Views:
To update Trend Cloud One File Storage Security to Trend Vision One File Security through your console, follow the procedures below. These instructions are for single accounts. For organization accounts, see Update AWS Organization account to Trend Vision File Security

Deploy a single AWS account to File Security Parent topic

You add your AWS accounts to File Security using the CloudFormation template.

Procedure

  1. Install Trend Vision One File Security Storage:
    1. In Trend Vision One Cloud Account, select AWSSingle Account deployment.
      Tip
      Tip
      If you are deploying all accounts under an Organization Unit, select Organization Deployment.
    2. Enable File Storage Security, download the template or open AWS Cloud Formation console.
    3. Open the template in the AWS Cloud Formation Console and set the parameter SyncBucketsEventBridge to False.
    4. Provide the following parameters:
      • In FileSecurityStorageKMSKeyARNsForBucketSSE, provide a comma-separated list of ARNs for the KMS master keys used to encrypt S3 bucket objects. Leave this field blank if you have not enabled SSE-KMS for the S3 buckets.
      • In FileSecurityStorageObjectCreatedEventFilter, provide a JSON string of the event pattern to filter the object-created event.
      • In FileSecurityStorageScannerEphemeralStorage, provide the size, in MBs, of the scanner Lambda function's temp directory.
      • In FileSecurityStorageQuarantineBucket, enter the bucket in which you want to quarantine malicious files. By default this parameter is global, but you can make it by-region or a combination of both global and by-region. Leave this field blank to disable quarantining.
      • In FileStorageSecurityCleanBucket, enter the bucket in which you want to promote clean files after scanning. By default this parameter is global, but you can make it by-region or a combination of both global and by-region. Leave this field blank to disable promoting clean files.
      • In FileSecurityStorageFailureBucket, enter the bucket in which you want to isolate files who were unable to be scanned. You must specify if you want the parameter to be global or by-region. For more information, see Add a failed scan bucket. (Single account only)
      • In FileSecurityStorageScanResultTagFormat, enter the format of the scan results tagged on the scanned object.
      • In FileSecurityStorageEnableQuarantine, select "true" to enable the feature or "false" to disable the feature. If you enable the feature but do not provide a quarantine bucket, File Security Storage creates a quarantine bucket. If you enable the feature and provide a quarantine bucket, File Security Storage uses the provided bucket.
      • In FileSecurityStorageEnablePromote, select "true" to enable the feature or "false" to disable the feature. If you enable the feature but do not provide a promote bucket, File Security Storage creates a quarantine bucket. If you enable the feature and provide a promote bucket, File Security Storage uses the provided bucket.
      • In FileSecurityStorageEnableIsolate, select "true" to enable the feature or "false" to disable the feature. If you enable the feature but do not provide an isolate bucket, File Security Storage creates an isolate bucket. If you enable the feature and provide an isolate bucket, File Security Storage uses the provided bucket.
      • In SyncBucketsEventBridge, select "true" to sync EventBridge settings. For default monitoring of the buckets. Note that if you are updating a stack, you need to download template every time using the cloud account management console and going to AWS CloudFormation console to update the template with "Replacing existing template" options.
    5. Deploy the template. Once the template is deployed successfully, Trend Vision One File Security Storage is installed successfully, but it does not monitors any bucket yet.
  2. Disable C1FSS monitoring.
    1. Log into the AWS console, go to EventBridge service to disable the EventBridge Rule used by C1FSS. For more information, see Disabling or deleting a rule in Amazon EventBridge - Amazon EventBridge .
    2. Disable the EventBridge Rule with a prefix matching “<C1FSS-StackName>-OnS3ObjectCreatedRule”
      Note
      Note
      <C1FSS-StackName> default value is "Account-Scanner-TM-FileStorageSecurity". If you have customized the stack name, find the stack name that you entered in your Trend Cloud One File Storage Security deployment.
  3. Enabling V1FSS monitoring.
    1. Go to V1 File Security app, enable the bucket monitoring on the UI.
    2. Upload the files to the monitored buckets.
    3. Verify the scan result in File Security app, Scan Activity Tab, user can see the file was scanned and if it’s clean file or malware.
    4. Verify the file scan result by referring to AWS S3 scans and tags
  4. If Trend Vision One File Security Storage works as expected, you can remove the Trend Cloud One File Security Storage Stack.

Estimated Downtime Parent topic

We recommend you set step 2 - 3 as service down time. During the period, the bucket protection is temporary stopped for verification.
The estimated downtime is 10 minutes for a cloud account.
It can run on multiple cloud accounts simultaneously to reduce the overall downtime.