diff --git a/README.md b/README.md index df6d7e0..3cecf0c 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,8 @@ | [AWS Network Firewall with CrowdStrike Threat Intelligence](Network-Firewall) | Build capabilities such as automated blocking of malicious domains (via AWS Network Firewall) based on CrowdStrike detection alerts, or perform threat hunting derived from CrowdStrike domain-based Indicators of Activity (IOAs). | | [AWS PrivateLink with CrowdStrike Sensor Proxy](aws-privatelink) | Leverage AWS PrivateLink to provide private connectivity between your CrowdStrike-protected workloads and the CrowdStrike cloud. | | [AWS Security Hub with CrowdStrike Event Streams API](Falcon-Integration-Gateway) | The Falcon Integration Gateway publishes detections identified by CrowdStrike Falcon for instances residing within Amazon Web Services (AWS) to AWS Security Hub. | -| [Amazon S3 Protected Bucket with CrowdStrike Quick Scan API](s3-bucket-protection) | S3 Bucket Protection secures your Amazon S3 buckets by scanning files as they are uploaded using the CrowdStrike Quick Scan API. | +| [Amazon S3 Protected Bucket with CrowdStrike QuickScan Pro API](https://github.com/crowdstrike/cloud-storage-protection) | S3 Bucket Protection secures your Amazon S3 buckets by scanning files as they are uploaded using the CrowdStrike QuickScan Pro API. | +| [Amazon S3 Protected Bucket with CrowdStrike QuickScan ML API](s3-bucket-protection) (*Deprecated and slated for removal in 6 months*) | S3 Bucket Protection secures your Amazon S3 buckets by scanning files as they are uploaded using the CrowdStrike QuickScan ML API. | | [AWS Verified Access with CrowdStrike Zero Trust Assessment (ZTA)](https://github.com/CrowdStrike/aws-verified-access) | Using CrowdStrike ZTA, we provide customers the ability to assess their endpoint security posture, allowing AWS Verified Access to provide conditional access to private applications that comply to your organization's device posture policies. | | [Amazon Security Lake with CrowdStrike Falcon Data Replicator (FDR)](https://github.com/CrowdStrike/aws-security-lake) | Transforms your CrowdStrike FDR data into OCSF (Open Cybersecurity Schema Framework) and ingests it into your Amazon Security Lake for centralized management of your security-related logs. | | [AWS Workspaces](workspaces) | Deploy the CrowdStrike Falcon sensor to AWS Workspaces. | diff --git a/s3-bucket-protection/README.md b/s3-bucket-protection/README.md index cb6d6f5..2ed1391 100644 --- a/s3-bucket-protection/README.md +++ b/s3-bucket-protection/README.md @@ -2,6 +2,13 @@ [![Twitter URL](https://img.shields.io/twitter/url?label=Follow%20%40CrowdStrike&style=social&url=https%3A%2F%2Ftwitter.com%2FCrowdStrike)](https://twitter.com/CrowdStrike) +> [!WARNING] +> ## DEPRECATION NOTICE +> +> This guide will be deprecated in the near future in favor of our new Cloud Storage Protection examples using the QuickScan Pro APIs. The new repository is available at: +> +> [https://github.com/crowdstrike/cloud-storage-protection](https://github.com/crowdstrike/cloud-storage-protection) + # CrowdStrike Falcon S3 Bucket Protection + [Overview](#overview) @@ -29,7 +36,7 @@ This solution integrates CrowdStrike Falcon Quick Scan with AWS S3, AWS Security ## Solution components -This solution leverages an S3 bucket trigger to call AWS Lambda for processing. +This solution leverages an S3 bucket trigger to call AWS Lambda for processing. The serverless lambda function leverages the CrowdStrike [FalconPy SDK](https://github.com/CrowdStrike/falconpy) to interact with the CrowdStrike Falcon API to scan the files as the are uploaded to the bucket. @@ -38,7 +45,7 @@ interact with the CrowdStrike Falcon API to scan the files as the are uploaded t + [AWS IAM](#aws-iam) + [AWS Systems Manager](#aws-systems-manager) -### AWS S3 +### AWS S3 Any bucket can be protected by enabling the bucket notification trigger to call the lambda function. - Bucket - Bucket notification `s3:ObjectCreated:*` -> Lambda trigger @@ -191,4 +198,4 @@ The read more about this component, review the documentation located [here](on-d ## Deploying to an existing bucket A helper routine is provided as part of this integration that assists with deploying protection to an existing bucket. This helper leverages Terraform, and can be started by executing the `existing.sh` script. -For more details about deploying protection to a pre-existing bucket, review the documentation located [here](existing). \ No newline at end of file +For more details about deploying protection to a pre-existing bucket, review the documentation located [here](existing).