Views:

Start scanning Amazon Web Services (AWS) buckets with File Security Storage

When you add a region to File Security Storage, the scanner is automatically deployed in the region. However, you need to turn on scanning in each bucket to allow the scanner access to the files being uploaded to that bucket. When EventBridge is turned on, File Security can scan that bucket. File Security cannot scan a bucket when the Status is EventBridge off or the Scanner is not deployed.
The first time you time deploy a File Security Storage stack, it, by default, monitors all the S3 buckets in which EventBridge is on. When you add or remove the monitoring buckets, File Security Storage stores the list of monitoring buckets in the config. File Security Storage scans buckets based on the config. (This behavior is for backward compatible. When you upgrade the old File Security Storage template (in which monitoring bucket is simply based on EventBridge on) to the enhanced version (in which monitoring buckets is based on customer’s choice in the console), you are protected without having to re-configure the monitoring bucket.
  • Before stack version 1.2.0, you need to turn on or turn off EventBridge to control whether the scanning is enable or not.
  • In stack versions 1.2.0 or greater, File Security Storage creates an S3 configuration bucket in your environment. it uses the information in this configuration bucket to determine whether to scan a specific bucket. Every time you turn on scanning, File Security Storage enables EventBridge. However, if you turn off scanning, File Security Storage does not disable EventBridge, but rather saves the current scanning status in the configuration bucket.
  • If you already have installed an enhanced version and update the template for new features, the config of the monitoring bucket remains, so you will still be protected by the previous monitoring settings. If, however, you remove the existing stack and then re-install a new stack instead of updating the stack, File Security Storage considers this a new installation, and you lose the previous settings.

Procedure

  1. On the File Security Inventory tab, select the cloud account.
  2. Select the region.
  3. Select the buckets in which you want to enable EventBridge
  4. From the Change Status list, select Modify scanning.
  5. Verify the selected buckets.
  6. Enable Scanning.
    The Status changes to Scanning on and the indicator circle turns green.