Cloud Storage Security (CSS) is always working to improve our users’ experience and we’re excited to share the following noteworthy improvements to our antivirus and data classification platform: improved two-bucket system configuration, EBS scanning for linked accounts, EFS volume inventory for linked accounts, and more.
Improved Antivirus Two-Bucket System Configuration
A two bucket system scans files in Amazon Simple Storage Service (Amazon S3) for malicious code within a staging bucket and moves all Clean files to a different bucket and/or prefix; files that are found to be Infected, Error, or Unscannable remain in the staging bucket. Previously a Lambda Function was required to promote the Clean files from the first bucket to the second bucket. Now, the promotion of Clean files from the first bucket is handled directly within the agent.
To enable the functionality, navigate to Configuration in the main menu, then Scan Settings. Next, designate the staging and target buckets:
-
By Region:
-
Choose a region from the Add Region selection
-
Choose a target destination bucket
-
Optionally, choose a desired prefix to place objects in. Note: if the object path is very long, specifying a prefix here could exceed the max key length
-
-
By Bucket:
-
Choose a bucket from the Add Bucket selection
-
Choose a target destination bucket
-
Optionally, choose a desired prefix to place objects in. Note: if the object path is very long, specifying a prefix here could exceed the max key length
-
-
Click Save to persist the modifications
To remove a region or bucket from the AV Two-Bucket System Configuration, click the delete icon next to the source and then click Save.
Antivirus Two-Bucket System Configuration in CSS Console
EBS Scanning for Linked Accounts
Customers can now utilize schedule-based virus scanning and data classification for Amazon Elastic Block Store (Amazon EBS) volumes that reside in linked accounts. By default, all EBS volumes across linked accounts will appear on the Protection > EBS Volumes page as well as in the schedule creation interface, accessible via Schedules in the console’s main menu. In order to leverage this capability, make sure to update the Linked Account CloudFormation stack for each linked account.
EFS Volume Inventory for Linked Accounts
Customers can now view the Amazon Elastic File System (Amazon EFS) volumes that reside within their linked accounts by clicking the "Show Linked Accounts" button within the Protection > EFS Volumes page; click "Hide Linked Accounts" to eliminate them from view.
In order to access this capability make sure to update the Linked Account CloudFormation stack for each linked account. Scanning functionality for EFS volumes within linked accounts will be added in the near future.
Show/Hide EFS Volumes in Linked Accounts in CSS Console
EventBridge Improvements
Proactive notifications from the CSS console (e.g., system notifications such as an alert when an Infected file is found) can now be sent to Amazon EventBridge. These notifications will be delivered to the selected event bus. From there, the notification can be sent elsewhere, such as Amazon CloudWatch.
To enable this enhancement, navigate to Configuration > Console Settings > AWS EventBridge Proactive Notifications, enable the toggle, enter in the EventBridge Bus Name, and click “save”.
Keep in mind that utilizing EventBridge events will increase AWS infrastructure costs and that Rules must be added to the event bus in order to capture and process the events.
Amazon EventBridge Proactive Notifications in CSS Console
EventBridge Improvements
-
Each Job will now display a Unique ID within the Monitoring > Jobs page
- This ID will also be present within the CloudWatch logs, allowing you to easily link logs to specific jobs that have run
These improvements allow customers to easily track logs back to jobs.
For additional information, reference our help docs.
CSS antivirus and data classification solutions are available in a free trial format in AWS Marketplace.