To update Trend Cloud One File Storage Security to Trend Vision One File Security
using APIs, follow the procedures below. These instructions are for single accounts.
For organization accounts, see Update AWS Organization account to Trend Vision File Security
Add AWS accounts to File Security
For each cloud account, you need to deploy the Trend Vision One CloudFormation stack
with Trend Vision One File Security enabled.
Procedure
- Download The Trend Vision One CloudFormation Template by invoking the Get Template API Doc to download the CloudFormation template.
- Modify the CloudFormation template to disable Trend Vision One File Security Storage
EventBridge Rule:
V1 CAM Stack | |-------- TemplateURL of FssStack | | V1FSS-Account-Scanner-StackSets | |-------- TemplateURL of FSSStackSet | | V1FSS-Account-Scanner-Stack (Modify State here)
- Find Resources: FssStack’s TemplateURL in the V1CAM Stack and download it.
- Find Resources: FSSStackSet’s TemplateURL in V1FSS-Account-Scanner-StackSets.yaml and download it.
- Modify Resources: OnS3ObjectCreatedRule’s State from ENABLED to DISABLED.
- Upload the template to the S3 bucket and ensure the accessibility of the template, and get the Object URL.
- Enter the Object URL into the TemplateURL of FSSStackSet.
- Upload the template to S3 bucket and to ensure the accessibility of the template and get the Object URL.
- Enter the Object URL into the TemplateURL of FssStack.
- Upload the template to S3 bucket, ensure the accessibility of the template, and get the Object URL.
- Use the Object URL as the input for the AWS CLI create-stack parameter:
--template-url
- Deploy the modified CloudFormation template:
- Refer to the Online Help Using APIs to connect an AWS account.
- For FSS parameters in CloudFormation template, please refer to Deploying File Security Storage to a new AWS account.
Verify that Trend Vision One Endpoint Security protection is working
Go to the Trend Vision One Endpoint Security App, check the account under Computers.
You should be able to see all the instances under a cloud account.
Disable the Trend Cloud One File Security Storage EventBridge rule
Disable a rule with a prefix matching “<C1FSS-StackName>-OnS3ObjectCreatedRule”. The <C1FSS-StackName> default value is “Account-Scanner-TM-FileStorageSecurity”.
If you have customized the stack name, find the stack name that you entered in your
Cloud One File Storage Security deployment.
Enable the Trend Vision One File Security Storage EventBridge Rule
Enable the rule with the prefix matching “StackSet-V1FSStackSet-”.
Test upload sample files into protected S3 buckets
You should run the test by uploading 1 eicar file and 1 clean file.
Procedure
- Verify if the scan result is tagged correctly on the S3 files: clean file:
{ "fss-scan-detail-code": 0, "fss-scan-date": "YYYY/MM/DD hh:mm:ss", "fss-scan-result": "no issues found", "fss-scan-detail-message": "-", "fss-scanned": true }
malicious file (eicar){ "fss-scan-detail-code": 0, "fss-scan-date": "YYYY/MM/DD hh:mm:ss", "fss-scan-result": "malicious", "fss-scan-detail-message": "-", "fss-scanned": true }
- Verify if the scan results are successfully sent to Trend Vision One File Security.
- The AWS accounts and S3 buckets are displayed on the Inventory tab.
- The scan statistics and detection are displayed on the Scan Activity tab.
If Trend Vision One File Security Storage works, remove the Cloud One File Storage Security Stack.
Estimated downtime
The amount of downtime between disabling the Cloud One rule until verifying the scan
results in Trend Vision One is approximately 5-10 minutes per account. You can run
this on multiple cloud accounts simultaneously to reduce the overall downtime.