Which solution will meet these requirements?
Use Amazon Macie. Create an Amazon EventBridge rule to filter the SensitiveData event type from Macie findings and to send an Amazon Simple Notification Service (Amazon SNS) notification to the security team.
Use Amazon GuardDuty. Create an Amazon EventBridge rule to filter the CRITICAL event type from GuardDuty findings and to send an Amazon Simple Notification Service (Amazon SNS) notification to the security team.
Use Amazon Macie. Create an Amazon EventBridge rule to filter the SensitiveData:S3Object/Personal event type from Macie findings and to send an Amazon Simple Queue Service (Amazon SQS) notification to the security team.
Use Amazon GuardDuty. Create an Amazon EventBridge rule to filter the CRITICAL event type from GuardDuty findings and to send an Amazon Simple Queue Service (Amazon SQS) notification to the security team.
Explanations:
Amazon Macie is designed specifically to detect and classify sensitive data, including PII, in Amazon S3. By creating an Amazon EventBridge rule to filter the SensitiveData event type, the company can automatically notify the security team through Amazon SNS when PII is detected.
Amazon GuardDuty primarily focuses on threat detection and does not specifically identify PII in S3 buckets. Therefore, filtering CRITICAL event types would not meet the requirement of detecting PII.
While Amazon Macie is suitable for detecting PII, the event type “SensitiveData/Personal” does not exist in Macie. The correct event type for notification should be “SensitiveData”. Furthermore, Amazon SQS is not as direct for notifications compared to SNS, which is designed for sending alerts.
Similar to option B, Amazon GuardDuty does not identify PII in S3 buckets. Therefore, filtering CRITICAL event types from GuardDuty findings would not help in detecting PII, making this option incorrect.