Views:
To update Trend Cloud One File Storage Security to Trend Vision One File Security through your console, follow the procedures below. These instructions are for single accounts. For organization accounts, see Update AWS Organization account to Trend Vision File Security

Add AWS accounts to File Security Parent topic

You now need to add your AWS accounts to File Security using the CloudFormation template.

Procedure

  1. Open the Trend Micro Vision One console.
  2. Go to Cloud SecurityCloud Accounts.
  3. Click AWS under the Inventory tab.
  4. Click Add Account.
  5. Select CloudFormation and click Single AWS Account.
  6. In Account Name, enter a name for the AWS account.
  7. You can add a Description of the account to help identify it.
  8. In the All Features list, scroll down and enable File Security Storage.
  9. Open the File Security Storage section.
  10. From the Deployment list, select at least one region. This is the region where you will deploy File Security Scanner.
  11. In a new browser tab, log in to your AWS account.
  12. Go back to the Trend Vision One console and click Launch Stack.
    Clicking Launch Stack opens the Quick Create Stack screen in your AWS account in the browser tab that you opened in the previous step.
  13. Scroll down to the File Storage Security section, and provide the following parameters:
    1. In FileSecurityStorageKMSKeyARNsForBucketSSE, provide a comma-separated list of ARNs for the KMS master keys used to encrypt S3 bucket objects. Leave this field blank if you have not enabled SSE-KMS for the S3 buckets.
    2. In FileSecurityStorageObjectCreatedEventFilter, provide a JSON string of the event pattern to filter the object-created event.
    3. In FileSecurityStorageScannerEphemeralStorage, provide the size, in MBs, of the scanner Lambda function's temp directory.
    4. In FileSecurityStorageQuarantineBucket, enter the bucket in which you want to quarantine malicious files. By default this parameter is global, but you can make it by-region or a combination of both global and by-region. Leave this field blank to disable quarantining.
    5. In FileStorageSecurityCleanBucket, enter the bucket in which you want to promote clean files after scanning. By default this parameter is global, but you can make it by-region or a combination of both global and by-region. Leave this field blank to disable promoting clean files.
    6. In FileSecurityStorageScanResultTagFormat, enter the format of the scan results tagged on the scanned object.
  14. Scroll to the bottom of the Quick Create Stack screen, select the acknowledgment options, and click Create stack.
  15. In the Trend Vision One console, click Done.

Disable the Trend Cloud One File Security Storage EventBridge rule Parent topic

Disable a rule with a prefix matching “<C1FSS-StackName>-OnS3ObjectCreatedRule”. The <C1FSS-StackName> default value is “Account-Scanner-TM-FileStorageSecurity”. If you have customized the stack name, find the stack name that you entered in your Trend Cloud One File Storage Security deployment.

Enable the EventBridge Parent topic

When you add a region to File Security Storage, the scanner is automatically deployed in that region. However, you need to turn on EventBridge in each bucket to allow the scanner access to the files being uploaded to that bucket. When EventBridge is turned on, File Security can scan that bucket. File Security cannot scan a bucket when the Status is EventBridge off or Scanner is not deployed.

Procedure

  1. In Trend Vision One, go to Cloud SecurityFile SecurityInventory, and select the account.
  2. Select the region.
  3. Select the buckets in which you want to enable EventBridge.
  4. From the Change Status list, select Turn on EventBridge.
  5. Verify the selected buckets.
  6. Select Turn On EventBridge.
    The Status changes to EventBridge on and the indicator circle turns green.

Test upload sample files into protected S3 buckets Parent topic

You should run the test by uploading 1 eicar file and 1 clean file.

Procedure

  1. Verify if the scan result is tagged correctly on the S3 files:
    clean file:
    {
    "fss-scan-detail-code": 0,
    "fss-scan-date": "YYYY/MM/DD hh:mm:ss",
    "fss-scan-result": "no issues found",
    "fss-scan-detail-message": "-",
    "fss-scanned": true
}
    malicious file (eicar)
    {
    "fss-scan-detail-code": 0,
    "fss-scan-date": "YYYY/MM/DD hh:mm:ss",
    "fss-scan-result": "malicious",
    "fss-scan-detail-message": "-",
    "fss-scanned": true
}
  2. Verify if the scan results are successfully sent to Trend Vision One File Security.
    • The AWS accounts and S3 buckets are displayed on the Inventory tab.
    • The scan statistics and detection are displayed on the Scan Activity tab.
    If Trend Vision One File Security Storage works, remove the Cloud One File Storage Security Stack.