Alarm if infected files are found Add-On (deprecated)
This add-on is deprecated. Use reports instead!
This add-on creates a CloudWatch Alarm to notify you via email if infected files are found in the past N seconds.
Table of Contents
Setup
- Set the Stack name to
bucketav-alarm. - Set the BucketAVStackName parameter to the stack name of bucketAV (if you followed the docs, the name is
bucketav). - Set the Email parameter to your email address.
- Click on the Create stack button to save.
- You will receive an email (subject: AWS Notification - Subscription Confirmation) with a confirmation link that you have to visit.
Terraform
resource "aws_cloudformation_stack" "bucketav_add_on_alarm" {
name = "bucketav-alarm"
template_url = "https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/alarm/v2.0.0/bucketav-add-on-alarm.yaml"
capabilities = ["CAPABILITY_IAM"]
parameters = {
BucketAVStackName = "bucketav" # if you followed the docs, the name is `bucketav`
Email = "name@domain.todo" # TODO replace email address
}
}
Update
- To update this add-on to version v2.0.0, go to the AWS CloudFormation Management Console.
- Double-check the region at the top right.
- Search for
bucketav-alarm, otherwise search for the name you specified. - Select the stack and click on Update.
- Select Replace current template and set the Amazon S3 URL to
https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/alarm/v2.0.0/bucketav-add-on-alarm.yamlCopy - Click on Next.
- Scroll to the bottom of the page and click on Next.
- Scroll to the bottom of the page and click on Next.
- Scroll to the bottom of the page, enable I acknowledge that AWS CloudFormation might create IAM resources, and click on Update stack.
- While the update runs, the stack status is UPDATE_IN_PROGRES. Reload the table from time to time and …
- … wait until the CloudFormation stack status switches to UPDATE_COMPLETE.
Architecture
The following AWS services are used:
- CloudWatch Alarms to monitor if infected files are found.
- SNS Topic & Subscription to send out emails.