# Security Monitoring and Dashboards

## Amazon Macie

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor, and protect your sensitive data in AWS. In this section, you will learn the benefits of deploying Amazon Macie to help protect your data. 

### Discover Sensitive Data
You can automate discovery and reporting of sensitive data by creating and running sensitive-data discovery jobs. A sensitive-data discovery job analyzes objects in S3 buckets to determine whether they contain sensitive data. If Macie detects sensitive data in an object, it creates a sensitive data finding for you. The finding provides a detailed report of the sensitive data that Macie found.



You can configure a job to run only once, for on-demand analysis and assessment, or on a recurring basis for periodic analysis, assessment, and monitoring. You can also choose various options to control the breadth and depth of a job's analysis, such as the S3 buckets that you want to analyze, the sampling depth, and custom include and exclude criteria that derive from properties of S3 objects. With these scheduling and scope options, you can build and maintain a comprehensive view of the data that your organization stores in Amazon S3 and any security or compliance risks for that data.


### User Machine Learning
Macie automatically uses machine learning and pattern matching to analyze objects in S3 buckets. These techniques and criteria can detect a large and growing list of sensitive data types for many countries and regions, including:

- Multiple types of personally identifiable information (PII)
- Personal health information (PHI)
- Financial data

You can also customize what Macie looks for to reflect your unique scenarios, intellectual property, or proprietary data, such as customer account numbers or internal data classifications.

### Inventory and Access Control
If you require an inventory of your S3 buckets, Macie automatically evaluates and monitors those buckets for security and access control. Within minutes, Macie can identify and report overly permissive or unencrypted buckets within your organization.



If Macie detects sensitive data or potential issues with the security or privacy of your data, it creates detailed findings for you to review in a dashboard.



The dashboards give you a snapshot of aggregated statistics for your buckets, including how many of your buckets are publicly accessible, shared with other AWS accounts, or that don’t encrypt objects by default. You can drill down on each statistic to view the supporting data.

### CloudTrail Integration
Amazon Macie integrates with AWS CloudTrail, and provides a record of actions taken by a user, a role, or another AWS service. This includes actions from the Amazon Macie console and programmatic calls to Amazon Macie API operations.



By using the information collected in CloudTrail, you can determine which requests were made to Macie. For each request, you can identify when it was made, the IP address from which it was made, who made it, and additional details.

## What is Amazon GuardDuty?

Amazon GuardDuty is a security monitoring service that analyzes and processes certain types of AWS logs, such as AWS CloudTrail data event logs for Amazon S3 and CloudTrail management event logs. It uses threat intelligence feeds, such as lists of malicious IP addresses and domains, and machine learning to identify unexpected and potentially unauthorized and malicious activity within your AWS environment.

## Integration with Amazon Macie

Macie can integrate with both CloudTrail and Amazon GuardDuty to help monitor the permission and security of the buckets. CloudTrail data about access and permissions is limited to account-level and bucket-level settings and doesn’t reflect object-level settings. To monitor object-level events, AWS recommends that you use the Amazon S3 protection feature of Amazon GuardDuty. This feature monitors object-level, Amazon S3 data events and analyzes them for malicious and suspicious activity.