Views:
If you have an AWS organizational account, you can update it to Trend Vision One File Security.

Procedure

  1. On Vision One Cloud Account Management, select the Organization and FSS feature, then download the template
  2. Modify CloudFormation template to disable V1FSS EventBridge Rule.
    V1 CAM Stack
        |
        |-------- TemplateURL of VisionOneStackSet
                            |
                            |
                  VisionOneStack Instance
                            |
                            |-------- TemplateURL of FssStack
                                                  |
                                                  |
                                    V1FSS-Account-Scanner-StackSets
                                                  |
                                                  |-------- TemplateURL of FSSStackSet
                                                                          |
                                                                          |
                                                        V1FSS-Account-Scanner-Stack (Modify State here)
    1. Find Resources: VisionOneStackSet’s TemplateURL in V1CAM Stack and download it.
    2. Find Resources: FssStack’s TemplateURL in VisionOneStack Instance Template and download it.
    3. Find Resources: FSSStackSet’s TemplateURL in V1FSS-Account-Scanner-StackSets.yaml and download it.
    4. Modify Resources: OnS3ObjectCreatedRule State from ENABLED to DISABLED.
    5. Upload the template to S3 bucket and make sure the accessibility of the template, and get the Object URL.
    6. Fill the Object URL from previous step into the TemplateURL of FSSStackSet
    7. Upload the template to S3 bucket and make sure the accessibility of the template, and get the Object URL.
    8. Fill the Object URL into the TemplateURL of FssStack. Upload the template to S3 bucket and make sure the accessibility of the template, and get the Object URL.
    9. Fill the Object URL into the TemplateURL of VisionOneStackSet.
    10. Upload the template to S3 bucket and make sure the accessibility of the template, and get the Object URL.
    11. Use the Object URL as the input for the AWS CLI create-stack parameter: --template-url.
  3. Deploy the modified CloudFormation template:
    1. Refer to the Online Help Using APIs to connect an AWS account | Trend Micro Service Central.
    2. For FSS parameters in CloudFormation template, please refer to Deploy File Security Storage to a new AWS account | Trend Micro Service Central.
    3. Turn SyncBucketsEventBridge to True to sync Buckets EventBridge, otherwise, have to Turn on scanning in Vision One File Security App by buckets

Verify that Trend Vision One Endpoint Security protection is working Parent topic

Go to the Trend Vision One Endpoint Security App, check the account under Computers. You should be able to see all the instances under a cloud account.

Disable the Trend Cloud One File Security Storage EventBridge rule Parent topic

Disable a rule with a prefix matching “<C1FSS-StackName>-OnS3ObjectCreatedRule”. The <C1FSS-StackName> default value is “Account-Scanner-TM-FileStorageSecurity”. If you have customized the stack name, find the stack name that you entered in your Cloud One File Storage Security deployment.

Enable the Trend Vision One File Security Storage EventBridge Rule Parent topic

Enable the rule with the prefix matching “StackSet-V1FSStackSet-”.

Test upload sample files into protected S3 buckets Parent topic

You should run the test by uploading 1 eicar file and 1 clean file.

Procedure

  1. Verify if the scan result is tagged correctly on the S3 files:
    clean file:
    {
        "fss-scan-detail-code": 0,
        "fss-scan-date": "YYYY/MM/DD hh:mm:ss",
        "fss-scan-result": "no issues found",
        "fss-scan-detail-message": "-",
        "fss-scanned": true
    }
    malicious file (eicar)
    {
        "fss-scan-detail-code": 0,
        "fss-scan-date": "YYYY/MM/DD hh:mm:ss",
        "fss-scan-result": "malicious",
        "fss-scan-detail-message": "-",
        "fss-scanned": true
    }
  2. Verify if the scan results are successfully sent to Trend Vision One File Security.
    • The AWS accounts and S3 buckets are displayed on the Inventory tab.
    • The scan statistics and detection are displayed on the Scan Activity tab.
    If Trend Vision One File Security Storage works, remove the Cloud One File Storage Security Stack.

Estimated downtime Parent topic

The amount of downtime between disabling the Cloud One rule until verifying the scan results in Trend Vision One is approximately 5-10 minutes per account. You can run this on multiple cloud accounts simultaneously to reduce the overall downtime.