A command line utility to help you investigate the sensitive data associated with Macie findings.

Overview

Macie Finding Data Reveal

Java CI with Gradle

This project contains a command line utility to help you investigate the sensitive data associated with Macie findings. Macie generates sensitive data findings when it discovers sensitive data in S3 objects that you configure a sensitive data discovery job to analyze. The finding includes locators that point to where the specific sensitive data was observed. The operator can follow these pointers to see what Macie saw in the object. This follow-up helps the operator (usually a security engineer) validate that the discovered data is a true positive and decide what to do next with the specific finding and the object where the data was discovered. The CLI in this package automates the manual steps involved with retrieving the object where the sensitive data was discovered and viewing the discovered sensitive data based on its location.

For example, say you're looking at a finding like the following:

Often the next step, i.e. remediation or confirmation of security controls (like encryption, access-logging, etc.) depends on determining the accuracy and severity of the findings. Macie shows the occurrences that are often sufficient to make the decision.

Macie also provides the location of the sensitive data within the object that the finding is for. If you need to see the exact discovered data in order to make a decision on what to do with the finding this tool can be used to reveal the sensitive data contained within the object.

Build and Install

This is a Gradle Kotlin project. To build, you need Java 11:

> git clone https://github.com/aws-samples/amazon-macie-finding-data-reveal
> cd amazon-macie-finding-data-reveal

> ./gradlew build

The build produces an executable jar that you can run with Java 11. For convenience you may want to define an alias:

> alias reveal="java -jar ${PWD}/reveal/build/libs/reveal-executable.jar"

Permissions

The tool makes use of public API calls to S3 and Macie, so the usual IAM access control applies. The caller needs to have the permissions to invoke macie:GetFindings on the account and s3:GetObject on the specific object reported in the finding.

Usage

The tool makes API calls to Macie and S3 and you'd need to configure credentials as you do for use with AWS ClI.

# Locate where your finding and object are
> export AWS_REGION=us-east-1

# Pick the Finding ID from the console and reveal it (all values below are fake)
> reveal 8db5d79296b57dade4abeb2b9a5a8797
┌────────┬────────────────────────────────────────────────────────┐
│ Object │ s3://DOC-EXAMPLE-BUCKET/mock-data/json/50169671.json   │
├────────┼────────────────────────────────────────────────────────┤
│ Mime   │ application/json                                       │
├────────┼────────────────────────────────────────────────────────┤
│ Count  │ 493                                                    │
└────────┴────────────────────────────────────────────────────────┘
┌──────────────┐
│ PHONE_NUMBER │
├──────────────┤
│ 555-0100     │
├──────────────┤
│ 555-0100     │
├──────────────┤
│ 555-0100     │
└──────────────┘
┌────────────────────┐
│ NAME               │
├────────────────────┤
│ Alejandro Rosalez  │
├────────────────────┤
│ Diego Ramirez      │
├────────────────────┤
│ Martha Rivera      │
└────────────────────┘
┌────────────────────────┐
│ ADDRESS                │
├────────────────────────┤
│ 12 Any Street Any Town │
├────────────────────────┤
│ 34 Any Street Any Town │
├────────────────────────┤
│ 11 Any Street Any Town │
└────────────────────────┘

Can I Reveal all findings?

No. Macie scans a wide variety of objects in S3 buckets, ranging from small text files to large archives that hold hundreds of GBs of data. This tool helps you take a quick peek at the most common finding types findings to confirm the presence of sensitive data. Currently, the following mime-types are supported:

  • application/avro
  • text/csv
  • application/json
  • text/plain
  • application/parquet
  • application/vnd.openxmlformats-officedocument.spreadsheetml.sheet (Excel spreadsheets)

Please create an issue if a format you'd like to see isn't on the list. We'll try to add it, contributions are welcome too!

Troubleshooting

Mismatched bucket region

Error:

ERROR: The bucket you are attempting to access must be addressed using the specified endpoint. Please send all future requests to this endpoint (Service: S3, Status Code: 301)

Cause:

The tool uses regional endpoints. Set AWS_REGION to match where your Macie session is.

Security

See CONTRIBUTING for more information.

License

This project is licensed under the MIT-0 License. See the LICENSE file.

You might also like...
Small utility to create/restore encrypted backups

Quick Backup Choose some files and quickly create a complete encrypted and compressed file. Usage Clone the repository Run gradlew installShadowDist T

Small utility used to add Homewizard Energy Socket tiles to Android Quick Settings
Small utility used to add Homewizard Energy Socket tiles to Android Quick Settings

TileWizard [Alpha! Unstable!] Settings Result Functionality: Add up to 5 Wi-Fi Energy Sockets to Android Quick Settings. What do you need: Android dev

FractalUtils - A collection of utility functions and classes, with an emphasis on game related utilities

A collection of utility functions and classes written in Kotlin. There is some emphasis on utilities useful for games (Geometry, Random, Time, Updating, etc).

Utility library that utilizes KSP to generate Room type converter classes.

Roomie Roomie is an annotation processing library that utilizes KSP to geaRoomie is an annotation processing library that utilizes KSP to generate TypeConverter classes for Room. TypeConverter classes most often involve same boiler-plate code and Roomie makes it really easy to quickly create them with a single annotation.nerate TypeConverter classes for Room. TypeConverter classes most often invol

 CHAOS - Like a utility knife for discord
CHAOS - Like a utility knife for discord

CHAOS - Like a utility knife for discord. Currently under development. If you feel inclined, please support me by contributing to this project. Or alt

Obsi-bot: the next generation discord utility bot 🔥

obsi-bot obsi-bot is the next generation discord utility bot. It is developed in Kotlin using kordex and kord Help me translating Feel free to help me

Small Android library to help you incorporate MVP, Passive View and Presentation Model patterns in your app
Small Android library to help you incorporate MVP, Passive View and Presentation Model patterns in your app

DroidMVP About DroidMVP is a small Android library to help you incorporate the MVP pattern along with Passive View and Presentation Model (yes, those

KmmCaching - An application that illustrates fetching data from remote data source and caching it in local storage
KmmCaching - An application that illustrates fetching data from remote data source and caching it in local storage

An application that illustrates fetching data from remote data source and caching it in local storage for both IOS and Android platforms using Kotlin Multiplatform Mobile and SqlDelight.

An easy-to-use, cross-platform measurement tool that pulls data out of CD pipelines and analysis the four key metrics for you.
An easy-to-use, cross-platform measurement tool that pulls data out of CD pipelines and analysis the four key metrics for you.

Maintained by SEA team, ThoughtWorks Inc. Read this in other languages: English, 简体中文 Table of Contents About the Project Usage How to Compute Contrib

Comments
  • Update gradle build action config

    Update gradle build action config

    Issue #, if available: Project configuration maintenance

    Description of changes: This change improve the auto-build and auto-package action configurations

    By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

    opened by superbstreak 1
  • Add build status badge to readme

    Add build status badge to readme

    Issue #, if available: Update readme file

    Description of changes: Add the build status badge to the readme file :)

    Preview: image

    By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

    opened by superbstreak 0
  • Add Java CI with Gradle support

    Add Java CI with Gradle support

    Issue #, if available: Update project configurations

    Description of changes:

    • Add github action auto-build support
    • Add gradle-wrapper jar required by gradle
    • Add mock classification result files required by unit tests

    By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

    opened by superbstreak 0
  • Add Java CI with Gradle support

    Add Java CI with Gradle support

    Issue #, if available: Repo Infrastructure (init)

    Description of changes: This PR adds support for Java CI with Gradle Github Actions. After this change is merged in, the project will be able to perform auto build with the gradle build command.

    By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

    opened by superbstreak 0
Owner
AWS Samples
AWS Samples
A command line tool for NFT stuff

MartaKli is a command line tool to help you generate your NFT pfp project. Current features: Generate batch of images using different layers and corre

Martabak Cult 2 Oct 4, 2022
KDoctor - A command-line tool that helps to set up the environment for Kotlin Multiplatform Mobile app development

KDoctor is a command-line tool that helps to set up the environment for Kotlin Multiplatform Mobile app development.

Kotlin 331 Dec 29, 2022
Utility tool to make you a computer ninja.

Cmd Window Never spend 6 minutes doing something by hand when you can spend 6 hours failing to automate it - Zhuowej Zhang What is this about? This to

Marcin Radoszewski 3 Feb 1, 2022
Handy library to send & receive command with payload between subscribers for Android.

Commander Handy library to send & receive command with payload between subscribers for Android. Features Subscription based No dependency on Framework

Romman Sabbir 3 Oct 19, 2021
Command framework built around Kord, built to be robust and scalable, following Kord's convention and design patterns.

Command framework built around Kord, built to be robust and scalable, following Kord's convention and design patterns.

ZeroTwo Bot 4 Jun 15, 2022
A logger with a small, extensible API which provides utility on top of Android's normal Log class.

This is a logger with a small, extensible API which provides utility on top of Android's normal Log class. I copy this class into all the little apps

Jake Wharton 9.8k Dec 30, 2022
A small utility to record Android device screen to a GIF

RoboGif A small utility to record Android device screen to an optimized GIF so you can paste it to GitHub or a similar service. Requirements Python 2.

Jernej Virag 526 Dec 9, 2022
Utility for detecting and notifying when your Android app goes background / becomes foreground

Foredroid Utility for detecting and notifying when your Android app goes background / becomes foreground. API-level 14+. Usage: Initialise Foreground

Steve Liles 151 Nov 29, 2022
A collection of small utility functions to make it easier to deal with some otherwise nullable APIs on Android.

requireKTX is a collection of small utility functions to make it easier to deal with some otherwise nullable APIs on Android, using the same idea as requireContext, requireArguments, and other similar Android SDK methods.

Márton Braun 82 Oct 1, 2022