After your security investigation a decision can be made as the email that notified your team also contains a link to approve or reject the deletion of the potential malware blob in the alert. This alerting can help detect intentional activity by an attacker looking to leverage storage for lateral movement or unintentional upload of a malware file from a cloud user or application.Īlerting on the potential malware uploaded is very helpful, but you can take it one step further by leveraging Workflow Automation feature to trigger a series of actions upon receiving this alert, including sending an email and notify your security team when a potential malware is uploaded to your storage account. When a match is found an alert is raised in Microsoft Defender for Cloud. These hashes are compared using Microsoft's Threat Intelligence to do hash reputation analysis looking for viruses, trojans, spyware and ransomware.
In many cases the stream operation logs contain hashes related to the blob. When Microsoft Defender for Cloud is protecting Azure Storage, blob files uploaded to Azure Storage produce telemetry streaming logs. The potential malware upload alerting works as follows. One of those capabilities is alerting to potential malware uploaded as a Blob to an Azure Storage Account. Microsoft Defender for Cloud covers a wide capability on Cloud Workload Platform Protection (CWPP) when it comes protecting Platform as a Service.
0 kommentar(er)
