Views:
You can follow this brief-downtime update process from Cloud One File Storage Security (C1FSS) to TrendAI Vision One File Security (V1FSS). Following this method helps prevent errors by ensuring your C1FSS stack is deactivated before you set up and validate V1FSS.
Before You Begin
Before making any changes, record the C1FSS event notification details information. This is required if you need to roll back to C1FSS.
C1FSS creates an S3 event notification on your scanned bucket to trigger the BucketListenerLambda function whenever a file is uploaded. You will delete this notification in Step 2 — make sure you have noted it down first.
  1. In the AWS console, go to the S3your target bucketProperties
  2. Scroll to Event notifications and find the notification created by C1FSS.
  3. Note down the following: Event name, Lambda function ARN (the BucketListenerLambda), and event type (s3:ObjectCreated:*)
  4. Save this information somewhere accessible (for example, a text file or a ticket comment).

Procedure

  1. Install V1FSS and do not enable any Bucket Scanning.
    1. In the TrendAI Vision One console, go to Cloud SecurityFile Security and select the AWS in the tree.
    2. Click Add Account.
    3. Select Deployment Method: CloudFormation.
    4. Select Single AWS account to onboard.
    5. Fill the required account name field
    6. Enable the FSS feature and select the regions where you want to deploy the File Security scanner.
    7. Choose the deployment method and click Launch Stack in your AWS account.
    8. After the stack creation is successfully completed, the cloud account appears on the AWS account list in Cloud Accounts.
    9. Check the File Storage inventory for the buckets in your account.
      It might take some time to sync your storage to TrendAI Vision One FSS.
      Note
      Note
      Do not enable scanning for any buckets for now to minimize downtime.
    10. Check that tags exist on the scanned bucket.
  2. Remove the C1FSS event notification from the S3 bucket.
    1. In the AWS console, go to S3your target bucketProperties.
    2. Scroll to Event notifications and locate the notification you recorded earlier (the one with the BucketListenerLambda destination).
    3. Select the notification and click Delete.
    4. Type delete to confirm and click Delete.
  3. Enable bucket scanning.
    Note
    Note
    If you wish, you can enable a different bucket from C1FSS to ensure V1FSS scans the files.
  4. Validate that V1FSS is working:
    1. Upload a new file to an S3 bucket.
    2. Check for tags on the new file.
    3. Check the scan activity on the V1FSS scan activity page.
    4. Upload an Eicar file to the S3 bucket.
      #download malware test file and upload to S3 bucket
curl https://secure.eicar.org/eicar.com.txt -o eicar.com.txt && aws s3 cp eicar.com.txt ${source_bucket}
    5. Check the file tags.
    6. Wait for the scan results to sync and the malware detections to be displayed.

Rollback for brief downtime update Parent topic

Procedure

  1. Disable V1FSS first to avoid race condition.
    Go back to V1FSS page and turn off the bucket scan.
  2. If the Event notifications have been removed during migration, in the AWS console click Create event notification and follow the C1FSS event notification details information recorded before.
    C1FSS should work correctly.