Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deprecate storage protection #295

Merged
merged 4 commits into from
Jan 30, 2025
Merged

Deprecate storage protection #295

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
6afd8e1
deprecation warning for s3 bucket protection
carlosmmatos Jan 30, 2025
d62c00b
update message
carlosmmatos Jan 30, 2025
31ddbe2
minor grammar update
carlosmmatos Jan 30, 2025
b5130ca
update main readme to reflect changes
carlosmmatos Jan 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,8 @@
| [AWS Network Firewall with CrowdStrike Threat Intelligence](Network-Firewall) | Build capabilities such as automated blocking of malicious domains (via AWS Network Firewall) based on CrowdStrike detection alerts, or perform threat hunting derived from CrowdStrike domain-based Indicators of Activity (IOAs). |
| [AWS PrivateLink with CrowdStrike Sensor Proxy](aws-privatelink) | Leverage AWS PrivateLink to provide private connectivity between your CrowdStrike-protected workloads and the CrowdStrike cloud. |
| [AWS Security Hub with CrowdStrike Event Streams API](Falcon-Integration-Gateway) | The Falcon Integration Gateway publishes detections identified by CrowdStrike Falcon for instances residing within Amazon Web Services (AWS) to AWS Security Hub. |
| [Amazon S3 Protected Bucket with CrowdStrike Quick Scan API](s3-bucket-protection) | S3 Bucket Protection secures your Amazon S3 buckets by scanning files as they are uploaded using the CrowdStrike Quick Scan API. |
| [Amazon S3 Protected Bucket with CrowdStrike QuickScan Pro API](https://github.com/crowdstrike/cloud-storage-protection) | S3 Bucket Protection secures your Amazon S3 buckets by scanning files as they are uploaded using the CrowdStrike QuickScan Pro API. |
| [Amazon S3 Protected Bucket with CrowdStrike QuickScan ML API](s3-bucket-protection) (*Deprecated and slated for removal in 6 months*) | S3 Bucket Protection secures your Amazon S3 buckets by scanning files as they are uploaded using the CrowdStrike QuickScan ML API. |
| [AWS Verified Access with CrowdStrike Zero Trust Assessment (ZTA)](https://github.com/CrowdStrike/aws-verified-access) | Using CrowdStrike ZTA, we provide customers the ability to assess their endpoint security posture, allowing AWS Verified Access to provide conditional access to private applications that comply to your organization's device posture policies. |
| [Amazon Security Lake with CrowdStrike Falcon Data Replicator (FDR)](https://github.com/CrowdStrike/aws-security-lake) | Transforms your CrowdStrike FDR data into OCSF (Open Cybersecurity Schema Framework) and ingests it into your Amazon Security Lake for centralized management of your security-related logs. |
| [AWS Workspaces](workspaces) | Deploy the CrowdStrike Falcon sensor to AWS Workspaces. |
Expand Down
13 changes: 10 additions & 3 deletions s3-bucket-protection/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,13 @@

[![Twitter URL](https://img.shields.io/twitter/url?label=Follow%20%40CrowdStrike&style=social&url=https%3A%2F%2Ftwitter.com%2FCrowdStrike)](https://twitter.com/CrowdStrike)

> [!WARNING]
> ## DEPRECATION NOTICE
>
> This guide will be deprecated in the near future in favor of our new Cloud Storage Protection examples using the QuickScan Pro APIs. The new repository is available at:
>
> [https://github.com/crowdstrike/cloud-storage-protection](https://github.com/crowdstrike/cloud-storage-protection)

# CrowdStrike Falcon S3 Bucket Protection

+ [Overview](#overview)
Expand Down Expand Up @@ -29,7 +36,7 @@ This solution integrates CrowdStrike Falcon Quick Scan with AWS S3, AWS Security


## Solution components
This solution leverages an S3 bucket trigger to call AWS Lambda for processing.
This solution leverages an S3 bucket trigger to call AWS Lambda for processing.
The serverless lambda function leverages the CrowdStrike [FalconPy SDK](https://github.com/CrowdStrike/falconpy) to
interact with the CrowdStrike Falcon API to scan the files as the are uploaded to the bucket.

Expand All @@ -38,7 +45,7 @@ interact with the CrowdStrike Falcon API to scan the files as the are uploaded t
+ [AWS IAM](#aws-iam)
+ [AWS Systems Manager](#aws-systems-manager)

### AWS S3
### AWS S3
Any bucket can be protected by enabling the bucket notification trigger to call the lambda function.
- Bucket
- Bucket notification `s3:ObjectCreated:*` -> Lambda trigger
Expand Down Expand Up @@ -191,4 +198,4 @@ The read more about this component, review the documentation located [here](on-d
## Deploying to an existing bucket
A helper routine is provided as part of this integration that assists with deploying protection to an existing bucket. This helper leverages Terraform, and can be started by executing the `existing.sh` script.

For more details about deploying protection to a pre-existing bucket, review the documentation located [here](existing).
For more details about deploying protection to a pre-existing bucket, review the documentation located [here](existing).