Potential malware uploaded to a storage account vs Potential malware uploaded to a storage blob container

578 views Asked by At

According to this guide, the name for the alert from Azure Defender that is created when a malicious file is uploaded to a blob container is "Potential malware uploaded to a storage account".

However, when I look in Azure Security Center, it says "Potential malware uploaded to a storage blob container":

enter image description here

Which one is the correct one to use in the workflow automation "alert name contains" field?

enter image description here

I noticed in https://learn.microsoft.com/en-us/azure/security-center/alerts-reference they don't have "Potential malware uploaded to a storage blob container" listed

Is it possible that they haven't updated the document?

1

There are 1 answers

0
David Klempfner On

I changed the workflow to trigger on "Potential malware uploaded to a storage blob container" and it's working.

I've informed the author of that article.

I'm assuming they have not updated https://learn.microsoft.com/en-us/azure/security-center/alerts-reference.