Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Logs for malware scans performed by the Malware Scanning feature of Defender in Storage.
Table attributes
| Attribute | Value |
|---|---|
| Resource types | microsoft.security/defenderforstoragesettings |
| Categories | Azure Resources, Security |
| Solutions | LogManagement |
| Basic log | No |
| Ingestion-time transformation | No |
| Sample Queries | Yes |
Columns
| Column | Type | Description |
|---|---|---|
| _BilledSize | real | The record size in bytes |
| BlobEtag | string | The Etag of the scanned blob. |
| BlobUri | string | The URI of the scanned blob. |
| CorrelationId | string | The ID of a specific scan. |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account |
| OperationName | string | The operation associated with log record. |
| _ResourceId | string | A unique identifier for the resource that the record is associated with |
| ScanFinishedTimeUtc | datetime | Scan finished time in UTC. |
| ScanResultDetails | dynamic | Information regarding the scan results. |
| ScanResultType | string | Type of the scan result (Malicious, Error, No Threat Found, Not Scanned). |
| SourceSystem | string | The type of agent the event was collected by. For example, OpsManager for Windows agent, either direct connect or Operations Manager, Linux for all Linux agents, or Azure for Azure Diagnostics |
| StorageAccountLocation | string | The location of the storage account. |
| StorageAccountName | string | The name of the storage account. |
| _SubscriptionId | string | A unique identifier for the subscription that the record is associated with |
| TenantId | string | The Log Analytics workspace ID |
| TimeGenerated | datetime | The timestamp (UTC) when the log was generated. |
| Type | string | The name of the table |