有关在 Azure 门户中使用这些查询的信息,请参阅 Log Analytics 教程。 有关 REST API,请参阅 查询。
按活动排名靠前的存储帐户
具有最高 GET 和 PUT 操作数的存储帐户。
CloudStorageAggregatedEvents
| summarize TotalGets = sum(TotalBlobGetOperations), TotalPuts = sum(TotalBlobPutOperations) by StorageAccountName
| order by TotalGets desc
| limit 50
来自匿名源的存储访问
以 IP 地址和位置分组方式匿名访问的存储帐户。
CloudStorageAggregatedEvents
| where AnonymousSuccessfulOperations > 0
| summarize TotalAnonymousOps = sum(AnonymousSuccessfulOperations) by StorageAccountName, ClientIPAddress, CountryName
| order by TotalAnonymousOps desc
| limit 100
来自可疑 IP 的存储访问
来自 Tor 退出节点或已知可疑 IP 地址的存储访问事件。
CloudStorageAggregatedEvents
| where IsTorExitNode == true or IsKnownSuspiciousIp == true
| project TimeGenerated, StorageAccountName, ClientIPAddress, CountryName, CityName, IsTorExitNode, IsKnownSuspiciousIp, TotalBlobGetOperations, TotalBlobPutOperations
| limit 100