2020/10/30 - Amazon Macie 2 - 5 updated api methods
Changes This release of the Amazon Macie API adds an eqExactMatch operator for filtering findings. With this operator you can increase the precision of your finding filters and suppression rules.
{'findingCriteria': {'criterion': {'eqExactMatch': ['string']}}}
Creates and defines the criteria and other settings for a findings filter.
See also: AWS API Documentation
Request Syntax
client.create_findings_filter(
action='ARCHIVE'|'NOOP',
clientToken='string',
description='string',
findingCriteria={
'criterion': {
'string': {
'eq': [
'string',
],
'eqExactMatch': [
'string',
],
'gt': 123,
'gte': 123,
'lt': 123,
'lte': 123,
'neq': [
'string',
]
}
}
},
name='string',
position=123,
tags={
'string': 'string'
}
)
string
[REQUIRED]
The action to perform on findings that meet the filter criteria (findingCriteria). Valid values are: ARCHIVE, suppress (automatically archive) the findings; and, NOOP, don't perform any action on the findings.
string
A unique, case-sensitive token that you provide to ensure the idempotency of the request.
This field is autopopulated if not provided.
string
A custom description of the filter. The description can contain as many as 512 characters.
We strongly recommend that you avoid including any sensitive data in the description of a filter. Other users of your account might be able to see the filter's description, depending on the actions that they're allowed to perform in Amazon Macie.
dict
[REQUIRED]
The criteria to use to filter findings.
criterion (dict) --
A condition that specifies the property, operator, and value to use to filter the results.
(string) --
(dict) --
Specifies the operator to use in a property-based condition that filters the results of a query for findings.
eq (list) --
An equal to condition to apply to a specified property value for findings.
(string) --
eqExactMatch (list) --
A condition that requires an array field on a finding to exactly match the specified property values. You can use this operator with the following properties:
customDataIdentifiers.detections.arn
customDataIdentifiers.detections.name
resourcesAffected.s3Bucket.tags.key
resourcesAffected.s3Bucket.tags.value
resourcesAffected.s3Object.tags.key
resourcesAffected.s3Object.tags.value
sensitiveData.category
sensitiveData.detections.type
(string) --
gt (integer) --
A greater than condition to apply to a specified property value for findings.
gte (integer) --
A greater than or equal to condition to apply to a specified property value for findings.
lt (integer) --
A less than condition to apply to a specified property value for findings.
lte (integer) --
A less than or equal to condition to apply to a specified property value for findings.
neq (list) --
A not equal to condition to apply to a specified property value for findings.
(string) --
string
[REQUIRED]
A custom name for the filter. The name must contain at least 3 characters and can contain as many as 64 characters.
We strongly recommend that you avoid including any sensitive data in the name of a filter. Other users of your account might be able to see the filter's name, depending on the actions that they're allowed to perform in Amazon Macie.
integer
The position of the filter in the list of saved filters on the Amazon Macie console. This value also determines the order in which the filter is applied to findings, relative to other filters that are also applied to the findings.
dict
A map of key-value pairs that specifies the tags to associate with the filter.
A findings filter can have a maximum of 50 tags. Each tag consists of a tag key and an associated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.
(string) --
(string) --
dict
Response Syntax
{
'arn': 'string',
'id': 'string'
}
Response Structure
(dict) --
arn (string) --
The Amazon Resource Name (ARN) of the filter that was created.
id (string) --
The unique identifier for the filter that was created.
{'findingCriteria': {'criterion': {'eqExactMatch': ['string']}}}
Retrieves (queries) aggregated statistical data about findings.
See also: AWS API Documentation
Request Syntax
client.get_finding_statistics(
findingCriteria={
'criterion': {
'string': {
'eq': [
'string',
],
'eqExactMatch': [
'string',
],
'gt': 123,
'gte': 123,
'lt': 123,
'lte': 123,
'neq': [
'string',
]
}
}
},
groupBy='resourcesAffected.s3Bucket.name'|'type'|'classificationDetails.jobId'|'severity.description',
size=123,
sortCriteria={
'attributeName': 'groupKey'|'count',
'orderBy': 'ASC'|'DESC'
}
)
dict
The criteria to use to filter the query results.
criterion (dict) --
A condition that specifies the property, operator, and value to use to filter the results.
(string) --
(dict) --
Specifies the operator to use in a property-based condition that filters the results of a query for findings.
eq (list) --
An equal to condition to apply to a specified property value for findings.
(string) --
eqExactMatch (list) --
A condition that requires an array field on a finding to exactly match the specified property values. You can use this operator with the following properties:
customDataIdentifiers.detections.arn
customDataIdentifiers.detections.name
resourcesAffected.s3Bucket.tags.key
resourcesAffected.s3Bucket.tags.value
resourcesAffected.s3Object.tags.key
resourcesAffected.s3Object.tags.value
sensitiveData.category
sensitiveData.detections.type
(string) --
gt (integer) --
A greater than condition to apply to a specified property value for findings.
gte (integer) --
A greater than or equal to condition to apply to a specified property value for findings.
lt (integer) --
A less than condition to apply to a specified property value for findings.
lte (integer) --
A less than or equal to condition to apply to a specified property value for findings.
neq (list) --
A not equal to condition to apply to a specified property value for findings.
(string) --
string
[REQUIRED]
The finding property to use to group the query results. Valid values are:
classificationDetails.jobId - The unique identifier for the classification job that produced the finding.
resourcesAffected.s3Bucket.name - The name of the S3 bucket that the finding applies to.
severity.description - The severity level of the finding, such as High or Medium.
type - The type of finding, such as Policy:IAMUser/S3BucketPublic and SensitiveData:S3Object/Personal.
integer
The maximum number of items to include in each page of the response.
dict
The criteria to use to sort the query results.
attributeName (string) --
The grouping to sort the results by. Valid values are: count, sort the results by the number of findings in each group of results; and, groupKey, sort the results by the name of each group of results.
orderBy (string) --
The sort order to apply to the results, based on the value for the property specified by the attributeName property. Valid values are: ASC, sort the results in ascending order; and, DESC, sort the results in descending order.
dict
Response Syntax
{
'countsByGroup': [
{
'count': 123,
'groupKey': 'string'
},
]
}
Response Structure
(dict) --
The request succeeded.
countsByGroup (list) --
An array of objects, one for each group of findings that meet the filter criteria specified in the request.
(dict) --
Provides a group of results for a query that retrieved aggregated statistical data about findings.
count (integer) --
The total number of findings in the group of query results.
groupKey (string) --
The name of the property that defines the group in the query results, as specified by the groupBy property in the query request.
{'findingCriteria': {'criterion': {'eqExactMatch': ['string']}}}
Retrieves the criteria and other settings for a findings filter.
See also: AWS API Documentation
Request Syntax
client.get_findings_filter(
id='string'
)
string
[REQUIRED]
The unique identifier for the Amazon Macie resource or account that the request applies to.
dict
Response Syntax
{
'action': 'ARCHIVE'|'NOOP',
'arn': 'string',
'description': 'string',
'findingCriteria': {
'criterion': {
'string': {
'eq': [
'string',
],
'eqExactMatch': [
'string',
],
'gt': 123,
'gte': 123,
'lt': 123,
'lte': 123,
'neq': [
'string',
]
}
}
},
'id': 'string',
'name': 'string',
'position': 123,
'tags': {
'string': 'string'
}
}
Response Structure
(dict) --
The request succeeded.
action (string) --
The action that's performed on findings that meet the filter criteria (findingCriteria). Possible values are: ARCHIVE, suppress (automatically archive) the findings; and, NOOP, don't perform any action on the findings.
arn (string) --
The Amazon Resource Name (ARN) of the filter.
description (string) --
The custom description of the filter.
findingCriteria (dict) --
The criteria that's used to filter findings.
criterion (dict) --
A condition that specifies the property, operator, and value to use to filter the results.
(string) --
(dict) --
Specifies the operator to use in a property-based condition that filters the results of a query for findings.
eq (list) --
An equal to condition to apply to a specified property value for findings.
(string) --
eqExactMatch (list) --
A condition that requires an array field on a finding to exactly match the specified property values. You can use this operator with the following properties:
customDataIdentifiers.detections.arn
customDataIdentifiers.detections.name
resourcesAffected.s3Bucket.tags.key
resourcesAffected.s3Bucket.tags.value
resourcesAffected.s3Object.tags.key
resourcesAffected.s3Object.tags.value
sensitiveData.category
sensitiveData.detections.type
(string) --
gt (integer) --
A greater than condition to apply to a specified property value for findings.
gte (integer) --
A greater than or equal to condition to apply to a specified property value for findings.
lt (integer) --
A less than condition to apply to a specified property value for findings.
lte (integer) --
A less than or equal to condition to apply to a specified property value for findings.
neq (list) --
A not equal to condition to apply to a specified property value for findings.
(string) --
id (string) --
The unique identifier for the filter.
name (string) --
The custom name of the filter.
position (integer) --
The position of the filter in the list of saved filters on the Amazon Macie console. This value also determines the order in which the filter is applied to findings, relative to other filters that are also applied to the findings.
tags (dict) --
A map of key-value pairs that identifies the tags (keys and values) that are associated with the filter.
(string) --
(string) --
{'findingCriteria': {'criterion': {'eqExactMatch': ['string']}}}
Retrieves a subset of information about one or more findings.
See also: AWS API Documentation
Request Syntax
client.list_findings(
findingCriteria={
'criterion': {
'string': {
'eq': [
'string',
],
'eqExactMatch': [
'string',
],
'gt': 123,
'gte': 123,
'lt': 123,
'lte': 123,
'neq': [
'string',
]
}
}
},
maxResults=123,
nextToken='string',
sortCriteria={
'attributeName': 'string',
'orderBy': 'ASC'|'DESC'
}
)
dict
The criteria to use to filter the results.
criterion (dict) --
A condition that specifies the property, operator, and value to use to filter the results.
(string) --
(dict) --
Specifies the operator to use in a property-based condition that filters the results of a query for findings.
eq (list) --
An equal to condition to apply to a specified property value for findings.
(string) --
eqExactMatch (list) --
A condition that requires an array field on a finding to exactly match the specified property values. You can use this operator with the following properties:
customDataIdentifiers.detections.arn
customDataIdentifiers.detections.name
resourcesAffected.s3Bucket.tags.key
resourcesAffected.s3Bucket.tags.value
resourcesAffected.s3Object.tags.key
resourcesAffected.s3Object.tags.value
sensitiveData.category
sensitiveData.detections.type
(string) --
gt (integer) --
A greater than condition to apply to a specified property value for findings.
gte (integer) --
A greater than or equal to condition to apply to a specified property value for findings.
lt (integer) --
A less than condition to apply to a specified property value for findings.
lte (integer) --
A less than or equal to condition to apply to a specified property value for findings.
neq (list) --
A not equal to condition to apply to a specified property value for findings.
(string) --
integer
The maximum number of items to include in each page of the response.
string
The nextToken string that specifies which page of results to return in a paginated response.
dict
The criteria to use to sort the results.
attributeName (string) --
The name of the property to sort the results by. This value can be the name of any property that Amazon Macie defines for a finding.
orderBy (string) --
The sort order to apply to the results, based on the value for the property specified by the attributeName property. Valid values are: ASC, sort the results in ascending order; and, DESC, sort the results in descending order.
dict
Response Syntax
{
'findingIds': [
'string',
],
'nextToken': 'string'
}
Response Structure
(dict) --
The request succeeded.
findingIds (list) --
An array of strings, where each string is the unique identifier for a finding that meets the filter criteria specified in the request.
(string) --
nextToken (string) --
The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.
{'findingCriteria': {'criterion': {'eqExactMatch': ['string']}}}
Updates the criteria and other settings for a findings filter.
See also: AWS API Documentation
Request Syntax
client.update_findings_filter(
action='ARCHIVE'|'NOOP',
description='string',
findingCriteria={
'criterion': {
'string': {
'eq': [
'string',
],
'eqExactMatch': [
'string',
],
'gt': 123,
'gte': 123,
'lt': 123,
'lte': 123,
'neq': [
'string',
]
}
}
},
id='string',
name='string',
position=123
)
string
The action to perform on findings that meet the filter criteria (findingCriteria). Valid values are: ARCHIVE, suppress (automatically archive) the findings; and, NOOP, don't perform any action on the findings.
string
A custom description of the filter. The description can contain as many as 512 characters.
We strongly recommend that you avoid including any sensitive data in the description of a filter. Other users might be able to see the filter's description, depending on the actions that they're allowed to perform in Amazon Macie.
dict
The criteria to use to filter findings.
criterion (dict) --
A condition that specifies the property, operator, and value to use to filter the results.
(string) --
(dict) --
Specifies the operator to use in a property-based condition that filters the results of a query for findings.
eq (list) --
An equal to condition to apply to a specified property value for findings.
(string) --
eqExactMatch (list) --
A condition that requires an array field on a finding to exactly match the specified property values. You can use this operator with the following properties:
customDataIdentifiers.detections.arn
customDataIdentifiers.detections.name
resourcesAffected.s3Bucket.tags.key
resourcesAffected.s3Bucket.tags.value
resourcesAffected.s3Object.tags.key
resourcesAffected.s3Object.tags.value
sensitiveData.category
sensitiveData.detections.type
(string) --
gt (integer) --
A greater than condition to apply to a specified property value for findings.
gte (integer) --
A greater than or equal to condition to apply to a specified property value for findings.
lt (integer) --
A less than condition to apply to a specified property value for findings.
lte (integer) --
A less than or equal to condition to apply to a specified property value for findings.
neq (list) --
A not equal to condition to apply to a specified property value for findings.
(string) --
string
[REQUIRED]
The unique identifier for the Amazon Macie resource or account that the request applies to.
string
A custom name for the filter. The name must contain at least 3 characters and can contain as many as 64 characters.
We strongly recommend that you avoid including any sensitive data in the name of a filter. Other users might be able to see the filter's name, depending on the actions that they're allowed to perform in Amazon Macie.
integer
The position of the filter in the list of saved filters on the Amazon Macie console. This value also determines the order in which the filter is applied to findings, relative to other filters that are also applied to the findings.
dict
Response Syntax
{
'arn': 'string',
'id': 'string'
}
Response Structure
(dict) --
The request succeeded. The specified findings filter was updated.
arn (string) --
The Amazon Resource Name (ARN) of the filter that was updated.
id (string) --
The unique identifier for the filter that was updated.