Views:
Important
Important
File Security Containerized Scanner is a ”Pre-release" sub-feature and is not part of the existing features of an official commercial or general release. Please review the Pre-Release Sub-Feature Disclaimer before using the sub-feature.
Before deploying a containerized scanner, you need the following:
  • Kubernetes 1.24+ - This can be a hosted kubernetes/EKS/AKS cluster.
  • Helm 3+
  • Trend Vision One Registration Token - To use the Trend Vision One File Security with your Kubernetes cluster a Registration Token is required. You can create the token in File Security.
  • Trend Vision One account with a chosen region - For more information, see the Trend Vision One documentation.

Procedure

  1. Create secrets with the registration token.
    Create secrets using the following commands: (replace _your-v1-registration-token_ using your v1 registration token):
    kubectl create namespace visionone-filesecurity
kubectl create secret generic token-secret --from-literal=registration-token="_your-v1-registration-token_" -n visionone-filesecurity
kubectl create secret generic device-token-secret -n visionone-filesecurity
  2. Download the Helm chart containing the scanner from the GitHub repository:
    helm repo add visionone-filesecurity https://trendmicro.github.io/visionone-file-security-helm/
helm repo update
  3. If you wish you can verify that the helm chart has been signed and is valid:
    Download the public key file and import
    curl -o public-key.asc https://trendmicro.github.io/visionone-file-security-helm/public-key.asc
gpg --import public-key.asc
    WARNING
    WARNING
    The GnuPG v2 stores your secret keyring using a new format kbx on the default location ~/.gnupg/pubring.kbx. Please use the following command to convert your keyring to the legacy gpg format (Reference: Helm Provenance and Integrity)
    Verify that the chart has been signed and is valid
    helm pull --verify visionone-filesecurity/visionone-filesecurity
  4. Install the Helm Chart:
    Install the chart with the release name my-release
    helm install my-release visionone-filesecurity/visionone-filesecurity -n visionone-filesecurity
  5. Download and install a File Security SDK or the File Security CLI.
    You need to install the SDK or CLI to retrieve the scan results from the scanner. For more information on installing the SDKs and CLI, see:
  6. Verify that the scanner is working using the CLI.
    Note
    Note
    If you installed an SDK instead of the CLI, you can also verify if the scanner is running using the installed SDK. For more information see File Security SDK
    1. Run the following to get the amaas service:
      export SERVICE_NAME=$(kubectl get svc --namespace visionone-filesecurity -l "app.kubernetes.io/name=visionone-filesecurity,app.kubernetes.io/instance=my-release" -o jsonpath="{.items[0].metadata.name}")
    2. Scan file from another pod using Trend Micro File Security CLI with service name as endpoint:
      ./tmfs scan file:./eicar.com.txt --tls=false --endpoint=$SERVICE_NAME:50051