Defender on Azure Storage

Dhruthi R 141 Reputation points
2022-11-29T04:30:16.923+00:00

How defender pricing is calculated for storage in when SFTP is enabled in east us region. Does hash reputation is supported for different protocols

Thanks,

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,622 questions
0 comments No comments
{count} votes

Accepted answer
  1. Sumarigo-MSFT 45,406 Reputation points Microsoft Employee
    2022-11-29T08:18:37.773+00:00

    @Dhruthi R Welcome to Microsoft Q&A Forum, Thank you for posting your query here!

    How do I estimate charges at the account level?
    To optimize costs, you might want to exclude specific Storage accounts associated with high traffic from Defender for Storage protections. To get an estimate of Defender for Storage costs, use the Price Estimation Workbook in the Azure portal.

    To optimize costs, you might want to exclude specific Storage accounts associated with high traffic from Defender for Storage protections. To get an estimate of Defender for Storage costs, use the Price Estimation Workbook in the Azure portal.

    SFTP currently does not calculate MD5 hash, similar to Put Block & Put Block List, and will have the same limitations mentioned. Hash reputation analysis isn't supported for all files protocols and operation types - Some, but not all, of the telemetry logs contain the hash value of the related blob or file. In some cases, the telemetry doesn't contain a hash value. As a result, some operations can't be monitored for known malware uploads. Examples of such unsupported use cases include SMB file-shares and when a blob is created using Put Block and Put Block List.

    Regarding SFTP:

    1. Malware hash is not calculated for files uploaded using SFTP and therefore not covered, similarly to other malware hash.
    2. Except for the malware hash analysis, all other threat detections are working with SFTP – the data plane logs are analyzed, baked into the behavioral models, and are also compared with Microsoft Threat Intelligence.
    3. SFTP is supported in the new near real time antimalware scanning solution that is planned

    Please let us know if you have any further queries. I’m happy to assist you further.

    ----------

    Please do not forget to 265089-accept-answer.pngand “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful