How To Configure Custom Storage

By default Secplugs uses internal storage to store samples and emails while they are scanned.

But you can configure the platform to use your own storage.

Benefits

Using your own storage means that your samples will only be stored on infrastucture that you own and can control.

For examples it allows you to specifcy the geographic location, retention policy and encryption.

Secplugs will never copy your samples anywhere else, when they are analysed, they will be read into memory on our compute cluster and not retained.

How does it work?

You create your storage area (e.g. an s3 Bucket) and grant Secplugs secure access to it.

You then associate that storage with an Analysis configuration via the portal.

Plugin Keys that use that Analysis configuration will then use the your storage.

You can configure multiple storage locations e.g. for different geographic locations.

WARNING: If you use the test samples from the samples page to test the installation they will land up in your storage location, some of them are live malware so extreme caution is advised.

How do I grant access to an AWS S3 Storage Location?

Once you have created your bucket apply the following IAM policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::241572301525:role/livedotsecplugsdotcom-remote-access-role"
            },
            "Action": [
                "s3:GetObject",
                "s3:PutObject"
            ],
            "Resource": "arn:aws:s3:::sp-test-bucket-eu-west-1/*"
        }
    ]
}

It should look something like the below in the AWS console

With that in place, create an Analysis Configuration to use it, assign it to one or more Plugin Keys and use the Secplugs Plugins and APIs as normal.

You can see which storage is used by looking at the analysis results page.