This blog is used to create a secure S3 bucket in an AWS account Using Trend Micro file storage security service

Trend Micro Cloud One has lots of products to secure our cloud, container and data centre. Which works for both enterprise data centres and in the cloud.

Here we are going to see setup file storage security on the S3 bucket if any user will upload the file into the bucket then trend micro FSS service scanned files and show the activity in the trend micro cloud one console and then we can transfer the cleaned file into promote bucket and malicious file into the quarantined bucket.

Prerequisite

Trend Micro cloud one access

AWS account admin access

Three Bucket for scan bucket, quarantined bucket and promote bucket

Setup

Login into Trend Micro Cloud Console Trend Micro Cloud One

Select File Security Storage

Click on Deploy

Select Scanner Stack and Storage Stack and Select us-west-2 (Oregon) region

Click on launch stack in AWS Account it will create a nested stack

Specify the scan bucket name in the S3BucketToScan parameter

After stack completion, we can see that we have two Stack Scanner Stack and Storage stack.

Copy and paste ScannerStackManagementRoleARN in trend micro console Deploy All-in-One-Stack Dialog box

Then add storage stack in trend micro-console, click on Add Storage

Copy and paste StorageStackManagementRoleARN in the trend micro console Deploy Storage Stack Dialog box

Trend Micro Cloud One Scan Activity

Step to setup Post scan Action Plugin

After completing Storage and Scanner stack we need to create a function to place clean files in one bucket and malicious files in another

Click on create a link to build lambda function stack ‘serverlessrepo-cloudone-filestorage-plugin-action-promote-or-quarantine’ name

Copy ScanResultTopicARN from Storage Stack and paste it into the ScanResultTopicARN parameter

Specify, and in cloud formation stack parameter

Test the solution

Download the Malicious zip file from this link

Upload the Zip file into the Scanned bucket

Upload and clean the file in the scanned bucket

Now we can monitor Scan Activity in Trend Micro Console

Also, files are removed from the scanned bucket to the Quarantined bucket and Promote Bucket

Conclusion

Trend Micro has which we can use to secure our data in cloud and enterprise data centres. Such as here we have used a file storage security service to secure data in an S3 bucket. So any user can’t upload unwanted files into the bucket.

Reference

Trend Micro Docs

Sign in — File Storage Security | Trend Micro Cloud One™ Documentation

GitHub Source

cloudone-filestorage-plugins/post-scan-actions/aws-python-promote-or-quarantine at master · trendmicro/cloudone-filestorage-plugins (github.com)

cloudone-filestorage-cloudformation-templates/FSS-All-In-One.template at master · trendmicro/cloudone-filestorage-cloudformation-templates (github.com)