Table of contents
Topics on this page
1. Delete your AWS Organization deployment
2. Update to Trend Vision One File Security
3. Verify that the Trend Vision One Endpoint Security protection is working
4. Disable the Cloud One File Security Storage EventBridge rule
5. Enable the Trend Vision One File Security Storage EventBridge Rule
6. Test upload sample files into protected S3 buckets
Estimated downtime

Update to Trend Vision One File Security using APIs

Trend Vision One File Security protects not only your storage, but has additional features that allow you to better protect your files and your CI/CD pipeline.

File Security:

  • Provides flexible deployment using Amazon Web Services (AWS) CloudFormation templates, a software development kit (SDK), command line interface (CLI), or service gateway.
  • File scanning is automatically triggered when someone uploads new files or changes existing files in the cloud storage.
  • Can be added to your CI/CD pipeline to detect malware before files are distributed to your production pipeline or storage.
  • Can be used behind your firewall in either on-premises or cloud environments.
  • Gives you flexibility by enabling workflow integration.
  • Supports event-driven architectures.
  • Applies machine learning through the SDK and Virtual Appliance to increase malware detection with expanded capabilities designed to detect novel threats.
  • Is available in either credit-based or pay-as-you-go models.

1. Delete your AWS Organization deployment

Trend Vision One File Security does not currently support AWS Organization deployment. If you are using Organization deployment, you must delete any Trend Vision One Organization accounts and replace them with individual cloud accounts.

  1. On AWS CloudFormation console, remove the AWS CloudFormation stack.

  2. Go to the Trend Vision One Cloud Account app and delete the Trend Vision One CAM Organization accounts.

2. Update to Trend Vision One File Security

For each cloud account, you need to deploy the Trend Vision One CloudFormation stack with Trend Vision One File Security enabled.

  1. Download The Trend Vision One CloudFormation Template by invoking the Get Template API Doc to download the CloudFormation template.
  2. Modify the CloudFormation template to disable Trend Vision One File Security Storage EventBridge Rule: 
    
V1 CAM Stack
    |
    |-------- TemplateURL of FssStack
                        |
                        |
          V1FSS-Account-Scanner-StackSets
                        |
                        |-------- TemplateURL of FSSStackSet
                                              |
                                              |
                                  V1FSS-Account-Scanner-Stack (Modify State here)
    1. Find Resources: FssStack’s TemplateURL in the V1CAM Stack and download it.
    2. Find Resources: FSSStackSet’s TemplateURL in V1FSS-Account-Scanner-StackSets.yaml and download it.
    3. Modify Resources: OnS3ObjectCreatedRule’s State from ENABLED to DISABLED.
    4. Upload the template to the S3 bucket and ensure the accessibility of the template, and get the Object URL.
    5. Enter the Object URL into the TemplateURL of FSSStackSet.
    6. Upload the template to S3 bucket and to ensure the accessibility of the template and get the Object URL.
    7. Enter the Object URL into the TemplateURL of FssStack.
    8. Upload the template to S3 bucket, ensure the accessibility of the template, and get the Object URL.
    9. Use the Object URL as the input for the AWS CLI create-stack parameter: --template-url.
  3. Deploy the modified CloudFormation template:

3. Verify that the Trend Vision One Endpoint Security protection is working

Go to the Trend Vision One Endpoint Security App, check the account under Computers. You should be able to see all the instances under a cloud account.

4. Disable the Cloud One File Security Storage EventBridge rule

Disable the rule with the prefix matching “-OnS3ObjectCreatedRule”.

default value is “Account-Scanner-TM-FileStorageSecurity”. If you have customized the stack name, find the stack name that you inputted in your Cloud One File Storage Security deployment.

5. Enable the Trend Vision One File Security Storage EventBridge Rule

Enable the rule with the prefix matching “StackSet-V1FSStackSet-”.

6. Test upload sample files into protected S3 buckets

You should run the test by uploading 1 eicar file and 1 clean file.

  1. Verify if the scan result is tagged correctly on the S3 files:

    clean file:

    
{
    "fss-scan-detail-code": 0,
    "fss-scan-date": "YYYY/MM/DD hh:mm:ss",
    "fss-scan-result": "no issues found",
    "fss-scan-detail-message": "-",
    "fss-scanned": true
}

    malicious file (eicar):

    
{
    "fss-scan-detail-code": 0,
    "fss-scan-date": "YYYY/MM/DD hh:mm:ss",
    "fss-scan-result": "malicious",
    "fss-scan-detail-message": "-",
    "fss-scanned": true
}
  2. Verify if the scan results sent to Trend Vision One File Security successfully.
    1. The AWS accounts and S3 buckets are displayed on the Inventory tab.
    2. The scan statistics and detection are displayed on the Scan Activity tab.
If Trend Vision One File Security Storage is working, remove Cloud One File Storage Security Stack.

Estimated downtime

The amount of downtime between disabling the Cloud One rule until verifying the scan results in Trend Vision One is approximately 5-10 minutes per account. You can run this on multiple cloud accounts simultaneously to reduce the overall downtime.