You have learnt how to create filters, both exclude and include and how to use the finding details panel. For this job you included a custom data identifier. In this section you will gather some information about the files stored with Project Unicorn data in them as well as look at the rememdiation actions taken by the CloudWatch event and Lambda function you configured in an earlier module.
Amazon Macie will produce findings for all managed data identifiers. To reduce the number of results you create a suppression rule. After you create a suppression rule, Macie will continue to generate findings that meet the criteria. However, Macie archives the findings automatically and stops publishing the findings as Amazon CloudWatch events.
Create the following to test your understanding of how filters work:
Click to see the solution to finding files and buckets containing project data
The Lambda remediation function was written to take action when triggered by a CloudWatch event related to any findings which were created by the custom data identifier you created. The function will move the file to a location with the correct security settings and then delete the file. It will leave a stub file with the same name as the original but with a message to the user. The Lambda function will also apply the correct data classification tag to the file and send an email to the address provided in the CloudFormation template in Module 1.
To see the message left for the user in the stub file you can follow these steps
If all Project Unicorn data should be Confidential, which files are not correctly tagged?
Click to see the solution for discovering incorrectly tagged Project Unicorn data
Create a suppression rule to surface incorrectly tagged objects and hide all correctly tagged and stored project data
You are now able to create include or equals and exclude or not equals filters and apply filters to Amazon Macie findings. You can also create and apply a suppression rule to filter out results.