Views:

Trend Vision One File Security overview

File Security is a scanner app from Trend Micro™. This scanner can assess files and cloud objects for malicious software (malware) and display real-time results. That means you can immediately identify and address potential problems in your files.
File Security:
  • Provides flexible deployment using Amazon Webs Services (AWS) CloudFormation templates, software development kit (SDK), command line interface (CLI) or service gateway.
  • Automates file scanning that is triggered whenever someone uploads new files or changes existing files in their cloud storage.
  • Can be added to your CI/CD pipeline to detect malware before files are distributed to production pipeline or storage.
  • Can be used behind your firewall in either on-premises or cloud environments.
  • Gives you flexibility by enabling workflow integration.
  • Supports event-driven architectures.
  • The SDK and Virtual Appliance applies machine learning to increase malware detection with expanded capabilities designed to detect novel threats.
For further details, see What is File Security?
Like other apps in Trend Vision One, File Security requires credit allocation for access to the complete feature. Click Credit Usage to see credits allocated to File Security. Click Credit Settings to manage credit settings for File Security.
File Security has two main tabs which each display distinct information to help you monitor scanning:
  • Inventory: Storage and files available for scanning. See the Inventory table for an overview of the sections and actions on this tab.
  • Scan Activity: Data about scans for a selected period. See the Scan Activity table for an overview of the sections and actions on this tab.
The following table describes the sections and actions visible on the Inventory tab.

Inventory

Section
Description
Actions
AWS
AWS accounts and regions
Expand AWS to view accounts. The number of connected accounts appears to the right of AWS.
Expand an account to view each region. The number of available regions appears to the right of the region name.
  • A cyan circle indicates the region has the scanner deployed. This means that File Security is enabled for that region.
  • A black circle indicates the region does not have the scanner deployed. This means that File Security is disabled for that region.
Click Add Cloud Account to add an AWS account.
 
Table for managing AWS buckets. Select buckets to change their Status.
  • Change status: Turn on or off EventBridge for selected buckets. When EventBridge is turned on, File Security can scan that bucket. File Security cannot scan a bucket when the Status is EventBridge off or Scanner not deployed.
  • A green circle indicates EventBridge is on for that bucket. This means that File Security can scan that bucket.
  • A black circle indicates EventBridge is off for that bucket. This means that File Security cannot scan that bucket.
Click Refresh to refresh displayed data.
Important
Important
The refresh icon does not start a scan or otherwise affect scanning.
SDK File Security SDK Guide
This guide provides in-app assistance for deploying File Security to begin scanning and taking action after scanning files.
Virtual Appliance
Virtual Appliances
Expand Virtual Appliance to view your virtual appliances.
  • A green dot indicates that the service gateway is healthy.
  • A red dot indicates that the service gateway is unhealthy
To further investigate, click the “View Service Gateway details” button to navigate to the Service Gateway page.
Click Deployment Guide for instructions to deploy a Virtual Appliance.
  Table for managing your virtual appliances
The Inventory page opens to the first virtual appliance in the tree.
  • Add Mount Point: Add mount points in the selected virtual appliance.
  • Manage scanning configurations: Enable or disable scanning for specific mount points in an appliance. You can also remove mount points from an appliance.
The following table describes the sections and actions visible on the Scan Activity tab.

Scan Activity

Section
Description
Actions
Scan Activity Data about Storage, SDK and Virtual Appliance scans for the selected period.
Select a tab to view the corresponding scan activity:
  • Storage: Scans of your connected cloud storage.
  • SDK: Scans using an SDK or CLI.
  • Virtual Appliances: Scans using a Virtual Appliance.
Select a period from the last day up to 30 days. For Custom period, click Calendar to select the date and Clock to select the time. The selected period affects all displayed data.
Click Refresh to refresh all displayed data.
Important
Important
The refresh icon does not start a scan or otherwise affect scanning.
Summary table
Scan counts for the selected period
View summary data.
Files Scanned graph
Bar chart of scan results for the selected period
Click Scan results and select any combination of results to display in the Files Scanned graph.
  • The red bar shows the number of malware detections for that period.
  • The yellow bar shows the number of scan errors for that period.
  • The green bar shows the number of files without detections or errors for that period.
Files with Malware tab
Table of files with malware detections for the selected period
On the SDK tab, click the Files with Malware tab to view the Malware Detections table.
The Malware Detections table shows the following information:
Click Scanned to sort by that date.
Click Query in Search app to look for that malware in the Search app.
Click Copy file hash to copy the SHA-256 file hash.
Click View Scan Actions Guide to view in-app assistance on actions you can take after scanning a file.
Scan Errors tab
Table of files with scan errors for the selected period
Click the tab to view the Scan Errors table.
Type in the search box to find a specific scanned file. This searches the Scan Errors table for the following file information:
  • File name
  • File type
  • SHA-256 hash
  • Tags
  • Error name
  • Error message
  • Scanned date and time
Click Scanned to sort by the date.
For information on how to use File Security, see Getting started with File Security.
Related information