Notifications & Alerting

Notifications and alerting help ensure operators are informed in seconds of potential security threats, allowing them to take appropriate action to mitigate the risks. With bucketAV, users can receive notifications and alerts via email, SMS, Slack, and Microsoft Teams whenever a malicious file is detected in their S3 bucket. These notifications and alerts contain details about the infected file, including its location and type of malware. By using notifications and alerting, organizations can quickly respond to security threats and minimize the impact of malware on their data and systems.

Email

Follow these steps to receive an email for every infected or unscannable file:

  1. Visit the Amazon SNS Console.
  2. Ensure that you are in the correct region.
  3. Navigate to Topics.
  4. Search for FindingsTopic and click on the found topic.
  5. Click on the Create subscription button.
  6. Set Protocol to Email.
  7. Set Endpoint to your email address.
  8. Set Subscription filter policy to {"status": ["infected", "no"]}
  9. Click on the Create subscription button to save. SNS email subscription
  10. You will receive an email (subject: AWS Notification - Subscription Confirmation) with a confirmation link shortly. Please open the confirmation link.

If the volume of emails is too high, please consider using reports or the AWS Security Hub integration instead.

The following provides an example email for an infected file:

s3://bucketav-files/virus1.txt is infected by Eicar-Signature, tag action executed

Slack & Microsoft Teams

bucketAV integrates with marbot to forward scan results to Slack and Microsoft Teams.

Slack alert

Learn how to install marbot

Need more help?

Write us, and we'll get back to you as soon as we can.

Send us an email