web
You’re offline. This is a read only version of the page.
close

Online Help Center
  • Search
  • Support
    • For Home
    • For Business
  • English (US)
    • Bahasa Indonesia (Indonesian)
    • Dansk (Danish)
    • Deutsch (German)
    • English (Australia)
    • English (US)
    • Español (Spanish)
    • Français (French)
    • Français Canadien
      (Canadian French)
    • Italiano (Italian)
    • Nederlands (Dutch)
    • Norsk (Norwegian)
    • Polski (Polish)
    • Português - Brasil
      (Portuguese - Brazil)
    • Português - Portugal
      (Portuguese - Portugal)
    • Svenska (Swedish)
    • ภาษาไทย (Thai)
    • Tiếng Việt (Vietnamese)
    • Türkçe (Turkish)
    • Čeština (Czech)
    • Ελληνικά (Greek)
    • Български (Bulgarian)
    • Русский (Russian)
    • עברית (Hebrew)
    • اللغة العربية (Arabic)
    • 日本語 (Japanese)
    • 简体中文
      (Simplified Chinese)
    • 繁體中文
      (Traditional Chinese)
    • 繁體中文 HK
      (Traditional Chinese)
    • 한국어 (Korean)
This website uses cookies for website functionality and traffic analytics. Our Cookie Notice provides more information and explains how to amend your cookie settings.
Learn More Yes, I agree
Table of Contents
The page you're looking for can't be found or is under maintenance
Try again later or go to the home page
Go to home page
  • About File Storage Security
    • What is File Storage Security?
    • What's supported
      • What AWS services and regions are supported?
      • What Azure services and regions are supported?
      • What Google Cloud Platform (GCP) services and regions are supported?
    • Pricing
      • Pricing and subscription options
        • Consumption-based billing example and estimates
      • Estimate infrastructure costs
        • AWS cost estimation
        • Azure cost estimation
      • How to estimate S3 PutObject events
        • Create trail
        • Create Athena table to query logs
        • Query PutObject logs in Athena
    • Architecture and flow
      • AWS architecture and flow
        • Architecture
        • Components
        • S3 bucket to scan
        • Presigned URLs
        • Storage stack
        • Scanner stack
        • All-in-one stack
        • BucketListenerLambda function
        • ScannerLambda function
        • SQS ScannerQueue
        • SNS ScanResultTopic
        • PostScanActionTagLambda function
        • Your AWS account
        • Custom post-scan action Lambda function
        • API and code samples
        • Console
        • Additional Lambda functions
      • Azure architecture and flow
        • Architecture
        • Components
        • Protecting storage account
        • Storage stack
        • Scanner stack
        • All-in-one stack
        • Blob Listener Function
        • Scanner Function
        • Scanner Queue
        • Scan Result Topic
        • Post Scan Action Tag Function
        • Your Microsoft Entra ID
        • Custom post-scan action function
        • API and code samples
        • Console
      • GCP architecture and flow
        • Architecture
        • Components
        • Protecting Google Cloud Storage bucket
        • Storage stack
        • Scanner stack
        • Bucket Listener Function
        • Scanner Function
        • Scanner Topic
        • Scan Result Topic
        • Post Scan Action Tag Function
        • Your GCP Project
        • Custom post-scan action function
        • API and code samples
        • Console
    • Performance and scaling
      • AWS performance and scaling
      • Azure performance and scaling
      • GCP performance and scaling
  • Get started
    • Architectural and configuration setup options
    • Deploy with AWS
      • Permissions for deployment
      • Sign in to File Storage Security
      • Deploy the all-in-one stack on AWS
      • Configure ARNs
      • Generate your first detection
    • Deploy with Azure
      • Permissions for deployment
      • Sign in to File Storage Security
      • Deploy the all-in-one stack on Azure
      • Configure Azure stack
      • Generate your first detection on Azure
    • Deploy with GCP
      • Permissions for deployment
      • Connect GCP account to Trend Cloud One
      • Sign in to File Storage Security
      • Deploy scanner and storage stacks on GCP
      • Generate your first detection on GCP
  • User guides
    • Add stacks
      • AWS stacks
        • Add AWS stacks
          • How many stacks should I add?
          • Storage stacks
          • Scanner stacks
          • Account scanner stacks
          • Where can I add stacks?
          • Restrictions, stipulations, and recommendations
          • Add an all-in-one stack
          • Add a scanner stack
          • Step 1: Add the scanner stack
          • Step 2: Configure the scanner stack's ARN
          • Next steps (add storage)
          • Add a storage stack
          • Multi-stack architecture
          • Step 1: Add the storage stack
          • Step 2: Configure the storage stack's ARN
          • Step 3: (Optional) Update KMS key policy if enabling scanner queue encryption
          • Step 4: (Optional) Update KMS key policy if enabling SNS ScanResultTopic encryption
          • Step 5: (Optional) Update Scanner stack if enabling SNS ScanResultTopic encryption and the KMS Key ARN has not been set to Scanner stack yet.
          • Step 6: Test the storage stack installation
          • How do I find a list of protected buckets?
        • Customizing AWS stacks
        • Deploy in VPC
      • Azure stacks
        • Add Azure stacks
          • How many stacks should I add?
          • Storage stacks
          • Scanner stacks
          • Where can I add stacks?
          • Restrictions, stipulations, and recommendations
          • Add an all-in-one stack
          • Add a scanner stack
          • Step 1: Add the scanner stack
          • Step 2: Configure the scanner stack's Tenant ID and Resource ID
          • Next steps (add storage)
          • Add a storage stack
          • Multi-stack architecture
          • Step 1: Add the storage stack
          • Step 2: Configure the storage stack's Tenant ID and Resource Group ID
          • Step 3: Test the storage stack installation
        • Deploy in Azure VNet
          • Introduction
          • Prerequisites
          • Supported Azure Regions
          • VNet & Subnets
          • Protected Storage Account
          • Private DNS Zones
          • Azure Monitor Private Link Scopes (optional)
          • Deploy the Azure Stacks
          • Configure the Azure Stacks
          • Add Azure Stacks's Application Insight to Azure Monitor Private Link Scopes
          • Firewall (optional)
          • Communication with a third party service
          • Set up for a Scanner Stack's KeyVaults
          • Set up for Application Insight
          • Conclusion
      • GCP stacks
        • Add GCP stacks
          • How many stacks should I add?
          • Storage stacks
          • Scanner stacks
          • Where can I add stacks?
          • How Terraform deploys the stacks under your GCP project
          • All-in-One Stack Deployment
          • Stack Deployment Cross GCP Projects
          • Add an all-in-one stack
          • Add a scanner stack
          • Add a storage stack
    • Convert the GCP stacks from GCP Deployment Manager to Terraform
      • The steps of converting the GCP stacks from GCP Deployment Manager to Terraform
    • Scan existing files
      • Scan existing files in the 'S3 bucket to scan'
        • Full scan and scheduled scan
        • Scan before reading the file (Scan on getObject request)
        • Prerequisite
        • How to scan on getObject request
      • Scan on getObject request
        • Prerequisite
        • How to scan on getObject request
    • Monitor scan results
      • View scan results on the Scan Activity page
        • Scan History chart
        • Malicious Events table
        • Scan Error Events table
      • Scan result format
      • AWS
        • AWS S3 scans and tags
          • Scan a file
          • View tags
        • AWS CloudWatch
          • View scan results in CloudWatch
          • Search for scan results in CloudWatch
          • Monitor for malicious files using CloudWatch
        • Be notified of scan results through AWS SNS
        • Storage Stack Dead-letter Queue
        • Handle scan errors in AWS
          • Re-scan the file manually
          • Re-scan the file by Python script
          • More ways to find the scan failed files
          • Get scan error file list from scan logs
          • Subscribe scan result from SNS ScanResultTopic to get scan error file list
          • Handling "network errors"
          • Recommended resolutions
          • Sample python script for re-scanning files in AWS
      • Azure
        • Azure Storage account blob scanning and tags
          • Scan a file
          • View the metadata and index tags
        • Azure Application Insights
          • Search for scan results in Application Insights
          • Monitor for malicious files using Application Insights
        • Be notified of scan results through Azure Service Bus Topic
        • Monitor errors
      • GCP
        • GCP Cloud Storage scans and tags
          • Scan a file
          • View the metadata
        • Monitor scan results in GCP
          • Pub/Sub Topic
          • Find the scan result topic resource name
          • Create a Pub/Sub subscription to the scan result topic
          • Scanner Logs
          • View scan results in scanner logs
          • Search for scan results in Logs Explorer
    • Add post-scan actions
      • Add post-scan actions in AWS
      • Add post-scan actions in Azure
      • Add post-scan actions in GCP
    • Change the bucket associated with a stack
    • Updates
      • AWS updates
        • Update AWS stacks
          • Before you begin
          • Update a stack
        • Update AWS components
      • Azure updates
        • Update Azure stacks
        • Update components in Azure
      • GCP updates
        • Update GCP stacks
          • Before you begin
          • Update a stack
        • Update GCP components
    • Delete stacks
      • Delete AWS stacks
      • Delete Azure stacks
        • Alternate method of deleting a stack
      • Delete GCP stacks
        • Delete GCP (Deployment Manager) Stacks
        • Delete GCP (Terraform) Stacks
    • Resource prefixes
    • Advanced
      • s3:ObjectCreated:* event in use
      • AWS permissions control
      • GCP Bucket Location Suggestion
      • Account scanner stacks
        • AWS
          • Deploy account scanner stacks
          • Set up cross region or cross account scans
            • Use the AWS web management console
            • For each region
            • For each bucket
            • Use the AWS CLI
            • For each region
            • For each bucket
            • Enable server-side encryption
            • For SQS queues
            • For the SNS topic
            • For your buckets
          • Delete Account scanner stacks
            • In File Storage Security
            • In AWS
  • Automation
    • Sample code plugins
    • API reference
    • Create an API key
      • For Trend Micro Cloud One API Key
      • For Legacy API Key
      • DEPRECATED
    • Deploy stacks
      • Deploy stacks in AWS
        • Obtain an external ID
        • Create CloudFormation stacks in AWS
          • Prerequisites
          • Using template link
          • Create an all-in-one stack using template link
          • Create a scanner stack using template link
          • Create a storage stack using template link
          • Using AWS CLI
          • Create an all-in-one stack using AWS CLI
          • Create a scanner stack using AWS CLI
          • Create a storage stack using AWS CLI
        • Add stacks to File Storage Security using the API
          • Recommendation
          • Prerequisites
          • Deploy an all-in-one stack using the API
          • Deploy a scanner stack using the API
          • Deploy an account scanner stack using the API
          • Deploy a storage stack using the API
      • Deploy stacks in Azure
        • Prepare Azure Service Principal
        • Create stacks in Azure
          • Prerequisites
          • Using template link
          • Create an all-in-one stack using template link
          • Create a scanner stack using template link
          • Create a storage stack using template link
          • Using Azure CLI
          • Create an all-in-one stack using Azure CLI
          • Create a scanner stack using Azure CLI
          • Create a storage stack using Azure CLI
        • Add stacks to File Storage Security using the API
          • Recommendation
          • Prerequisites
          • Deploy an all-in-one stack using the API
          • Deploy a scanner stack using the API
          • Deploy a storage stack using the API
      • Deploy stacks in GCP
        • Create stacks in GCP
          • Create a Cloud Account for GCP
          • Prerequisites
          • Using Terraform with gcloud CLI
          • Create an all-in-one stack by Terraform
          • Create a scanner stack by using Terraform
          • Create a storage stack by using Terraform
        • Add stacks to File Storage Security using the API
          • Recommendation
          • Prerequisites
          • Deploy an all-in-one stack using the API
          • Deploy a scanner stack using the API
          • Deploy a storage stack using the API
    • List storage information
  • FAQs and troubleshooting
    • Frequently asked questions
    • Troubleshoot and monitor health
    • Create a support ticket
      • Access log events
      • Access logs
    • Scan detail code
  • Data collection disclosure
  • What's new
User guides
Once you have deployed File Storage Security, you can perform tasks such as:
  • Add stacks:
    • Add AWS stacks
    • Add Azure stacks
    • Add GCP stacks
  • Scan existing files in the 'S3 bucket to scan'
  • View scan results on the console Scan Activity page
  • Change the bucket associated with a stack
  • Create post-scan actions
  • Update stacks:
    • Update AWS stacks
    • Update Azure stacks
    • Update GCP stacks
  • Delete stacks
Related information
  • Add stacks
  • Convert the GCP stacks from GCP Deployment Manager to Terraform
  • Scan existing files
  • Monitor scan results
  • Add post-scan actions
  • Change the bucket associated with a stack
  • Updates
  • Delete stacks
  • Resource prefixes
  • Advanced
Online Help Center
Support
For Home For Business
Privacy Notice
© 2025 Trend Micro Incorporated. All rights reserved.
Table of Contents
  • About File Storage Security
    • What is File Storage Security?
    • What's supported
      • What AWS services and regions are supported?
      • What Azure services and regions are supported?
      • What Google Cloud Platform (GCP) services and regions are supported?
    • Pricing
      • Pricing and subscription options
        • Consumption-based billing example and estimates
      • Estimate infrastructure costs
        • AWS cost estimation
        • Azure cost estimation
      • How to estimate S3 PutObject events
        • Create trail
        • Create Athena table to query logs
        • Query PutObject logs in Athena
    • Architecture and flow
      • AWS architecture and flow
        • Architecture
        • Components
        • S3 bucket to scan
        • Presigned URLs
        • Storage stack
        • Scanner stack
        • All-in-one stack
        • BucketListenerLambda function
        • ScannerLambda function
        • SQS ScannerQueue
        • SNS ScanResultTopic
        • PostScanActionTagLambda function
        • Your AWS account
        • Custom post-scan action Lambda function
        • API and code samples
        • Console
        • Additional Lambda functions
      • Azure architecture and flow
        • Architecture
        • Components
        • Protecting storage account
        • Storage stack
        • Scanner stack
        • All-in-one stack
        • Blob Listener Function
        • Scanner Function
        • Scanner Queue
        • Scan Result Topic
        • Post Scan Action Tag Function
        • Your Microsoft Entra ID
        • Custom post-scan action function
        • API and code samples
        • Console
      • GCP architecture and flow
        • Architecture
        • Components
        • Protecting Google Cloud Storage bucket
        • Storage stack
        • Scanner stack
        • Bucket Listener Function
        • Scanner Function
        • Scanner Topic
        • Scan Result Topic
        • Post Scan Action Tag Function
        • Your GCP Project
        • Custom post-scan action function
        • API and code samples
        • Console
    • Performance and scaling
      • AWS performance and scaling
      • Azure performance and scaling
      • GCP performance and scaling
  • Get started
    • Architectural and configuration setup options
    • Deploy with AWS
      • Permissions for deployment
      • Sign in to File Storage Security
      • Deploy the all-in-one stack on AWS
      • Configure ARNs
      • Generate your first detection
    • Deploy with Azure
      • Permissions for deployment
      • Sign in to File Storage Security
      • Deploy the all-in-one stack on Azure
      • Configure Azure stack
      • Generate your first detection on Azure
    • Deploy with GCP
      • Permissions for deployment
      • Connect GCP account to Trend Cloud One
      • Sign in to File Storage Security
      • Deploy scanner and storage stacks on GCP
      • Generate your first detection on GCP
  • User guides
    • Add stacks
      • AWS stacks
        • Add AWS stacks
          • How many stacks should I add?
          • Storage stacks
          • Scanner stacks
          • Account scanner stacks
          • Where can I add stacks?
          • Restrictions, stipulations, and recommendations
          • Add an all-in-one stack
          • Add a scanner stack
          • Step 1: Add the scanner stack
          • Step 2: Configure the scanner stack's ARN
          • Next steps (add storage)
          • Add a storage stack
          • Multi-stack architecture
          • Step 1: Add the storage stack
          • Step 2: Configure the storage stack's ARN
          • Step 3: (Optional) Update KMS key policy if enabling scanner queue encryption
          • Step 4: (Optional) Update KMS key policy if enabling SNS ScanResultTopic encryption
          • Step 5: (Optional) Update Scanner stack if enabling SNS ScanResultTopic encryption and the KMS Key ARN has not been set to Scanner stack yet.
          • Step 6: Test the storage stack installation
          • How do I find a list of protected buckets?
        • Customizing AWS stacks
        • Deploy in VPC
      • Azure stacks
        • Add Azure stacks
          • How many stacks should I add?
          • Storage stacks
          • Scanner stacks
          • Where can I add stacks?
          • Restrictions, stipulations, and recommendations
          • Add an all-in-one stack
          • Add a scanner stack
          • Step 1: Add the scanner stack
          • Step 2: Configure the scanner stack's Tenant ID and Resource ID
          • Next steps (add storage)
          • Add a storage stack
          • Multi-stack architecture
          • Step 1: Add the storage stack
          • Step 2: Configure the storage stack's Tenant ID and Resource Group ID
          • Step 3: Test the storage stack installation
        • Deploy in Azure VNet
          • Introduction
          • Prerequisites
          • Supported Azure Regions
          • VNet & Subnets
          • Protected Storage Account
          • Private DNS Zones
          • Azure Monitor Private Link Scopes (optional)
          • Deploy the Azure Stacks
          • Configure the Azure Stacks
          • Add Azure Stacks's Application Insight to Azure Monitor Private Link Scopes
          • Firewall (optional)
          • Communication with a third party service
          • Set up for a Scanner Stack's KeyVaults
          • Set up for Application Insight
          • Conclusion
      • GCP stacks
        • Add GCP stacks
          • How many stacks should I add?
          • Storage stacks
          • Scanner stacks
          • Where can I add stacks?
          • How Terraform deploys the stacks under your GCP project
          • All-in-One Stack Deployment
          • Stack Deployment Cross GCP Projects
          • Add an all-in-one stack
          • Add a scanner stack
          • Add a storage stack
    • Convert the GCP stacks from GCP Deployment Manager to Terraform
      • The steps of converting the GCP stacks from GCP Deployment Manager to Terraform
    • Scan existing files
      • Scan existing files in the 'S3 bucket to scan'
        • Full scan and scheduled scan
        • Scan before reading the file (Scan on getObject request)
        • Prerequisite
        • How to scan on getObject request
      • Scan on getObject request
        • Prerequisite
        • How to scan on getObject request
    • Monitor scan results
      • View scan results on the Scan Activity page
        • Scan History chart
        • Malicious Events table
        • Scan Error Events table
      • Scan result format
      • AWS
        • AWS S3 scans and tags
          • Scan a file
          • View tags
        • AWS CloudWatch
          • View scan results in CloudWatch
          • Search for scan results in CloudWatch
          • Monitor for malicious files using CloudWatch
        • Be notified of scan results through AWS SNS
        • Storage Stack Dead-letter Queue
        • Handle scan errors in AWS
          • Re-scan the file manually
          • Re-scan the file by Python script
          • More ways to find the scan failed files
          • Get scan error file list from scan logs
          • Subscribe scan result from SNS ScanResultTopic to get scan error file list
          • Handling "network errors"
          • Recommended resolutions
          • Sample python script for re-scanning files in AWS
      • Azure
        • Azure Storage account blob scanning and tags
          • Scan a file
          • View the metadata and index tags
        • Azure Application Insights
          • Search for scan results in Application Insights
          • Monitor for malicious files using Application Insights
        • Be notified of scan results through Azure Service Bus Topic
        • Monitor errors
      • GCP
        • GCP Cloud Storage scans and tags
          • Scan a file
          • View the metadata
        • Monitor scan results in GCP
          • Pub/Sub Topic
          • Find the scan result topic resource name
          • Create a Pub/Sub subscription to the scan result topic
          • Scanner Logs
          • View scan results in scanner logs
          • Search for scan results in Logs Explorer
    • Add post-scan actions
      • Add post-scan actions in AWS
      • Add post-scan actions in Azure
      • Add post-scan actions in GCP
    • Change the bucket associated with a stack
    • Updates
      • AWS updates
        • Update AWS stacks
          • Before you begin
          • Update a stack
        • Update AWS components
      • Azure updates
        • Update Azure stacks
        • Update components in Azure
      • GCP updates
        • Update GCP stacks
          • Before you begin
          • Update a stack
        • Update GCP components
    • Delete stacks
      • Delete AWS stacks
      • Delete Azure stacks
        • Alternate method of deleting a stack
      • Delete GCP stacks
        • Delete GCP (Deployment Manager) Stacks
        • Delete GCP (Terraform) Stacks
    • Resource prefixes
    • Advanced
      • s3:ObjectCreated:* event in use
      • AWS permissions control
      • GCP Bucket Location Suggestion
      • Account scanner stacks
        • AWS
          • Deploy account scanner stacks
          • Set up cross region or cross account scans
            • Use the AWS web management console
            • For each region
            • For each bucket
            • Use the AWS CLI
            • For each region
            • For each bucket
            • Enable server-side encryption
            • For SQS queues
            • For the SNS topic
            • For your buckets
          • Delete Account scanner stacks
            • In File Storage Security
            • In AWS
  • Automation
    • Sample code plugins
    • API reference
    • Create an API key
      • For Trend Micro Cloud One API Key
      • For Legacy API Key
      • DEPRECATED
    • Deploy stacks
      • Deploy stacks in AWS
        • Obtain an external ID
        • Create CloudFormation stacks in AWS
          • Prerequisites
          • Using template link
          • Create an all-in-one stack using template link
          • Create a scanner stack using template link
          • Create a storage stack using template link
          • Using AWS CLI
          • Create an all-in-one stack using AWS CLI
          • Create a scanner stack using AWS CLI
          • Create a storage stack using AWS CLI
        • Add stacks to File Storage Security using the API
          • Recommendation
          • Prerequisites
          • Deploy an all-in-one stack using the API
          • Deploy a scanner stack using the API
          • Deploy an account scanner stack using the API
          • Deploy a storage stack using the API
      • Deploy stacks in Azure
        • Prepare Azure Service Principal
        • Create stacks in Azure
          • Prerequisites
          • Using template link
          • Create an all-in-one stack using template link
          • Create a scanner stack using template link
          • Create a storage stack using template link
          • Using Azure CLI
          • Create an all-in-one stack using Azure CLI
          • Create a scanner stack using Azure CLI
          • Create a storage stack using Azure CLI
        • Add stacks to File Storage Security using the API
          • Recommendation
          • Prerequisites
          • Deploy an all-in-one stack using the API
          • Deploy a scanner stack using the API
          • Deploy a storage stack using the API
      • Deploy stacks in GCP
        • Create stacks in GCP
          • Create a Cloud Account for GCP
          • Prerequisites
          • Using Terraform with gcloud CLI
          • Create an all-in-one stack by Terraform
          • Create a scanner stack by using Terraform
          • Create a storage stack by using Terraform
        • Add stacks to File Storage Security using the API
          • Recommendation
          • Prerequisites
          • Deploy an all-in-one stack using the API
          • Deploy a scanner stack using the API
          • Deploy a storage stack using the API
    • List storage information
  • FAQs and troubleshooting
    • Frequently asked questions
    • Troubleshoot and monitor health
    • Create a support ticket
      • Access log events
      • Access logs
    • Scan detail code
  • Data collection disclosure
  • What's new
Close