true.

On this page

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.