If you have an AWS organizational account, you can update it to Trend Vision One File
Security.
Procedure
- On Vision One Cloud Account Management, select the Organization and FSS feature, then download the template
- Modify CloudFormation template to disable V1FSS EventBridge Rule.
V1 CAM Stack | |-------- TemplateURL of VisionOneStackSet | | VisionOneStack Instance | |-------- TemplateURL of FssStack | | V1FSS-Account-Scanner-StackSets | |-------- TemplateURL of FSSStackSet | | V1FSS-Account-Scanner-Stack (Modify State here)- Find
Resources: VisionOneStackSet’s TemplateURL in V1CAM Stack and download it. Find Resources: FssStack’s TemplateURL in VisionOneStack Instance Template and download it.Find Resources: FSSStackSet’s TemplateURL in V1FSS-Account-Scanner-StackSets.yaml and download it.- Modify
Resources: OnS3ObjectCreatedRule Statefrom ENABLED to DISABLED. - Upload the template to S3 bucket and make sure the accessibility of the template, and get the Object URL.
- Fill the Object URL from previous step into the TemplateURL of FSSStackSet
- Upload the template to S3 bucket and make sure the accessibility of the template, and get the Object URL.
- Fill the Object URL into the TemplateURL of FssStack. Upload the template to S3 bucket and make sure the accessibility of the template, and get the Object URL.
- Fill the Object URL into the TemplateURL of VisionOneStackSet.
- Upload the template to S3 bucket and make sure the accessibility of the template, and get the Object URL.
- Use the Object URL as the input for the AWS CLI
create-stackparameter:--template-url.
- Find
- Deploy the modified CloudFormation template:
- Refer to the Online Help Using APIs to connect an AWS account | Trend Micro Service Central.
- For FSS parameters in CloudFormation template, please refer to Deploy File Security Storage to a new AWS account | Trend Micro Service Central.
- Turn
SyncBucketsEventBridgetoTrueto sync Buckets EventBridge, otherwise, have toTurn on scanningin Vision One File Security App by buckets
Verify that Trend Vision One Endpoint Security protection is working 
Go to the Trend Vision One Endpoint Security App, check the account under Computers.
You should be able to see all the instances under a cloud account.
Disable the Trend Cloud One File Security Storage EventBridge rule
Disable a rule with a prefix matching “<C1FSS-StackName>-OnS3ObjectCreatedRule”. The <C1FSS-StackName> default value is “Account-Scanner-TM-FileStorageSecurity”.
If you have customized the stack name, find the stack name that you entered in your
Cloud One File Storage Security deployment.
Enable the Trend Vision One File Security Storage EventBridge Rule
Enable the rule with the prefix matching “StackSet-V1FSStackSet-”.
Test upload sample files into protected S3 buckets
You should run the test by uploading 1 eicar file and 1 clean file.
Procedure
- Verify if the scan result is tagged correctly on the S3 files: clean file:
{ "fss-scan-detail-code": 0, "fss-scan-date": "YYYY/MM/DD hh:mm:ss", "fss-scan-result": "no issues found", "fss-scan-detail-message": "-", "fss-scanned": true }malicious file (eicar){ "fss-scan-detail-code": 0, "fss-scan-date": "YYYY/MM/DD hh:mm:ss", "fss-scan-result": "malicious", "fss-scan-detail-message": "-", "fss-scanned": true } - Verify if the scan results are successfully sent to Trend Vision One File Security.
- The AWS accounts and S3 buckets are displayed on the Inventory tab.
- The scan statistics and detection are displayed on the Scan Activity tab.
If Trend Vision One File Security Storage works, remove the Cloud One File Storage Security Stack.
Estimated downtime
The amount of downtime between disabling the Cloud One rule until verifying the scan
results in Trend Vision One is approximately 5-10 minutes per account. You can run
this on multiple cloud accounts simultaneously to reduce the overall downtime.