Views:
File Security Storage provides easy deployment using AWS CloudFormation to integrate automated scanning of files as you upload them into your storage and effortlessly detect all types of malware including viruses, trojans, spyware, and more.
Note
Note
When you add a bucket to your CloudFormation template, it does not immediately appear in the File Security Inventory. The Inventory is updated when Trend Vision One carries out its scheduled asset sync. This occurs every hour for licensed Trend Vision One users and once per day for non-licensed users. To have the bucket added in real-time, you can enable Real-Time Posture Monitoring.
You can deploy File Security Storage when adding an AWS account to Trend Vision One.

Procedure

  1. Click AWS under the Inventory tab.
  2. Click Add Cloud Account.
  3. Click Single Account.
    Important
    Important
    Currently File Security Storage does not support Organization accounts.
  4. In the Account Name field, enter a name for the AWS account.
  5. You can add a Description of the account to help identify it.
  6. In the All Features list, scroll down and enable File Security Storage.
  7. Open the File Security Storage section.
  8. From the Deployment list, select at least one region. This is the region where you will deploy File Security Scanner.
  9. In a new browser tab, log in to your AWS account.
  10. Go back to the Trend Vision One console and click Launch Stack.
    Clicking Launch Stack opens the Quick create stack screen in your AWS account in the browser tab that you opened in the previous step.
  11. Scroll down to the File Storage Security section, and provide the following parameters:
    1. In the FileSecurityStorageKMSKeyARNsForBucketSSE field, provide a comma-separated list of ARNs for the KMS master keys used to encrypt S3 bucket objects. Leave this field blank if you have not enabled SSE-KMS for the S3 buckets.
    2. In the FileSecurityStorageObjectCreatedEventFilter field, provide a JSON string of the event pattern to filter the object-created event.
    3. In the FileSecurityStorageScannerEphemeralStorage field, provide the size, in MBs, of the scanner Lambda function's temp directory.
    4. In the FileSecurityStorageQuarantineBucket field, enter the bucket in which you want to quarantine malicious files. By default this parameter is global, but you can make it by-region or a combination of both global and by-region. For more information, see Adding by-region quarantine and promote buckets. Leave this field blank to disable quarantining.
    5. In the FileStorageSecurityCleanBucket field, enter the bucket in which you want to promote clean files after scanning. By default this parameter is global, but you can make it by-region or a combination of both global and by-region. For more information, see Adding by-region quarantine and promote buckets. Leave this field blank to disable promoting clean files.
    6. In the FileSecurityStorageScanResultTagFormat field, enter the format of the scan results tagged on the scanned object.
  12. Scroll to the bottom of the Quick create stack screen, select the acknowledgment options, and click Create stack.
  13. In the Trend Vision One console, click Done.

What to do next

Now you need to enable the scanner for the buckets in each region that you enabled in your template.