Cloud Storage Security (CSS) is always working to improve our users’ experience and we’re excited to share the following noteworthy improvements to Antivirus for Amazon S3 (AVS3) and Data Classification for Amazon S3 (DCS3): AWS CloudTrail Lake integration, license mode switching, EC2 tagging, enhanced compressed file scanning, additional API scan file handling, and IdP support for GovCloud.
AWS CloudTrail Lake
In January of 2023, CSS launched its integration with AWS CloudTrail, a fully managed service that records events from AWS services and integrated AWS partner services across all regions. AWS CloudTrail Lake is a collection of account activity, API calls, and GUI calls across an entire AWS environment, eliminating the need for separate data processing pipelines that require setup and maintenance.
Through this integration, any changes a user makes to the following within the CSS console will be logged and sent to CloudTrail Lake:
-
CSS Console Settings
-
Agent Settings
-
API Deployment
-
Bucket Protection (eg., turned on or off, public access enabled, bucket encrypted)
-
Scan settings (eg., when a scan was run, initiated, canceled or finished)
-
Permissions/user activity (eg., who logged in, who initiated a scan, who modified a file)
-
Files (eg., when a file is modified)
By bringing CSS logs into CloudTrail Lake, you can run SQL queries that search the logs from the CSS console along with the AWS services you utilize in order to quickly identify and troubleshoot problems that may have affected multiple parts of your AWS environment. Even better, since CloudTrail Lake collects all logs for you into one location, you can run audits and meet compliance requirements with ease.
In order to enable the CSS-CloudTrail integration, you must first subscribe, deploy and configure the CSS console, which can be completed in under 20 minutes. Afterward, go to Configuration in the main menu, select Console Settings, and in the CloudTrail Lake Integration section, enable the integration and follow the prompts to connect CSS and CloudTrail Lake. By enabling CloudTrail integration in the CSS console, all of the required setup is completed for you, including the creation of the event data store. Alternatively, you can discover and enable the CSS integration from within the CloudTrail console.
To learn more about the CSS-CloudTrail integration, read our full article.
License Mode Switcher
If you are currently subscribed to either our Pay-As-You-Go (PAYG) or Bring-Your-Own-License (BYOL) listing in AWS Marketplace for AVS3 or DCS3, you now have the ability to switch between billing models without redeploying the solution and losing console history.
In order to successfully switch licenses, you must change your subscription to the license model you wish to switch to in AWS Marketplace so that the entitlement check passes appropriately.
EC2 Tagging for XL File Scanning
EC2 instances that are created to run XL file scanning can now be custom tagged. At this time, tags can be manually defined by running a Stack update and filling in the EC2 Tags field.
Compressed File Scanning Enhancements
The CSS console can now handle Sophos error code 0070 disk full. For .zip and .7z files when 0070 is found, the scanner will either mark the file as unscannable - too large or send the file off for Large File Scanning (if enabled).
Additional file handling for API scan method
Our API scan model scans files inside or outside of AWS before they are written. When scanning using the API scan model, scan-result can be set to clean, but still be considered suspicious for reasons other than the AV signature.
Identity Provider support for Cognito in AWS GovCloud
CSS’ AWS GovCloud console now supports authentication with identity providers (IdPs) through Amazon Cognito.
For additional information, reference our help docs. Both Antivirus for Amazon S3 and Data Classification for Amazon S3 are available in a free trial format in AWS Marketplace.