File Security Storage provides easy deployment using AWS CloudFormation to integrate automated scanning of files as you upload them into your storage and effortlessly detect all types of malware including viruses, trojans, spyware, and more.
Note
Note
The first time you time deploy a File Security Storage stack, it, by default, monitors all the S3 buckets in which EventBridge is on. When you add or remove the monitoring buckets, File Security Storage stores the list of monitoring buckets in the config. File Security Storage scans buckets based on the config. (This behavior is for backward compatibility. When you upgrade the old File Security Storage template (in which monitoring bucket is simply based on EventBridge on) to the enhanced version (in which monitoring buckets is based on customer’s choice in the console), you are protected without having to re-configure the monitoring bucket.
  • Before stack version 1.2.0, you need to turn on or turn off EventBridge to control whether the scanning is enable or not.
  • In stack versions 1.2.0 or greater, File Security Storage creates an S3 configuration bucket in your environment. it uses the information in this configuration bucket to determine whether to scan a specific bucket. Every time you turn on scanning, File Security Storage enables EventBridge. However, if you turn off scanning, File Security Storage does not disable EventBridge, but rather saves the current scanning status in the configuration bucket.
  • If you already have installed an enhanced version and update the template for new features, the config of the monitoring bucket remains, so you will still be protected by the previous monitoring settings. If, however, you remove the existing stack and then re-install a new stack instead of updating the stack, File Security Storage considers this a new installation, and you lose the previous settings.
When you add a bucket to your CloudFormation template, it does not immediately appear in the File Security Inventory. The Inventory is updated when Trend Vision One carries out its scheduled asset sync. This occurs every hour for licensed Trend Vision One users and once per day for non-licensed users. To have the bucket added in real-time, you can enable Real-Time Posture Monitoring.
To deploy File Security Storage to an existing Trend Vision One AWS account.

Procedure

  1. Go to Cloud SecurityCloud AccountsAWS.
  2. Click the name of your existing AWS account in the list.
    The Cloud Account Settings drawer opens.
  3. Click the Stack Update tab.
  4. For Select Features list, scroll down and enable File Security Storage.
  5. Open the File Security Storage drop-down.
  6. From the Deployment list, select at least one region.
    This is the region where you deploy the File Security Scanner.
  7. Click Copy S3 URL.
  8. In a new browser tab, log in to your AWS account.
  9. In AWS CloudFormation, use the stack name to locate the stack:
    Stack Name: Trend-Vision-One-Cloud-Account-Management
  10. Click Update.
  11. Select Replace current template and paste the copied S3 URL.
  12. Scroll down to the File Storage Security section, and provide the following parameters:
    1. For FileSecurityStorageKMSKeyARNsForBucketSSE, provide a comma-separated list of ARNs for the KMS master keys used to encrypt S3 bucket objects. Leave this field blank if you have not enabled SSE-KMS for the S3 buckets.
    2. For FileSecurityStorageObjectCreatedEventFilter, provide a JSON string of the event pattern to filter the object-created event.
    3. For FileSecurityStorageScannerEphemeralStorage, provide the size, in MBs, of the scanner Lambda function's temp directory.
    4. For FileSecurityStorageQuarantineBucket, enter the bucket in which you want to quarantine malicious files. By default this parameter is global, but you can make it by-region or a combination of both global and by-region. For more information, see Add by-region quarantine and promote buckets in single accounts. Leave this field blank to disable quarantining.
    5. For FileStorageSecurityCleanBucket, enter the bucket in which you want to promote clean files after scanning. By default this parameter is global, but you can make it by-region or a combination of both global and by-region. For more information, see Add by-region quarantine and promote buckets in single accounts. Leave this field blank to disable promoting clean files.
    6. For FileSecurityStorageFailureBucket, enter the bucket in which you want to isolate files who were unable to be scanned. You must specify if you want the parameter to be global or by-region. For more information, see Add a failed scan bucket.
    7. For FileSecurityStorageScanResultTagFormat, enter the format of the scan results tagged on the scanned object.
    8. For SyncBucketsEventBridge, select "true" to sync EventBridge settings.\ for default monitoring of the buckets. Note that if you are updtaing a stack, you need to download template every time using the cloud account management console and going to AWS CloudFormation console to update the template with “Replacing existing template” options.
  13. Scroll to the bottom of the Quick create stack screen, select the acknowledgment options, and click Create stack.
  14. In the Trend Vision One console, click Save Change.

What to do next

Now you need to enable the scanner for the buckets in each region that you enabled in your template. Only buckets whose EventBridge has been enabled in the File Security Storage console are scanned. Buckets whose EventBridge was enabled in the AWS console are not scanned.