Deleting a suppression rule for Macie
findings
You can delete a suppression rule at any time. If you delete a suppression rule, Amazon Macie
stops suppressing new and subsequent occurrences of findings that match the rule's
criteria and aren't suppressed by other rules. Note, however, that Macie might continue
to suppress findings that it's currently processing and match the rule's
criteria.
After you delete a suppression rule, new and subsequent occurrences of findings that match
the rule's criteria have a status of current (not
archived). This means that they appear by default
on the Amazon Macie console. In addition, Macie publishes them to Amazon EventBridge as events.
Depending on the publication settings
for your account, Macie also publishes the findings to AWS Security Hub.
To delete a suppression rule for findings
You can delete a suppression rule by using the Amazon Macie console or the Amazon Macie
API.
- Console
-
Follow these steps to delete a suppression rule by using the Amazon Macie
console.
To delete a suppression rule
Open the Amazon Macie console at https://console.aws.amazon.com/macie/.
-
In the navigation pane, choose
Findings.
-
In the Saved rules list, choose the edit icon
(
) next to the suppression rule that you
want to delete.
-
Under Suppression rule, choose
Delete.
- API
-
To delete a suppression rule programmatically, use the DeleteFindingsFilter operation of the Amazon Macie API. For the
id
parameter, specify the unique identifier for the
suppression rule to delete. You can get this identifier by using the ListFindingsFilter operation to retrieve a list of suppression
and filter rules for your account. If you're using the AWS Command Line Interface (AWS CLI),
run the list-findings-filters command to retrieve this list.
To delete a suppression rule by using the AWS CLI, run the delete-findings-filter command. For example:
C:\>
aws macie2 delete-findings-filter --id 8a3c5608-aa2f-4940-b347-d1451example
Where 8a3c5608-aa2f-4940-b347-d1451example
is
the unique identifier for the suppression rule to delete.
If the command runs successfully, Macie returns an empty HTTP 200
response. Otherwise, Macie returns an HTTP 4xx or 500 response that indicates why the operation
failed.