Quarantine Malicious Files
Enhance Security workflow with Quarantine functionality.
1. Find the ‘ScanResultTopic’ SNS topic ARN
- In the AWS console, go to Services > CloudFormation > your all-in-one stack > Outputs.
- Scroll down to locate the ScanResultTopic Logical ID.
- Copy the ScanResultTopic ARN to a temporary location. It will look like this:
arn:aws:sns:us-east-1:123445678901:FileStorageSecurity-All-In-One-Stack-StorageStack-1IDPU1PZ2W5RN-ScanResultTopic-N8DD2JH1GRKF
Deploying Post Scan Action (Functions) - Promote and Quarantine
In this case, let’s use the Serverless Application Repository
- Visit the app’s page on the AWS Lambda Console.
- Fill in the parameters:
- ScanResultTopic
- ScanningBucketName - aspera-transfer-01234567890
- PromoteBucketName - Ignore
- QuarantineBucketName- quarantine-01234567890
- Optionally, you can customize the name of the Cloud Formation stack that will be created
- Check the
I acknowledge that this app creates custom IAM roles.checkbox. - Click
Deploy.
2. After a couple minutes you can click on the tab Deployments and expand the deployment to see if the status shows as complete. Then you can move to the next step to test it.
Awesome, You did it! 🎉