Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Logs for malware scans performed by the Malware Scanning feature of Defender for Storage.
Table attributes
| Attribute | Value |
|---|---|
| Resource types | microsoft.security/defenderforstoragesettings |
| Categories | Azure Resources, Security |
| Solutions | LogManagement |
| Basic log | Yes |
| Ingestion-time DCR support | Yes |
| Lake-only ingestion | Yes |
| Sample Queries | Yes |
Columns
| Column | Type | Description |
|---|---|---|
| AggregatedScanId | string | If this object was scanned as part of an aggregated scan, this is the ID of that scan. |
| _BilledSize | real | The record size in bytes |
| BlobEtag | string | The Etag of the scanned blob (Deprecated, use ScannedObjectEtag instead). |
| BlobUri | string | The URI of the scanned blob (Deprecated, use ScannedObjectUri instead). |
| CorrelationId | string | The ID of a specific scan. |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account |
| OperationName | string | The operation associated with log record. |
| _ResourceId | string | A unique identifier for the resource that the record is associated with |
| ScanFinishedTimeUtc | datetime | Scan finished time in UTC. |
| ScannedObjectEtag | string | The Etag of the scanned object (blob or file). |
| ScannedObjectUri | string | The URI of the scanned object (blob or file). |
| ScanResultDetails | dynamic | Information regarding the scan results. |
| ScanResultType | string | Type of the scan result (Malicious, Error, No Threat Found, Not Scanned). |
| SourceSystem | string | The type of agent the event was collected by. For example, OpsManager for Windows agent, either direct connect or Operations Manager, Linux for all Linux agents, or Azure for Azure Diagnostics |
| StorageAccountLocation | string | The location of the storage account. |
| StorageAccountName | string | The name of the storage account. |
| _SubscriptionId | string | A unique identifier for the subscription that the record is associated with |
| TenantId | string | The Log Analytics workspace ID |
| TimeGenerated | datetime | The timestamp (UTC) when the log was generated. |
| Type | string | The name of the table |