According to this guide, the name for the alert from Azure Defender that is created when a malicious file is uploaded to a blob container is "Potential malware uploaded to a storage account".
However, when I look in Azure Security Center, it says "Potential malware uploaded to a storage blob container":
Which one is the correct one to use in the workflow automation "alert name contains" field?
I noticed in https://learn.microsoft.com/en-us/azure/security-center/alerts-reference they don't have "Potential malware uploaded to a storage blob container" listed
Is it possible that they haven't updated the document?
I changed the workflow to trigger on "Potential malware uploaded to a storage blob container" and it's working.
I've informed the author of that article.
I'm assuming they have not updated https://learn.microsoft.com/en-us/azure/security-center/alerts-reference.