Alarm if infected files are found Add-On (deprecated)

This add-on is deprecated. Use reports instead!

This add-on creates a CloudWatch Alarm to notify you via email if infected files are found in the past N seconds.

Table of Contents

Setup

Install Add-On (requires a running bucketAV installation)

  1. Set the Stack name to bucketav-alarm.
  2. Set the BucketAVStackName parameter to the stack name of bucketAV (if you followed the docs, the name is bucketav).
  3. Set the Email parameter to your email address.
  4. Click on the Create stack button to save.
  5. You will receive an email (subject: AWS Notification - Subscription Confirmation) with a confirmation link that you have to visit.

Terraform

resource "aws_cloudformation_stack" "bucketav_add_on_alarm" {
  name         = "bucketav-alarm"
  template_url = "https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/alarm/v2.0.0/bucketav-add-on-alarm.yaml"
  capabilities = ["CAPABILITY_IAM"]
  parameters = {
    BucketAVStackName = "bucketav" # if you followed the docs, the name is bucketav
    Email = "name@domain.todo" # TODO replace email address
  }
}

Update

Which version am I using?

  1. To update this add-on to version v2.0.0, go to the AWS CloudFormation Management Console.
  2. Double-check the region at the top right.
  3. Search for bucketav-alarm, otherwise search for the name you specified.
  4. Select the stack and click on Update.
  5. Select Replace current template and set the Amazon S3 URL to https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/alarm/v2.0.0/bucketav-add-on-alarm.yaml Copy
  6. Click on Next.
  7. Scroll to the bottom of the page and click on Next.
  8. Scroll to the bottom of the page and click on Next.
  9. Scroll to the bottom of the page, enable I acknowledge that AWS CloudFormation might create IAM resources, and click on Update stack.
  10. While the update runs, the stack status is UPDATE_IN_PROGRES. Reload the table from time to time and …
  11. … wait until the CloudFormation stack status switches to UPDATE_COMPLETE.

Architecture

The following AWS services are used:

  • CloudWatch Alarms to monitor if infected files are found.
  • SNS Topic & Subscription to send out emails.

Need more help?

Write us, and we'll get back to you as soon as we can.

Send us an email