When setting up your Cloud Account Management Terraform template, you have the option
of setting the destination of the scanned files, depending on the results of the scan.
If you do not set the parameters, the scanned files remain in their original location
with metatags indicating their scan result.
File Security Storage supports three types of destination storage accounts:
-
quarantine_storage_account: Specifies the Azure storage account path where files identified as malicious will be quarantined. When a file is detected as malware or contains threats, File Security Storage will move it to this storage account for isolation and further investigation. -
clean_storage_account: Specifies the Azure storage account path where files that pass security scanning will be moved. Clean files are those verified to be free of malware and other security threats. -
failure_storage_account: Specifies the Azure storage account path where files that cannot be scanned will be moved. This includes files that encounter scanning errors, exceed size limits, are corrupted, or have unsupported formats.
You can configure these storage accounts to use custom, regional and global settings.
Note that since these parameters are string type Terraform variables passed through
the CAM main Terraform module to File Security Storage, you must provide the JSON
as an escaped string. Inner double quotes must be escaped with a backslash (\").
-
Regional
-
quarantine_storage_account = "{\"eastus\": \"quarantinefileseusacct\", \"westeurope\": \"quarantinefilesweuacct\"}" -
clean_storage_account = "{\"eastus\": \"cleanfileseusacct\", \"westeurope\": \"cleanfilesweuacct\"}" -
failure_storage_account = "{\"eastus\": \"failurefileseusacct\", \"westeurope\": \"failurefilesweuacct\"}"
-
-
Global (Fallback)
-
quarantine_storage_account = "{\"global\": \"centralquarantineacct\"}" -
clean_storage_account = "{\"global\": \"centralcleanacct\"}" -
failure_storage_account = "{\"global\": \"centralfailureacct\"}"
-
-
Custom (per source account)
-
quarantine_storage_account = "{\"custom\": {\"source-storage-account-name\": {\"destAccount\": \"destination-account-name\"}}}" -
clean_storage_account = "{\"custom\": {\"source-storage-account-name\": {\"destAccount\": \"destination-account-name\"}}}" -
failure_storage_account = "{\"custom\": {\"source-storage-account-name\": {\"destAccount\": \"destination-account-name\"}}}"
-
-
Combined
-
quarantine_storage_account = "{\"custom\": {\"finance-data-acct\": {\"destAccount\": \"finance-quarantine-acct\"}}, \"eastus\": \"general-quarantine-eastus\", \"global\": \"general-quarantine-fallback\"}" -
clean_storage_account = "{\"custom\": {\"finance-data-acct\": {\"destAccount\": \"finance-clean-acct\"}}, \"eastus\": \"general-clean-eastus\", \"global\": \"general-clean-fallback\"}" -
failure_storage_account = "{\"custom\": {\"finance-data-acct\": {\"destAccount\": \"finance-failure-acct\"}}, \"eastus\": \"general-failure-eastus\", \"global\": \"general-failure-fallback\"}"
-
To set these optional parameters, carry out the following before deploying the terraform
template. If you have already deployed the template, you need to redeploy the template.
-
In the template package, find the
main.tffile. -
In the file, locate the file-storage-security section.
module "file-storage-security" { source = "https://v1-file-security-storage.s3.amazonaws.com/latest/azureTemplates/azure-templates.zip" business_id = module.cam.v1_account_id subscription_id = module.cam.subscription_id resource_group_location = module.cam.cam_deployed_region bootstrap_token = "<bootstrap token>" fss_api_endpoint = "https://api.xdr.trendmicro.com/external/v2/direct/sfc/external/sfc/api" xlogr_api_endpoint = "https://xlogr-ue1.xdr.trendmicro.com" fss_bucket_name = "v1-file-security-storage" quarantine_storage_account = "" clean_storage_account = "" failure_storage_account = "" } -
Update the following parameters with the desired Azure storage account:
module "file-storage-security" { # ... other configuration ... quarantine_storage_account = "" clean_storage_account = "" failure_storage_account = "" } -
Run the
deploy.shscript.