Reporting Add-On

This add-on collects metadata about scanned files and generates a report out of it. The report is delivered into your email inbox daily, weekly, or monthly.

The email contains:

  • Statistics about scanned files: Number of files scanned, % of clean files, % of infected files, and % of unscannable files.
  • Top 10 infections/viruses.
  • CSV reports: all files, infected & unscannable files.
  • Operational alarms: If bucketAV needs your attention.

Table of Contents

Setup

Requires bucketAV version >= 1.7.0. To update to the latest version, follow our Update Guide.

Requires bucketAV configuration parameter ReportCleanFiles set to true. See FAQ: What’s my configuration? and FAQ: How can I edit the configuration?.

Install Add-On

  1. Set the Stack name to bucketav-reporting.
  2. Set the BucketAVStackName parameter to the stack name of bucketAV (if you followed our docs, the name is bucketav, or s3-virusscan for older installations).
  3. Set the ReportReceiver1 parameter to your email address.
  4. By default, the ReportingFrequency is set to weekly. Change that if needed.
  5. Select I acknowledge that AWS CloudFormation might create IAM resources.
  6. Click on the Create stack button to save.
  7. You will receive an email (subject: AWS Notification - Subscription Confirmation) with a confirmation link that you have to visit.

Terraform

resource "aws_cloudformation_stack" "bucketav_add_on_reporting" {
  name         = "bucketav-reporting"
  template_url = "https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/reporting/v2.6.0/bucketav-add-on-reporting.yaml"
  capabilities = ["CAPABILITY_IAM"]
  parameters = {
    BucketAVStackName = "bucketav" # if you followed our docs, the name is `bucketav`, or `s3-virusscan` for older installations
    ReportReceiver1= "name@domain.todo" # TODO replace email address
  }
}

Update

Which version am I using?

  1. To update this add-on to version v2.6.0, go to the AWS CloudFormation Management Console .
  2. Double-check the region at the top right.
  3. Search for bucketav-reporting (or s3-virusscan-reporting for older installations), otherwise search for the name you specified.
  4. Select the stack and click on Update.
  5. Select Replace current template and set the Amazon S3 URL to https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/reporting/v2.6.0/bucketav-add-on-reporting.yaml Copy
  6. Click on Next.
  7. Scroll to the bottom of the page and click on Next.
  8. Scroll to the bottom of the page and click on Next.
  9. Scroll to the bottom of the page, enable I acknowledge that AWS CloudFormation might create IAM resources, and click on Update stack.
  10. While the update runs, the stack status is UPDATE_IN_PROGRES. Reload the table from time to time and …
  11. … wait until the CloudFormation stack status switches to UPDATE_COMPLETE.

Architecture

The following AWS services are used:

  • SNS Subscription to connect to the Findings Topic.
  • Kinesis Firehose Delivery Stream to store the messages from SNS on S3.
  • Athena to generate CSV files.
  • S3 Bucket to store the data and reports.
  • StepFunction State Machine to orchestrate report generation.
  • Lambda Function to send out the report email.
  • EventBridge Cron Rule to trigger the report daily/weekly/monthly.
  • SNS Topic & Subscription to send out report emails.
  • CloudWatch Alarms to monitor the used AWS services.

Need more help?

Write us, and we'll get back to you as soon as we can.

Send us an email