Topics on this page
file-storage-security_whats_new 1
File Storage Security now supports the Calgary (ca-west-1) region on AWS. For more information, see What's supported in AWS.
file-storage-security_whats_new 2
File Storage Security now supports the Spain (eu-south-2) region on AWS. For more information, see What's supported in AWS.
file-storage-security_whats_new 3
Fixed the issue where the AWS stacks could not be deployed on the File Storage Security console if the stacks were deployed on an AWS account where the AWS region's STS of the selected Cloud One region was not activated.
file-storage-security_whats_new 4
The Azure Functions Service Bus Extension for Azure blob listener and post-scan functions have been updated to v5.x.
file-storage-security_whats_new 5
Fixed the issue where Lambda VPC setting could not be removed in the stack update when the VPC setting-related parameters were empty.
This requires a stack update.
file-storage-security_whats_new 6
Fixed the issue where the AWS scanner function sometimes did not retry the scan for scan error scan results.
This requires a stack update.
file-storage-security_whats_new 7
Updated the Azure Service Bus SDK's version to 7.10.0 in the Azure scanner to mitigate the Authorization timeout issue during publishing scan results to the Service Bus.
file-storage-security_whats_new 8
The AWS Lambda now runs on Python 3.11 runtime. AWS Lambda Python 3.8 is scheduled to be deprecated later this year by AWS. For more information, see Lambda runtimes. It is recommended to update the runtime as soon as possible by updating the Scanner Stack, Storage Stack, and Account Scanner Stack.
This requires a stack update.
file-storage-security_whats_new 9
Fixed the issue where the AWS scanner function sometimes reported an "Invalid license status" message in the scan results due to unstable network status.
file-storage-security_whats_new 10
Created a custom role Trend Micro File Storage Security Bucket Listener Storage Role to access the scanning bucket in a GCP stack's Terraform deployment to prevent a predefined role's IAM binding from being overwritten.
This requires a stack update.
file-storage-security_whats_new 11
The GCP scanner function auto retry on failure is now enabled. This mitigates a known issue where the cloud function randomly threw an error when performing HTTP requests.
This requires a stack update.
file-storage-security_whats_new 12
The GCP functions currently run in the Node.js 20 and Python 3.12 runtimes. Both python38 and nodejs16 runtimes are scheduled to be deprecated later this year by GCP. For more information, see Runtime support. It is recommended to update the runtime as soon as possible by updating the Scanner Stack and Storage Stack.
This requires a stack update.
file-storage-security_whats_new 13
File Storage Security now supports Hyderabad (ap-south-2) and Melbourne (ap-southeast-4) regions on AWS. For more information, see What's supported in AWS.
file-storage-security_whats_new 14
Fixed the issue where the Azure scanner function was vulnerable in the dependent modules.
file-storage-security_whats_new 15
Fixed the issue of Azure template deployment failure by adding explicit dependencies in Application Insights to ensure that the Log Analytics workspace was deployed before them.
file-storage-security_whats_new 16
A new parameter ScanResultTagFormat has been added to the AWS All-in-one, Storage Stack and Account Scanner template. You can now select tag format for the post scan action tag. For more information, see View tags.
This requires a stack update.
file-storage-security_whats_new 17
File Storage Security now supports Sweden Central (swedencentral) region on Azure. For more information, see What's supported in Azure.
file-storage-security_whats_new 18
File Storage Security now supports Jakarta (ap-southeast-3) and Zurich (eu-central-2) regions on AWS. For more information, see What's supported in AWS.
file-storage-security_whats_new 19
Update urllib3 version to 1.26.18 in scanner to resolve CVE-2023-45803
file-storage-security_whats_new 20
You need to update your Azure Scanner and Storage Stacks to migrate the classic Application Insights to the workspace-based Application Insights before Feb 29, 2024.
For more information, see We are retiring Classic Application Insights on 29 February 2024 on the official Azure site. It is recommended to migrate the Application Insights by updating your Scanner and Storage Stacks as soon as possible.
In the Azure deployment templates, a new parameter VNETRestrictedAccessForAzureMonitorResources was added, so that you can allow or disallow public network access to those Azure Monitor resources deployed by the templates. The parameter, VNETRestrictedAccessForApplicationInsights, will be replaced by the new one and be deprecated after October 31st, 2024.
This requires a stack update.
file-storage-security_whats_new 21
The AWS, Azure, and GCP scanners with Advanced Threat Scan Engine (ATSE) 22.610.1017 are now available.
file-storage-security_whats_new 22
Fixed the issue where the scanner Lambda function repeatedly sent a scan event to the File Storage Security backend.
file-storage-security_whats_new 23
Fixed the issue where the scanner Lambda function may timeout when failing to connect to File Storage Security backend.
file-storage-security_whats_new 24
A new parameter ExclusiveBucketList has been added to the AWS Account Scanner template. You can now ignore some S3 buckets for scanning, and the quarantine bucket will be skipped as well.
This requires a stack update.
file-storage-security_whats_new 25
Fixed the issue where the object names of GCP scan activities contained Google Cloud Storage bucket names.
file-storage-security_whats_new 26
The retry period for the scan error of the AWS scanner is shortened from 12 minutes to 4 minutes.
This requires a stack update.
file-storage-security_whats_new 27
File Storage Security now supports Australia East (australiaeast), Australia Southeast (australiasoutheast) and Japan West (japanwest) regions on Azure. For more information, see What's supported in Azure.
file-storage-security_whats_new 28
Fixed the performance issue when large number of files were uploaded to the Azure storage account.
This requires a stack update.
file-storage-security_whats_new 29
Fixed the issue of cross-service confused deputy problem in the AWS stacks. To update the existing stacks, the iam:UpdateAssumeRolePolicy permission is required.
This requires a stack update.
file-storage-security_whats_new 30
Fixed the issue where the Azure scanner function was vulnerable in the dependent modules.
file-storage-security_whats_new 31
Fixed AWS Account Scanner's PostScanActionLambda Lambda function where it was unable to send message to an encrypted DLQ due to lacking permission to access KMS key responsible for DLQ encryption.
This requires a stack update.
file-storage-security_whats_new 32
Fixed the issue where the Azure scanner function was vulnerable in the dependent modules.
file-storage-security_whats_new 33
Fixed the issue where the GCP scanner cloud function was vulnerable in the dependent modules.
file-storage-security_whats_new 34
The following Azure security configurations are now used for the storage accounts deployed in the Azure stacks:
- The
allowBlobPublicAccessproperty is set tofalse. - The
supportsHttpsTrafficOnlyproperty is set totrue.
This requires a stack update.
file-storage-security_whats_new 35
Fixed the issue where the scanner Lambda function was vulnerable in the dependent modules.
file-storage-security_whats_new 36
The scanner is now able to report if a PDF file is password-protected.
file-storage-security_whats_new 37
File Storage Security now provides AWS account scanner stacks which are capable to protect all AWS S3 buckets in your AWS account. For details, see Deploy account scanner stacks.
file-storage-security_whats_new 38
Fixed an issue where some Azure scanners could not scan files and sent scan results containing "failed to verify license" in the error message.
file-storage-security_whats_new 39
Osaka region now supports S3 object lambda to scan files. For more information, see Scan existing files in the S3 bucket to scan.
file-storage-security_whats_new 40
Fixed an issue where the Scanner Stack function application could not be scaled out when deploying your Azure stacks into a private network using VNet integration.
This requires a stack update.
file-storage-security_whats_new 41
Fixed the timeout issue when the Azure scanner function scaled out instances during a large scan and enhanced the performance of the Azure scanner.
file-storage-security_whats_new 42
The GCP Bucket listener now support objectFilterPrefix. For more information, see Add GCP stack.
This requires a stack update.
file-storage-security_whats_new 43
Azure VNet integration is now available for enhanced security and network isolation, see Deploy in Azure VNet.
file-storage-security_whats_new 44
Fixed the issue that caused File Storage Security to fail to update Cloud Functions, scanner license, and patterns in GCP stacks. If you are deploying File Storage Security via GCP (Deployment Manager), run the following commands in the Cloud Shell of the GCP console:
gcloud iam roles update trend-micro-fss-service-account-management-role --project=<PROJECT_ID> --add-permissions=iam.serviceAccounts.actAs
gcloud iam service-accounts add-iam-policy-binding <BUCKET_LISTENER_SERVICE_ACCOUNT>@<STORAGE_STACK_PROJECT_ID>.iam.gserviceaccount.com --member="serviceAccount:<MANAGEMENT_SERVICE_ACCOUNT_ID>@<MANAGEMENT_SERVICE_ACCOUNT_PROJECT_ID>.iam.gserviceaccount.com" --role="projects/
<PROJECT_ID>/roles/trend_micro_fss_service_account_management_role"
gcloud iam service-accounts add-iam-policy-binding <POST_SCAN_ACTION_TAG_SERVICE_ACCOUNT>@<STORAGE_STACK_PROJECT_ID>.iam.gserviceaccount.com --member="serviceAccount:<MANAGEMENT_SERVICE_ACCOUNT_ID>@<MANAGEMENT_SERVICE_ACCOUNT_PROJECT_ID>.iam.gserviceaccount.com" --role="projects/<PROJECT_ID>/roles/trend_micro_fss_service_account_management_role"
If you are deploying File Storage Security via GCP (Terraform), this requires a stack update.
file-storage-security_whats_new 45
File Storage Security now supports Milan (eu-south-1) and Bahrain (me-south-1) regions on AWS. For more information, see What's supported in AWS.
file-storage-security_whats_new 46
The AWS Bucket Listener Lambda function now generates presigned URLs by regional S3 endpoint to prevent a URL temporary redirect when scanning a newly created scanning bucket. For more information, see Why am I getting an HTTP 307 Temporary Redirect response from Amazon S3?
file-storage-security_whats_new 47
TLS 1.2 is now the minimum version required for Azure functions and Azure service buses deployed in the Azure stacks.
This requires a stack update.
file-storage-security_whats_new 48
Fixed the issue that caused the AWS Scanner DLQ function to fail. This issue only impacts scanner stacks deployed from February 22, 2023 to March 31, 2023. It requires a manually-updated Lambda code to fix. For instructions on manually updating the Lambda code, see Update AWS components
file-storage-security_whats_new 49
File Storage Security now supports AWS S3 object eTag and GCP Cloud Storage CRC32C in the message of the scan result.
file-storage-security_whats_new 50
File Storage Security now supports UAE (me-central-1) region on AWS. For more information, see What's supported in AWS.
file-storage-security_whats_new 51
For all Azure storage accounts created in the stacks, the allowBlobPublicAccess property is set to false.
This requires a stack update.
file-storage-security_whats_new 52
File Storage Security now supports AWS S3 bucket and file name in the message of SNS scan result topic.
file-storage-security_whats_new 53
File Storage Security now supports deploying GCP stacks by using Terraform.
file-storage-security_whats_new 54
The AWS, Azure, and GCP scanners with Advanced Threat Scan Engine (ATSE) 21.600.1005 are now available for use.
file-storage-security_whats_new 55
Fixed the issue that caused the GCP Scanner DLT function to fail.
file-storage-security_whats_new 56
GCP Scanner now supports scanning larger files in zip files.
file-storage-security_whats_new 57
Fixed the issue that the GCP Scanner function would time out when scanning certain files.
file-storage-security_whats_new 58
You need to update your Azure Scanner Stack and Storage Stack to update the function app's runtime to version 4.x before Dec 3, 2022. Beginning on December 3, 2022, function apps running on versions 2.x and 3.x of the Azure Functions runtime can no longer be supported. For more information, see Azure Functions runtime versions overview. We encourage you to update the runtime as soon as possible by updating your Scanner Stack and Storage Stack. This functionality requires a stack update.
file-storage-security_whats_new 59
Azure Scanner now supports scanning larger files in zip files.
file-storage-security_whats_new 60
Fixed the issue that the Azure Scanner function would time out when scanning certain files.
file-storage-security_whats_new 61
Fix the issue where GCP PU displays the fss-error-message metadata even if the scan success.
file-storage-security_whats_new 62
Fixed the issue where the AWS Scanner Lambda function would lose the environment variable configuration in some situations when updating stack parameters.
file-storage-security_whats_new 63
File Storage Security now supports Cape Town (af-south-1) region on AWS. For more information, see what's supported in AWS.
file-storage-security_whats_new 64
File Storage Security now supports automatic function code update for GCP. This functionality requires a stack update.
file-storage-security_whats_new 65
File Storage Security now supports Hong Kong (ap-east-1) region on AWS. For more information, see what's supported in AWS.
file-storage-security_whats_new 66
The File Storage Security console now displays scan error events below the scan history chart.
file-storage-security_whats_new 67
Updated File Storage Security supported GCP regions. For details, see what's supported in GCP.
file-storage-security_whats_new 68
File Storage Security now supports Automatic Pattern Update for GCP. This functionality requires a stack update.
file-storage-security_whats_new 69
File Storage Security now supports Scan Activity for GCP.
file-storage-security_whats_new 70
Fixed the issue that the AWS Scanner Lambda function would time out when scanning certain files.
file-storage-security_whats_new 71
Fixed the issue where GCP deployment scripts cannot deploy the stacks.
file-storage-security_whats_new 72
File Storage Security now supports the scanning of files uploaded to Google Cloud Storage bucket. For details, see GCP Architecture and flow. The Scan Activity for GCP is coming soon.
file-storage-security_whats_new 73
We would like to remind you to update the AWS Scanner Stack to update Scanner Lambda function's runtime to Python 3.8 before July 18, 2022. The AWS Scanner Lambda is now running on Python 3.8 runtime. Python 3.6 runtime will be end of support by AWS at July 18, 2022. For more information, see Runtime deprecation policy. We encourage you to update the runtime as soon as possible by updating the Scanner Stack. This functionality requires a stack update.
file-storage-security_whats_new 74
The File Storage Security console now replaces the parameter objectId of the Azure CLI with id.
file-storage-security_whats_new 75
You can configure a larger ephemeral storage for the AWS Scanner Lambda to scan larger files in zip files. This functionality requires a stack update.
file-storage-security_whats_new 76
Fixed the issue where updating a stack to update Lambda function's Python runtime did not take effect and caused the Lambda function to lose the license and the latest pattern Lambda layer. This functionality requires a stack update.
file-storage-security_whats_new 77
You can now configure the File Storage Security console's time display on the User Setting page of the Cloud One console.
file-storage-security_whats_new 78
The Scan History chart in the File Storage Security console now displays the event counts with the format numbers.
file-storage-security_whats_new 79
The storage stack table in the File Storage Security console now displays the header in the order of:
- under the AWS tab: Bucket Name, AWS Account, Storage Stack, and Stack Created.
- under the Azure tab: Storage Account Name, Subscription Name, Storage Stack, and Stack Created.
file-storage-security_whats_new 80
The File Storage Security console now displays scan error events below the scan history chart.
file-storage-security_whats_new 81
The AWS Scanner Lambda is now running on Python 3.8 runtime. Python 3.6 runtime will be end of support by AWS at July 18, 2022. For more information, see Runtime deprecation policy. We encourage you to update the runtime as soon as possible by updating the Scanner Stack. This functionality requires a stack update.
file-storage-security_whats_new 82
The File Storage Security console now displays a new introduction page for new users.
file-storage-security_whats_new 83
Fixed the issue where AWS and Azure scanner DLQ handler did not publish 'unsuccessful scanner invocation' scan result, and the objects were not tagged when scanner timed out.
file-storage-security_whats_new 84
The File Storage Security console now displays a new introduction page as the landing page.
file-storage-security_whats_new 85
The malware name displayed in the File Storage Security console is now a link to the malware information on the TrendMicro Threat Encyclopedia website.
file-storage-security_whats_new 86
The scan result now includes the timestamp when the scan started in scan_start_timestamp.
file-storage-security_whats_new 87
The File Storage Security console now displays time strings in the specific time zone based on CloudOne Account Settings.
file-storage-security_whats_new 88
The AWS scan result now includes the S3 request ID in xamz_request_id.
file-storage-security_whats_new 89
The File Storage Security console now displays malicious events below the scan history chart.
file-storage-security_whats_new 90
AWS storage stack now provides the option to encrypt the SNS ScanResultTopic. If this option is enabled, the AWS scanner stack can also send the scan result to an encrypted topic. For more information, see Add AWS stacks. This functionality requires a stack update.
file-storage-security_whats_new 91
File Storage Security now supports the ability to choose whether to report object key in the scanning events to backend service. When deploying stacks in cloud providers, enable the option to see the object keys of the malicious objects in the response of events API. This functionality requires a stack update.
file-storage-security_whats_new 92
File Storage Security now supports scanning more than 50 buckets if the storage stack and scanner stack are in the same AWS account.
file-storage-security_whats_new 93
The Lambda scanner now sends scan events to the File Storage Security backend by API instead of AWS SNS topic.
file-storage-security_whats_new 94
Fixed the issue where scanner cannot send scan events to File Storage Security backend. The scanner stacks which are added after October 28th are not affected.
file-storage-security_whats_new 95
File Storage Security now supports scanning buckets with dot in the name.
file-storage-security_whats_new 96
AWS stacks now support specifying a list of additional IAM policies for all the IAM roles created by File Storage Security.
This provides another option for users to control the permissions of File Storage Security in addition to permissions boundary.
For more information, see Add AWS stacks and AWS permissions control.
file-storage-security_whats_new 97
File Storage Security console now disables the stack deployment buttons and the stack deleting button if the Cloud One user has Read Only role.
file-storage-security_whats_new 98
The following Azure security configurations are used for the functions and storage accounts deployed in the Azure stacks:
- For all Azure functions, the
httpsOnlyproperty is set totrue. - For all Azure storage accounts, the
minimumTlsVersionproperty is set toTLS1_2.
This functionality requires a stack update.
file-storage-security_whats_new 99
Fixed the issue where stacks disappear from the console.
file-storage-security_whats_new 100
AWS storage stack now provides the option to deploy with a dead-letter queue. This functionality requires a stack update. For more information, see Storage Stack DLQ.
file-storage-security_whats_new 101
AWS stacks now support specifying a permissions boundary for all the IAM roles created by File Storage Security.
This allows users to make sure the roles created by File Storage Security are limited to a scope of permissions.
For more information, see Add AWS stacks and AWS permissions control.
file-storage-security_whats_new 102
Fixed the issue where the S3 bucket's event notification was not removed correctly after deleting a stack that specified the ObjectFilterPrefix parameter. This functionality requires a stack update.
If the stack has already been deleted, you need to remove the bucket's event notification manually. For more information, see Enabling event notifications.
file-storage-security_whats_new 103
The scan statistics and events APIs now support the 'storage' parameter. This allows API users to filter their File Storage Security scan results by storage.
For more information, see List scan statistics and List events.
file-storage-security_whats_new 104
Fixed the issue where updating stacks in AWS sometimes fails at updating Lambda aliases with ResourceConflictException.
file-storage-security_whats_new 105
Azure storage stack now enables dead lettering for both the protecting blob storage's Event Grid System Topic and the Post Scan Action Tag function's subscription to the Scan Result Topic. You can find the resource ID of the dead-letter storages in the blobSystemTopicDeadLetterStorageID and blobScanResultSubscriptionDeadLetterQueueID fields on the storage stack's deployment Outputs page. This functionality requires a stack update.
You monitor errors that occur during Azure functions that either process the blob created events or set the scan results to the blob's metadata or index tags from the dead-letter storages. For more information, see Monitor errors.
file-storage-security_whats_new 106
File Storage Security now supports the scanning of files uploaded to Azure Data Lake Storage Gen2.
file-storage-security_whats_new 107
Azure storage stack's Post Scan Action function requires the Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write permission to update the Azure Blob metadata.
File Storage Security now provides the option of tagging the scan results on Azure Blob metadata via the All-in-One Stack and the Azure Storage Stack's ARM template. This functionality requires a stack update.
file-storage-security_whats_new 108
Fixed the issue where deploying stacks in AWS sometimes fails at creating Lambda aliases with ResourceConflictException.
file-storage-security_whats_new 109
Fixed the issue where clicking Launch Stack of AWS, the AWS region is not matching the selected region from the console.
file-storage-security_whats_new 110
File Storage Security now supports the scanning of files uploaded to Azure Blob storage. For details, see Azure Architecture and flow.
file-storage-security_whats_new 111
Fixed the issue where scanner stacks disappeared after deleting one scanner stack.
file-storage-security_whats_new 112
All-in-one stacks and storage stacks can now be deployed with ObjectFilterPrefix to only invoke BucketListenerLambda on objects with a given prefix.
This feature binds the s3:ObjectCreated:* event only on the given prefix.
Previously, if the s3:ObjectCreated:* event of the scanning bucket was partially in use,
you could only deploy the stacks by setting the TriggerWithObjectCreatedEvent option to false.
Now with ObjectFilterPrefix, you can deploy the stack on a prefix that hasn't been used.
This feature also helps you to limit the scans on a certain bucket prefix.
For more information, see s3:ObjectCreated:* event in use.
file-storage-security_whats_new 113
Fixed the issue where stacks with prefix parameters cannot be updated to latest template.
file-storage-security_whats_new 114
Fixed an issue where scan counts displayed incorrectly when switching the interval of the Scan History chart from days to hours.
file-storage-security_whats_new 115
The statistics and events API now supports azure in the provider parameter, allowing API users to retrieve their File Storage Security scan results of Azure stacks.
file-storage-security_whats_new 116
Launch Stack for AWS now supports auto population of a storage stack parameter, ScannerLambdaAliasARN.
Previously, users wanting to enable scan on getObject request for AWS S3 buckets had to look up the alias ARN when using Launch Stack to deploy storage stacks.
For more information, see Add a storage stack on console and Scan on getObject request.
file-storage-security_whats_new 117
Fixed the issue where updating a stack from certain versions of template caused the Lambda function to lose the license and the latest pattern Lambda layer. This functionality requires a stack update.
file-storage-security_whats_new 118
File Storage Security now supports scanning AWS S3 getObject requests. The scan is performed when the client sends a GET request to S3 to get an object and if the object is malicious, the request is rejected.
This feature helps users to make sure all files are scanned with the latest pattern right before being downloaded. It's also an alternative to setting up a scheduled scan or scanning on existing files.
For more information, see Scan on getObject request.
file-storage-security_whats_new 119
Fixed the issue where clicking Launch Stack to deploy stacks on Azure (in preview) caused the Azure portal to display this error message:
There was an error downloading the template from URI 'https://file-storage-security-preview.s3.amazonaws.com/latest/arm-templates/FSS-All-In-One-Template.json'. Ensure that the template is publicly accessible and that the publisher has enabled CORS policy on the endpoint. To deploy this template, download the template manually and paste the contents in the 'Build your own template in the editor' option below.
file-storage-security_whats_new 120
Added the UI notifications Stack has been deployed and Stack information can't be retrieved for the stack deployment. Before the enhancement, the notifications displayed "Something went wrong" for these issues.
1. Stack has been deployed: This notification now displays when the stack is created after the deployment but the GET API request of the created stack has reached the maximum number of retries.
2. Stack information can't be retrieved: This notification now displays when the stacks are deployed with incorrect parameters in your cloud account and File Storage Security is not able to retrieve the information it needs.
file-storage-security_whats_new 121
Stacks API now provides scannerLambdaAliasARN in details of AWS scanner stack.
For more information see Describe Stack or List Stacks.
file-storage-security_whats_new 122
Fixed the issue where console cannot display, add stacks or view scan activities when coming from Cloud One home page.
file-storage-security_whats_new 123
Lambda functions in scanner stacks and storage stacks can now be deployed in a VPC. This functionality requires a stack update.
For more information, see Deploy FSS in a VPC.
file-storage-security_whats_new 124
Fixed the issue where updating a stack with a template caused the Lambda function to lose the license and the latest pattern Lambda layer. This functionality requires a stack update.
file-storage-security_whats_new 125
The scan result now has a new key, xamz_request_id with an empty string value.
We will soon pass the request ID of S3 to that field.
file-storage-security_whats_new 126
Fixed the issue where updating a stack with a template caused Lambda alias TM-FSS-Managed to point to the previous version instead of the latest one. This functionality requires a stack update.
file-storage-security_whats_new 127
Statistics and events API will soon support azure in provider parameter in a preview release,
allowing API users to retrieve their File Storage Security scan results of Azure stacks.
file-storage-security_whats_new 128
Statistics API now supports provider query parameter. Currently it only allows one value, aws.
Support for azure in preview will be added later.
NOTE: API users that don't want statistics results from both AWS and Azure scans when Azure scan statistics is supported
should add provider=aws in the query parameter to focus on AWS results only.
For more information, see List scan statistics.
file-storage-security_whats_new 129
Fixed the issue where updating a stack with a template caused files uploaded to AWS S3 buckets to not be scanned and report an invalid license status message in the scan results. This functionality requires a stack update.
file-storage-security_whats_new 130
The ability to deploy scanner stacks and storage stacks to Azure has been added to the console, allowing scanning of files uploaded to an Azure storage container.
file-storage-security_whats_new 131
Stacks APIs for managing Azure stacks are now available in a preview release, allowing API users to create, describe, list and delete Azure stacks on File Storage Security. For more details, click here.
file-storage-security_whats_new 132
Events API is now available, allowing API users to retrieve their File Storage Security scan results of AWS stacks. For more details, click here.
file-storage-security_whats_new 133
Removes CopyZipsDestBucket and related resources in scanner stacks and storage stacks. Also removes S3BucketPrefix parameter, which is used as the prefix of CopyZipsDestBucket name. This functionality requires a stack update.
This update enables customers who do not have permissions to create S3 buckets to deploy their stacks (since it removes the need to create CopyZipsDestBucket).
file-storage-security_whats_new 134
PostScanActionTagLambda has two new tags, fss-scan-detail-code and fss-scan-detail-message,
providing more detail about scans for the S3 object, especially scans that were skipped.
The new tags help you make decisions in the downstream workflows on how to handle the scanned file.
NOTE: If your workflows monitor these detail codes with CloudWatch logs, then, before October 1, 2021, use the new field in scan results or the new tags instead.
For more information, see View Tags.
file-storage-security_whats_new 135
Scanner Lambda now publishes scan detail codes about skipped scans in scan result and ScanResultTopic. The new field helps you make decisions in the downstream workflows on how to handle the scanned file.
NOTE: If your workflows monitor these detail codes with CloudWatch logs, then, before October 1, 2021, use the new field in scan results instead.
For more information, see Scan result format.
file-storage-security_whats_new 136
Fixed the issue where BucketListenerLambda violates the rule Lambda function policies should prohibit public access from AWS Security Hub.
file-storage-security_whats_new 137
After adding a stack in the console, the waiting time is increased, which reduces the chance of getting a timeout error.
file-storage-security_whats_new 138
Fixed the issue where the Scan History chart used an incorrect aspect ratio for the latest version of the Safari web browser.
file-storage-security_whats_new 139
Fixed the issue where creating a folder in the scanning bucket would trigger a scan.
file-storage-security_whats_new 140
The PostScanActionTagLambda now tags object without issues with no issues found, instead of clean.
To migrate from the breaking change, modify your downstream workflow that checks fss-scan-result tag.
For more information, see Monitor scan results.
file-storage-security_whats_new 141
Prevent API requests when the Scan History chart is loading. The Scan History chart prevents scrolling the timeline past the current time or later than 30 days ago. The Scan History chart displays a minimum bar size for an item with small values to ensure that the bar is still visible.
file-storage-security_whats_new 142
Lambda functions in scanner stacks and storage stacks can now use provisioned concurrency on the Lambda alias TM-FSS-MANAGED. This functionality requires a stack update.
Since the alias TM-FSS-MANAGED has been added to the Lambda functions in the scanner and storage stacks, users can employ this alias for the "provisioned concurrency" setting of AWS Lambda functions. The provisioned concurrency setting is optional, but setting it up is expected to improve performance.
For more information, please see "How can performance be improved?" and "Configuring provisioned concurrency".
Warning: Do not configure routing on the Lambda alias TM-FSS-MANAGED. This may cause management problems.
file-storage-security_whats_new 143
Prevent auto-sliding when the cursor is hovering on the tour guide dialog box.
file-storage-security_whats_new 144
The Scan Activity page has been added, which includes the Scan History chart and its scan counter, so users can see a summary of scan results from within File Storage Security. For details, see View scan results on the console Scan Activity page.
file-storage-security_whats_new 145
Fixed the issue that sometimes storage stacks cannot be added to the console if there were another storage stack(s) deleted from the same scanner stack.
file-storage-security_whats_new 146
Statistics API is now available, allowing API users to customize their File Storage Security scan results. For more details, click here.
file-storage-security_whats_new 147
The API now prevents Cloud One read-only role from using create or delete API.
file-storage-security_whats_new 148
All-in-one stacks and storage stacks can now be deployed if the s3:ObjectCreated:* event of the scanning bucket is in use by setting the TriggerWithObjectCreatedEvent option to false.
You can then trigger the scans by invoking the deployed BucketListenerLambda in storage stacks.
file-storage-security_whats_new 149
Fix the storage stack issue with switching from one scanning bucket to another. This functionality requires a stack update.
file-storage-security_whats_new 150
File Storage Security can support SQS queues that have server-side encryption (SSE) for a queue. This functionality requires a stack update.
file-storage-security_whats_new 151
The Python runtime of CopyZipsLambda has been upgraded to 3.8 to address the AWS SDK change. This functionality requires a stack update.
file-storage-security_whats_new 152
File Storage Security can now scan S3 buckets that have server-side encryption with customer master keys (CMKs) stored in AWS Key Management Service (SSE-KMS). This functionality requires a stack update.
file-storage-security_whats_new 153
All-in-one stacks, scanner stacks and storage stacks can now specify resource prefix for IAM role name, IAM policy name, bucket name, Lambda function name, Lambda layer name, SQS queue name and SNS policy name. This functionality requires a stack update.
file-storage-security_whats_new 154
Advanced Threat Scan Engine (ATSE) inside Scanner Lambda has been updated to 12.500.1004.
file-storage-security_whats_new 155
The columns of the stack table can now be resized.
file-storage-security_whats_new 156
The tour guide dialog box now displays for first-time visitors.
file-storage-security_whats_new 157
From now on, scanner stacks do not collect S3 object keys by default.
file-storage-security_whats_new 158
The AWS region selector in Deploy modal dialog boxes now displays the default value based on the last selected.
file-storage-security_whats_new 159
Fix memory leaks in scanner stack.
file-storage-security_whats_new 160
File Storage Security has left private preview and is now globally available.
file-storage-security_whats_new 161
The Deploy All-in-One Stack, Deploy Scanner Stack and Deploy Storage Stack dialog boxes now support deploying to the dedicated AWS regions.
Scanner stacks and storage stacks can now be deleted.
Change of the background color of the active stack.
The stack output now provides the value of the SNS ScanResultTopic ARN for the all-in-one stack and storage stack. This functionality requires a stack update.
file-storage-security_whats_new 162
A Deploy button now appears on the console's main page.
The Deploy dialog box contains the two clickable options. Deploy All-in-One Stack and Deploy Scanner Stack.
New Delete Stack API for deleting stacks.
file-storage-security_whats_new 163
List Stacks API now returns the correct attribute, next (instead of cursor), for paging the results.
file-storage-security_whats_new 164
Scanner stacks and storage stacks now create management-related IAM roles with more limited permissions. This functionality requires a stack update.
file-storage-security_whats_new 165
The default stack names are now All-in-one-TM-FileStorageSecurity and Storage-TM-FileStorageSecurity.
file-storage-security_whats_new 166
Scanner stacks and storage stacks now create IAM policies with more limited permissions. This functionality requires a stack update.
file-storage-security_whats_new 167
The stack table now displays a spinner when data is loading.
The Scanner Policy and Storage Policy columns were removed from the console's main page since they didn't contain enough information to justify their presence.
The Deploy All-in-One Stack dialog box now displays a link to the Help Center.
An Add Post-Scan Action button now appears on the console's main page.
The instructions in the Deploy All-in-One Stack and Add Storage dialog boxes are now more descriptive.
The stack table can now be resized.
file-storage-security_whats_new 168
The PostScanActionTagLambda no longer overwrites a file's existing AWS tags with its own fss-* tags. (If a file has previously been scanned, and is then scanned again, its existing fss-* tags will be overwritten by newer ones from the latest scan.) This functionality requires a stack update.
file-storage-security_whats_new 169
The ScanningBucket resource was removed from the storage stack. The storage stack now only supports scanning on an existing bucket. This functionality requires a stack update.
file-storage-security_whats_new 170
The BytesTransferred attribute is no longer included in the scanner result message.
file-storage-security_whats_new 171
When a problem occurs loading the console, a friendly error message is now displayed in the browser window instead of a blank page.
file-storage-security_whats_new 172
The objects in the CopyZipsDestBucket S3 bucket are now encrypted using Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3). This functionality requires a stack update.
file-storage-security_whats_new 173
The header of the stack table now sticks to the top while the stack table is scrolling vertically.
The stack table now displays the default message if no data is received from the API.
The storage stack table is now a fluid width. (The scanner stack table remains a static width.)
file-storage-security_whats_new 174
The Data Collection Notice is now available here.
file-storage-security_whats_new 175
The stack table now supports sorting by stack name and infinite scrolling.
file-storage-security_whats_new 176
The console now includes an arrow button at the end of each row in the stacks table. Clicking the arrow expands the row.
The console now displays the active scanner stack in a different background color to indicate that it's selected.
file-storage-security_whats_new 177
The console now displays useful on-hover tooltips in the stacks table.
file-storage-security_whats_new 178
The Request Preview Access button is now available on the Coming Soon page.
file-storage-security_whats_new 179
During a stack creation, a failure notification may have been incorrectly displayed when you submitted the management role ARN. This issue has been fixed.
file-storage-security_whats_new 180
The scanner stack would not scan if it was deployed in a different AWS account from the storage stack in a cross-account scenario. This issue has been fixed.