Macie Flashcards
Macie
What is Macie?
Discover, monitor, and protect data stored in S3 buckets
Macie
How does it work / underlying tech?
Scans objects for PII, PHI, finance stuff, credit card numbers, PKI, AWS creds, addresses, …
Macie
Two types of Identifiers?
AWS managed (built-in) and custom (you build them)
Macie
What tech is used by Managed data identifiers?
ML and pattern-matching
Macie
How can you create a custom Identifier?
Use a regex, for example
Macie
What happens if Macie finds something?
Creates a Finding.
Macie
What can you integrate with Findings?
AWS Security Hub, EventBridge
Macie
How do you set up multi-account with Macie?
Automatic! Use Organizations or explicitly invite other accounts
Macie
How do you launch Macie?
Create a Discovery Job: schedule, which data identifiers, which buckets
Macie
Three things in a Custom Identifier?
Regex, keywords (with max distance), ignore words
Macie
Two types of Findings?
Policy (bucket is open), Sensitive Data (matched an Identifier)
Macie
Three examples of Policy Findings?
BlockPublicAccessDisabled, BucketEncryptionDisabled, BucketPublic
Macie
Three examples of Sensitive Data?
Credentials, credit card number, mailing address