Cloud Storage Security Help Docs
Release Notes
  • Introduction
  • Getting Started
    • How to Subscribe
      • Pay-As-You-Go (PAYG)
      • Bring Your Own License/GovCloud (BYOL)
      • AWS Transfer Family
    • How to Deploy
      • Steps to Deploy
      • Advanced Deployment Considerations
      • AWS Transfer Family
    • How to Configure
  • Console Overview
    • Dashboard
    • Malware Scanning
      • AWS
        • Buckets
        • Amazon EBS Volumes
        • Amazon EFS Volumes
        • Amazon FSx Volumes
        • WorkDocs Connections
      • Azure
        • Blob Containers
      • GCP
        • GCP Buckets
    • See What's Infected
      • Findings
      • Malware History
      • Results
    • Schedules
    • Monitoring
      • Error Logs
      • Bucket Settings
      • Deployment
      • Jobs
      • Notifications
      • Storage Assessment
      • Usage
    • Configuration
      • Classification Rule Sets
      • Classification Custom Rules
      • Scan Settings
      • Console Settings
      • AWS Integrations
      • Job Networking
      • API Agent Settings
      • Proactive Notifications
      • License Management
      • Event Agent Settings
    • Access Management
      • Manage Users
      • Manage Accounts
        • Linking an AWS Account
        • Linking an Azure Account
        • Linking a GCP Account
      • Manage Groups
    • Support
      • Getting Started
      • Stay Connected
      • Contact Us
      • Documentation
  • Product Updates
  • How It Works
    • Scanning Overview
      • Event Driven Scanning for New Files
      • Retro Scanning for Pre-Existing Files
      • API Driven Scanning
    • Architecture Overview
    • Deployment Details
    • Sizing Discussion
    • Integrations
      • AWS Security Hub
      • AWS CloudTrail Lake
      • AWS Transfer Family
      • Amazon GuardDuty
      • Amazon Bedrock
    • Demo Videos
    • Scanning APIs
    • SSO Integrations
      • Entra ID SSO Integration
      • Okta SSO Integration
  • Frequently Asked Questions
    • Getting Started
    • Product Functionality
    • Architecture Related
    • Supported File Types
  • Troubleshooting
    • CloudFormation Stack failures
    • Cross-Region Scanning on with private network
    • API Scanning: Could not connect to SSL/TLS (v7)
    • Password not received after deployment
    • Conflicted buckets
    • Modifying scaling info post-deployment
    • Objects show unscannable with access denied
    • Remote account objects not scanning
    • My scanning agents keep starting up and immediately shutting down
    • I cannot access the management console
    • Linked Account Out of Date
    • Rebooting the Management Console
    • Error when upgrading to the latest major version
    • I Cannot Create/Delete an API Agent
  • Release Notes
    • Latest (v8)
    • v7
    • v6 and older
  • Contact Us & Support
  • Data Processing Agreement
  • Privacy Policy
Powered by GitBook
On this page
  • Architecture
  • Console EFS Protection Page
  • Creating an EFS volume scan or classification schedule
  • Volume Schedule Statuses
  1. Console Overview
  2. Malware Scanning
  3. AWS

Amazon EFS Volumes

PreviousAmazon EBS VolumesNextAmazon FSx Volumes

Last updated 1 month ago

Architecture

  1. The Console initiates an EFS scan job, whether triggered by an on-demand scan or a set schedule

  2. The scanning agent initiates a crawl job to identify files in the target EFS volume

  3. Crawl job places objects to be scanned in an SQS Queue

  4. The scanning agent initiates a scan job, reading files from the Queue and scanning them for viruses

  5. Results are sent to CloudWatch

  6. Job status and other scan details are sent to DynamoDB

  7. The Console service ingests details from CloudWatch and DynamoDB, and when the scan is done, scanning architecture is torn down

Console EFS Protection Page

The EFS Protection page will show you any EFS volumes that are associated with the account that you have deployed our solution in, as well as volumes from any accounts linked to your console. Here you'll be able to create Antivirus scanning and Data classification schedules for EFS Volumes.

Currently you can only scan EFS volumes in the account that you deployed our solution in. If you have EFS volumes in other accounts you'll need to deploy a separate deployment in those accounts to scan those volumes.

You can choose to show or hide the EFS volumes from your linked accounts by clicking the 'Show/Hide Linked Accounts' button at the top of the page.

Creating an EFS volume scan or classification schedule

  1. Select the EFS volumes you want to protect through a schedule

  2. Click actions and select either Create AV Schedule or Create DC Schedule

  3. You can select any additional EFS volumes and add EBS volumes or S3 buckets to the schedule through the schedule popup

  4. Once you have all of the resources you want to add to a schedule selected, click on the Create Schedule tab

  5. Name your schedule, add the scan period and make any additional changes you need

  6. Click Save once you're done

After your schedule is created you'll want to go to the Schedules page and activate the schedule.

When activating the schedule you will be asked to select the VPC and Subnets where the EFS Volume being scanned resides. This step is critical, as we must place an agent within the same VPC as the Volume to run a scan of the Volume. If the selected VPC for the agent differs from the EFS Volume VPC, the two VPCs must be peered for our scan to execute.

Also note that the chosen VPC and Subnets must allow outbound internet traffic, and mount targets for the EFS Volume(s) must exist in the selected subnets' availability zones.

Now your schedule will run per the scan period that you originally configured. If you need to add or remove volumes, or make any other configuration changes you can always edit the schedule on the Schedules page.

Volume Schedule Statuses

The schedule icons shown below will reflect whether a bucket is associated with a schedule and whether that schedule is active or not.

You can create a schedule within the , or you can create a schedule for EFS volumes directly from the EFS Volumes page.

Protected by Active Schedule -

Part of an Inactive Schedule -

Not a Part of any Schedule -

Schedules page
EFS Protection
Create an EFS Schedule
Activate your EFS Schedule
Green clock
Red clock
Red clock