Reporting Add-On
This add-on collects metadata about scanned files and generates a report out of it. The report is delivered into your email inbox daily, weekly, or monthly.
The email contains:
- Statistics about scanned files: Number of files scanned, % of clean files, % of infected files, and % of unscannable files.
- Top 10 infections/viruses.
- CSV reports: all files, infected & unscannable files.
- Operational alarms: If bucketAV needs your attention.
Table of Contents
Setup
Requires bucketAV version >= 1.7.0. To update to the latest version, follow our Update Guide.
Requires bucketAV configuration parameter
ReportCleanFiles
set totrue
. See FAQ: What’s my configuration? and FAQ: How can I edit the configuration?.
- Set the Stack name to
bucketav-reporting
. - Set the BucketAVStackName parameter to the stack name of bucketAV (if you followed our docs, the name is
bucketav
, ors3-virusscan
for older installations). - Set the ReportReceiver1 parameter to your email address.
- By default, the ReportingFrequency is set to
weekly
. Change that if needed. - Select I acknowledge that AWS CloudFormation might create IAM resources.
- Click on the Create stack button to save.
- You will receive an email (subject: AWS Notification - Subscription Confirmation) with a confirmation link that you have to visit.
Terraform
resource "aws_cloudformation_stack" "bucketav_add_on_reporting" {
name = "bucketav-reporting"
template_url = "https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/reporting/v2.6.0/bucketav-add-on-reporting.yaml"
capabilities = ["CAPABILITY_IAM"]
parameters = {
BucketAVStackName = "bucketav" # if you followed our docs, the name is `bucketav`, or `s3-virusscan` for older installations
ReportReceiver1= "name@domain.todo" # TODO replace email address
}
}
Update
- To update this add-on to version v2.6.0, go to the AWS CloudFormation Management Console .
- Double-check the region at the top right.
- Search for
bucketav-reporting
(ors3-virusscan-reporting
for older installations), otherwise search for the name you specified. - Select the stack and click on Update.
- Select Replace current template and set the Amazon S3 URL to
https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/reporting/v2.6.0/bucketav-add-on-reporting.yaml
Copy - Click on Next.
- Scroll to the bottom of the page and click on Next.
- Scroll to the bottom of the page and click on Next.
- Scroll to the bottom of the page, enable I acknowledge that AWS CloudFormation might create IAM resources, and click on Update stack.
- While the update runs, the stack status is UPDATE_IN_PROGRES. Reload the table from time to time and …
- … wait until the CloudFormation stack status switches to UPDATE_COMPLETE.
Architecture
The following AWS services are used:
- SNS Subscription to connect to the Findings Topic.
- Kinesis Firehose Delivery Stream to store the messages from SNS on S3.
- Athena to generate CSV files.
- S3 Bucket to store the data and reports.
- StepFunction State Machine to orchestrate report generation.
- Lambda Function to send out the report email.
- EventBridge Cron Rule to trigger the report daily/weekly/monthly.
- SNS Topic & Subscription to send out report emails.
- CloudWatch Alarms to monitor the used AWS services.