Monitor Microsoft Defender for Storage

Question

Is there an API to monitor Azure Defender for storage account and also how get the scan results of the uploaded by end users to the application

Answer 1

@Dhruthi R Welcome to Microsoft Q&A Forum, Thank you for posting your query here!

There’s no existing API that can send ‘scan’ results.

Defender for Storage scans the hash value of the blob/file from the transaction log (in the supported operation types), and not the file itself. Then, compares it to a threat intelligence database, and sends an alert if it’s suspected to be malicious.There’s an existing option to set an auto-delete mechanism , but there’s no API to ask for scan results.

We are working on a built-in real-time antimalware solution that is currently in private preview. It will support different methods of receiving scanning results and will have other capabilities as well.

Once your customers have enabled Defender for Storage on selected storage account, he will be able to consume and export Defender for Storage’s alerts from Defender for Cloud alerts Dashboard. In addition, Defender for Cloud Continuous Export feature can allow your customer to centralize the location (Event Hub or Log Analytics Workspace) to where the alerts and recommendations will be streamed. By default, the configuration for this feature is done on the subscription level.

Azure Policy to export Defender for Storage in case he has storage accounts with Defender in multiple subscriptions.

Please let us know if you have any further queries. I’m happy to assist you further.

----------

Please do not forget to and wherever the information provided helps you, this can be beneficial to other community members.