Guides

Realtime notifications via e-mail

Notifications help ensure operators are informed of potential security threats in seconds, allowing them to take appropriate action to mitigate the risks. Receive alerts about infected or unscannable objects via email by creating an SNS subscription.

Consider daily/weekly/monthly reports or the AWS Security Hub integration as an alternative to realtime notifications.

Follow these steps to receive an email for every infected or unscannable file:

  1. Open SNS in the AWS Management Console.
  2. Ensure that you are in the correct region.
  3. Navigate to Topics.
  4. Search for the FindingsTopic and click on it.
  5. Click on the Create Subscription button. Creating a SNS subscription part 1
  6. Keep the prefilled Topic ARN.
  7. Set Protocol to Email.
  8. Enter the recipient’s email address for notifications in the Endpoint field. Creating a SNS subscription part 2
  9. Enable the Subscription filter policy.
  10. Select Message attributes as the filter policy scope.
  11. Use the following policy to only get notified about infected and unscannable objects.
{"status": ["infected", "no"]}

Creating a SNS subscription part 3

  1. Press the Create subscription button.
  2. The subscription is in status Pending confirmation. Creating a SNS subscription part 4
  3. The recipient receives a message (subject: AWS Notification - Subscription Confirmation) with a confirmation link shortly. Ensure to open the confirmation link.
  4. The subscription should now be in status Confirmed. Creating a SNS subscription part 5

The following provides an example email for an infected file:

s3://bucketav-files/virus1.txt is infected by Eicar-Signature, tag action executed

Need more help?

Write us, and we'll get back to you as soon as we can.

Send us an email