Views:
To update Trend Cloud One File Storage Security to Trend Vision One File Security using APIs, follow the procedures below. These instructions are for single accounts. For organization accounts, see Update AWS Organization account to Trend Vision File Security

Add AWS accounts to File Security Parent topic

For each cloud account, you need to deploy the Trend Vision One CloudFormation stack with Trend Vision One File Security enabled.

Procedure

  1. Download The Trend Vision One CloudFormation Template by invoking the Get Template API Doc to download the CloudFormation template.
  2. Modify the CloudFormation template to disable Trend Vision One File Security Storage EventBridge Rule:
    V1 CAM Stack
    |
    |-------- TemplateURL of FssStack
                        |
                        |
          V1FSS-Account-Scanner-StackSets
                        |
                        |-------- TemplateURL of FSSStackSet
                                              |
                                              |
                                  V1FSS-Account-Scanner-Stack (Modify State here)
    1. Find Resources: FssStack’s TemplateURL in the V1CAM Stack and download it.
    2. Find Resources: FSSStackSet’s TemplateURL in V1FSS-Account-Scanner-StackSets.yaml and download it.
    3. Modify Resources: OnS3ObjectCreatedRule’s State from ENABLED to DISABLED.
    4. Upload the template to the S3 bucket and ensure the accessibility of the template, and get the Object URL.
    5. Enter the Object URL into the TemplateURL of FSSStackSet.
    6. Upload the template to S3 bucket and to ensure the accessibility of the template and get the Object URL.
    7. Enter the Object URL into the TemplateURL of FssStack.
    8. Upload the template to S3 bucket, ensure the accessibility of the template, and get the Object URL.
    9. Use the Object URL as the input for the AWS CLI create-stack parameter: --template-url
  3. Deploy the modified CloudFormation template:

Verify that Trend Vision One Endpoint Security protection is working Parent topic

Go to the Trend Vision One Endpoint Security App, check the account under Computers. You should be able to see all the instances under a cloud account.

Disable the Trend Cloud One File Security Storage EventBridge rule Parent topic

Disable a rule with a prefix matching “<C1FSS-StackName>-OnS3ObjectCreatedRule”. The <C1FSS-StackName> default value is “Account-Scanner-TM-FileStorageSecurity”. If you have customized the stack name, find the stack name that you entered in your Cloud One File Storage Security deployment.

Enable the Trend Vision One File Security Storage EventBridge Rule Parent topic

Enable the rule with the prefix matching “StackSet-V1FSStackSet-”.

Test upload sample files into protected S3 buckets Parent topic

You should run the test by uploading 1 eicar file and 1 clean file.

Procedure

  1. Verify if the scan result is tagged correctly on the S3 files:
    clean file:
    {
    "fss-scan-detail-code": 0,
    "fss-scan-date": "YYYY/MM/DD hh:mm:ss",
    "fss-scan-result": "no issues found",
    "fss-scan-detail-message": "-",
    "fss-scanned": true
}
    malicious file (eicar)
    {
    "fss-scan-detail-code": 0,
    "fss-scan-date": "YYYY/MM/DD hh:mm:ss",
    "fss-scan-result": "malicious",
    "fss-scan-detail-message": "-",
    "fss-scanned": true
}
  2. Verify if the scan results are successfully sent to Trend Vision One File Security.
    • The AWS accounts and S3 buckets are displayed on the Inventory tab.
    • The scan statistics and detection are displayed on the Scan Activity tab.
    If Trend Vision One File Security Storage works, remove the Cloud One File Storage Security Stack.

Estimated downtime Parent topic

The amount of downtime between disabling the Cloud One rule until verifying the scan results in Trend Vision One is approximately 5-10 minutes per account. You can run this on multiple cloud accounts simultaneously to reduce the overall downtime.