From 6afd8e10740141a01966ea1a4d9af6d5c0e77042 Mon Sep 17 00:00:00 2001 From: Carlos Matos Date: Thu, 30 Jan 2025 10:31:57 -0500 Subject: [PATCH 1/4] deprecation warning for s3 bucket protection --- s3-bucket-protection/README.md | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/s3-bucket-protection/README.md b/s3-bucket-protection/README.md index cb6d6f51..f8e28a92 100644 --- a/s3-bucket-protection/README.md +++ b/s3-bucket-protection/README.md @@ -2,6 +2,14 @@ [![Twitter URL](https://img.shields.io/twitter/url?label=Follow%20%40CrowdStrike&style=social&url=https%3A%2F%2Ftwitter.com%2FCrowdStrike)](https://twitter.com/CrowdStrike) +
+

⚠️ IMPORTANT NOTICE ⚠️

+

This repository will be deprecated in the near future in favor of our new Cloud Storage Protection solution using the QuickScan Pro APIs. The new version is available at:

+

+ 🔗 https://github.com/crowdstrike/cloud-storage-protection +

+
+ # CrowdStrike Falcon S3 Bucket Protection + [Overview](#overview) @@ -29,7 +37,7 @@ This solution integrates CrowdStrike Falcon Quick Scan with AWS S3, AWS Security ## Solution components -This solution leverages an S3 bucket trigger to call AWS Lambda for processing. +This solution leverages an S3 bucket trigger to call AWS Lambda for processing. The serverless lambda function leverages the CrowdStrike [FalconPy SDK](https://github.com/CrowdStrike/falconpy) to interact with the CrowdStrike Falcon API to scan the files as the are uploaded to the bucket. @@ -38,7 +46,7 @@ interact with the CrowdStrike Falcon API to scan the files as the are uploaded t + [AWS IAM](#aws-iam) + [AWS Systems Manager](#aws-systems-manager) -### AWS S3 +### AWS S3 Any bucket can be protected by enabling the bucket notification trigger to call the lambda function. - Bucket - Bucket notification `s3:ObjectCreated:*` -> Lambda trigger @@ -191,4 +199,4 @@ The read more about this component, review the documentation located [here](on-d ## Deploying to an existing bucket A helper routine is provided as part of this integration that assists with deploying protection to an existing bucket. This helper leverages Terraform, and can be started by executing the `existing.sh` script. -For more details about deploying protection to a pre-existing bucket, review the documentation located [here](existing). \ No newline at end of file +For more details about deploying protection to a pre-existing bucket, review the documentation located [here](existing). From d62c00b20ea585c171465a9c5fe07f5e75c83efd Mon Sep 17 00:00:00 2001 From: Carlos Matos Date: Thu, 30 Jan 2025 10:51:09 -0500 Subject: [PATCH 2/4] update message --- s3-bucket-protection/README.md | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/s3-bucket-protection/README.md b/s3-bucket-protection/README.md index f8e28a92..0a64ff8b 100644 --- a/s3-bucket-protection/README.md +++ b/s3-bucket-protection/README.md @@ -2,13 +2,12 @@ [![Twitter URL](https://img.shields.io/twitter/url?label=Follow%20%40CrowdStrike&style=social&url=https%3A%2F%2Ftwitter.com%2FCrowdStrike)](https://twitter.com/CrowdStrike) -
-

⚠️ IMPORTANT NOTICE ⚠️

-

This repository will be deprecated in the near future in favor of our new Cloud Storage Protection solution using the QuickScan Pro APIs. The new version is available at:

-

- 🔗 https://github.com/crowdstrike/cloud-storage-protection -

-
+> [!WARNING] +> ## DEPRECATION NOTICE +> +> This repository will be deprecated in the near future in favor of our new Cloud Storage Protection solution using the QuickScan Pro APIs. The new repository is available at: +> +> [https://github.com/crowdstrike/cloud-storage-protection](https://github.com/crowdstrike/cloud-storage-protection) # CrowdStrike Falcon S3 Bucket Protection From 31ddbe2ff9368acf81fa1797e468e2876b90f635 Mon Sep 17 00:00:00 2001 From: Carlos Matos Date: Thu, 30 Jan 2025 10:56:49 -0500 Subject: [PATCH 3/4] minor grammar update --- s3-bucket-protection/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/s3-bucket-protection/README.md b/s3-bucket-protection/README.md index 0a64ff8b..2ed1391d 100644 --- a/s3-bucket-protection/README.md +++ b/s3-bucket-protection/README.md @@ -5,7 +5,7 @@ > [!WARNING] > ## DEPRECATION NOTICE > -> This repository will be deprecated in the near future in favor of our new Cloud Storage Protection solution using the QuickScan Pro APIs. The new repository is available at: +> This guide will be deprecated in the near future in favor of our new Cloud Storage Protection examples using the QuickScan Pro APIs. The new repository is available at: > > [https://github.com/crowdstrike/cloud-storage-protection](https://github.com/crowdstrike/cloud-storage-protection) From b5130cac98a88bcd310798080193fe0d4a3770dd Mon Sep 17 00:00:00 2001 From: Carlos Matos Date: Thu, 30 Jan 2025 11:26:25 -0500 Subject: [PATCH 4/4] update main readme to reflect changes --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index df6d7e04..3cecf0c7 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,8 @@ | [AWS Network Firewall with CrowdStrike Threat Intelligence](Network-Firewall) | Build capabilities such as automated blocking of malicious domains (via AWS Network Firewall) based on CrowdStrike detection alerts, or perform threat hunting derived from CrowdStrike domain-based Indicators of Activity (IOAs). | | [AWS PrivateLink with CrowdStrike Sensor Proxy](aws-privatelink) | Leverage AWS PrivateLink to provide private connectivity between your CrowdStrike-protected workloads and the CrowdStrike cloud. | | [AWS Security Hub with CrowdStrike Event Streams API](Falcon-Integration-Gateway) | The Falcon Integration Gateway publishes detections identified by CrowdStrike Falcon for instances residing within Amazon Web Services (AWS) to AWS Security Hub. | -| [Amazon S3 Protected Bucket with CrowdStrike Quick Scan API](s3-bucket-protection) | S3 Bucket Protection secures your Amazon S3 buckets by scanning files as they are uploaded using the CrowdStrike Quick Scan API. | +| [Amazon S3 Protected Bucket with CrowdStrike QuickScan Pro API](https://github.com/crowdstrike/cloud-storage-protection) | S3 Bucket Protection secures your Amazon S3 buckets by scanning files as they are uploaded using the CrowdStrike QuickScan Pro API. | +| [Amazon S3 Protected Bucket with CrowdStrike QuickScan ML API](s3-bucket-protection) (*Deprecated and slated for removal in 6 months*) | S3 Bucket Protection secures your Amazon S3 buckets by scanning files as they are uploaded using the CrowdStrike QuickScan ML API. | | [AWS Verified Access with CrowdStrike Zero Trust Assessment (ZTA)](https://github.com/CrowdStrike/aws-verified-access) | Using CrowdStrike ZTA, we provide customers the ability to assess their endpoint security posture, allowing AWS Verified Access to provide conditional access to private applications that comply to your organization's device posture policies. | | [Amazon Security Lake with CrowdStrike Falcon Data Replicator (FDR)](https://github.com/CrowdStrike/aws-security-lake) | Transforms your CrowdStrike FDR data into OCSF (Open Cybersecurity Schema Framework) and ingests it into your Amazon Security Lake for centralized management of your security-related logs. | | [AWS Workspaces](workspaces) | Deploy the CrowdStrike Falcon sensor to AWS Workspaces. |