Skip to content

Commit 379763f

Browse files
authored
Merge pull request #204227 from ElazarK/bug-bash-article-2
added titlesuffix and displaynames
2 parents ce012bf + 0e7943c commit 379763f

File tree

2 files changed

+14
-33
lines changed

2 files changed

+14
-33
lines changed

articles/defender-for-cloud/TOC.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -331,7 +331,7 @@
331331
- name: Defender for Storage
332332
items:
333333
- name: Overview
334-
displayName: blob, adls, files, Microsoft Defender for Storage, Defender for Storage
334+
displayName: blob, adls, files, Microsoft Defender for Storage, Defender for Storage, storage, Azure-native security, automated response, alerts, security, hash reputation analysis
335335
href: defender-for-storage-introduction.md
336336
- name: Enable Defender for Storage
337337
href: ../storage/common/azure-defender-storage-configure.md?toc=/azure/defender-for-cloud/toc.json#set-up-microsoft-defender-for-cloud

articles/defender-for-cloud/defender-for-storage-introduction.md

Lines changed: 13 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,19 @@
11
---
2-
title: Microsoft Defender for Storage - the benefits and features
2+
title: Microsoft Defender for Storage - the benefits and features
3+
titleSuffix: Microsoft Defender for Cloud
34
description: Learn about the benefits and features of Microsoft Defender for Storage.
4-
ms.date: 06/29/2022
5+
ms.date: 07/12/2022
56
ms.topic: overview
67
---
78
# Overview of Microsoft Defender for Storage
89

910
**Microsoft Defender for Storage** is an Azure-native layer of security intelligence that detects unusual and potentially harmful attempts to access or exploit your storage accounts. It uses advanced threat detection capabilities and [Microsoft Threat Intelligence](https://go.microsoft.com/fwlink/?linkid=2128684) data to provide contextual security alerts. Those alerts also include steps to mitigate the detected threats and prevent future attacks.
1011

11-
You can enable **Microsoft Defender for Storage** at either the subscription level (recommended) or the resource level.
12+
You can [enable Microsoft Defender for Storage](../storage/common/azure-defender-storage-configure.md#set-up-microsoft-defender-for-cloud) at either the subscription level (recommended) or the resource level.
1213

13-
Defender for Storage continually analyzes the telemetry stream generated by the Azure Blob Storage and Azure Files services. When potentially malicious activities are detected, security alerts are generated. These alerts are displayed in Microsoft Defender for Cloud together with the details of the suspicious activity along with the relevant investigation steps, remediation actions, and security recommendations.
14+
Defender for Storage continually analyzes the telemetry stream generated by the [Azure Blob Storage](https://azure.microsoft.com/services/storage/blobs/) and Azure Files services. When potentially malicious activities are detected, security alerts are generated. These alerts are displayed in Microsoft Defender for Cloud, together with the details of the suspicious activity along with the relevant investigation steps, remediation actions, and security recommendations.
1415

15-
Analyzed telemetry of Azure Blob Storage includes operation types such as **Get Blob**, **Put Blob**, **Get Container ACL**, **List Blobs**, and **Get Blob Properties**. Examples of analyzed Azure Files operation types include **Get File**, **Create File**, **List Files**, **Get File Properties**, and **Put Range**.
16+
Analyzed telemetry of Azure Blob Storage includes operation types such as `Get Blob`, `Put Blob`, `Get Container ACL`, `List Blobs`, and `Get Blob Properties`. Examples of analyzed Azure Files operation types include `Get File`, C`reate File`, `List Files`, `Get File Properties`, and `Put Range`.
1617

1718
Defender for Storage doesn't access the Storage account data and has no impact on its performance.
1819

@@ -28,14 +29,14 @@ You can learn more by watching this video from the Defender for Cloud in the Fie
2829
|Protected storage types:|[Blob Storage](https://azure.microsoft.com/services/storage/blobs/) (Standard/Premium StorageV2, Block Blobs) <br>[Azure Files](../storage/files/storage-files-introduction.md) (over REST API and SMB)<br>[Azure Data Lake Storage Gen2](../storage/blobs/data-lake-storage-introduction.md) (Standard/Premium accounts with hierarchical namespaces enabled)|
2930
|Clouds:|:::image type="icon" source="./media/icons/yes-icon.png"::: Commercial clouds<br>:::image type="icon" source="./media/icons/yes-icon.png"::: Azure Government<br>:::image type="icon" source="./media/icons/no-icon.png"::: Azure China 21Vianet<br>:::image type="icon" source="./media/icons/no-icon.png"::: Connected AWS accounts|
3031

31-
32-
3332
## What are the benefits of Microsoft Defender for Storage?
3433

3534
Defender for Storage provides:
3635

3736
- **Azure-native security** - With 1-click enablement, Defender for Storage protects data stored in Azure Blob, Azure Files, and Data Lakes. As an Azure-native service, Defender for Storage provides centralized security across all data assets that are managed by Azure and is integrated with other Azure security services such as Microsoft Sentinel.
37+
3838
- **Rich detection suite** - Powered by Microsoft Threat Intelligence, the detections in Defender for Storage cover the top storage threats such as unauthenticated access, compromised credentials, social engineering attacks, data exfiltration, privilege abuse, and malicious content.
39+
3940
- **Response at scale** - Defender for Cloud's automation tools make it easier to prevent and respond to identified threats. Learn more in [Automate responses to Defender for Cloud triggers](workflow-automation.md).
4041

4142
:::image type="content" source="media/defender-for-storage-introduction/defender-for-storage-high-level-overview.png" alt-text="High-level overview of the features of Microsoft Defender for Storage.":::
@@ -62,6 +63,8 @@ Security alerts are triggered for the following scenarios (typically from 1-2 ho
6263
| **Public visibility** | Potential break-in attempts by scanning containers and pulling potentially sensitive data from publicly accessible containers. |
6364
| **Phishing campaigns** | When content that's hosted on Azure Storage is identified as part of a phishing attack that's impacting Microsoft 365 users. |
6465

66+
You can check out [the full list of Microsoft Defender for Storage alerts](alerts-reference.md#alerts-azurestorage).
67+
6568
Alerts include details of the incident that triggered them, and recommendations on how to investigate and remediate threats. Alerts can be exported to Microsoft Sentinel or any other third-party SIEM or any other external tool. Learn more in [Stream alerts to a SIEM, SOAR, or IT Service Management solution](export-to-siem.md).
6669

6770
> [!TIP]
@@ -77,27 +80,11 @@ Alerts include details of the incident that triggered them, and recommendations
7780
> [!TIP]
7881
> When a file is suspected to contain malware, Defender for Cloud displays an alert and can optionally email the storage owner for approval to delete the suspicious file. To set up this automatic removal of files that hash reputation analysis indicates contain malware, deploy a [workflow automation to trigger on alerts that contain "Potential malware uploaded to a storage account”](https://techcommunity.microsoft.com/t5/azure-security-center/how-to-respond-to-potential-malware-uploaded-to-azure-storage/ba-p/1452005).
7982
80-
81-
## Enable Defender for Storage
82-
83-
When you enable this Defender plan on a subscription, all existing Azure Storage accounts will be protected and any storage resources added to that subscription in the future will also be automatically protected.
84-
85-
You can enable Defender for Storage in any of several ways, described in [Set up Microsoft Defender for Cloud](../storage/common/azure-defender-storage-configure.md#set-up-microsoft-defender-for-cloud) in the Azure Storage documentation.
86-
8783
## FAQ - Microsoft Defender for Storage
8884

89-
- [Overview of Microsoft Defender for Storage](#overview-of-microsoft-defender-for-storage)
90-
- [Availability](#availability)
91-
- [What are the benefits of Microsoft Defender for Storage?](#what-are-the-benefits-of-microsoft-defender-for-storage)
92-
- [Security threats in cloud-based storage services](#security-threats-in-cloud-based-storage-services)
93-
- [What kind of alerts does Microsoft Defender for Storage provide?](#what-kind-of-alerts-does-microsoft-defender-for-storage-provide)
94-
- [Limitations of hash reputation analysis](#limitations-of-hash-reputation-analysis)
95-
- [Enable Defender for Storage](#enable-defender-for-storage)
96-
- [FAQ - Microsoft Defender for Storage](#faq---microsoft-defender-for-storage)
97-
- [How do I estimate charges at the account level?](#how-do-i-estimate-charges-at-the-account-level)
98-
- [Can I exclude a specific Azure Storage account from a protected subscription?](#can-i-exclude-a-specific-azure-storage-account-from-a-protected-subscription)
99-
- [How do I configure automatic responses for security alerts?](#how-do-i-configure-automatic-responses-for-security-alerts)
100-
- [Next steps](#next-steps)
85+
- [How do I estimate charges at the account level?](#how-do-i-estimate-charges-at-the-account-level)
86+
- [Can I exclude a specific Azure Storage account from a protected subscription?](#can-i-exclude-a-specific-azure-storage-account-from-a-protected-subscription)
87+
- [How do I configure automatic responses for security alerts?](#how-do-i-configure-automatic-responses-for-security-alerts)
10188

10289
### How do I estimate charges at the account level?
10390

@@ -118,15 +105,9 @@ For example, you can set up automation to open tasks or tickets for specific per
118105
119106
Use automation for automatic response - to define your own or use ready-made automation from the community (such as removing malicious files upon detection). For more solutions, visit the Microsoft community on GitHub. 
120107

121-
122-
123108
## Next steps
124109

125110
In this article, you learned about Microsoft Defender for Storage.
126111

127112
> [!div class="nextstepaction"]
128113
> [Enable Defender for Storage](enable-enhanced-security.md)
129-
130-
- [The full list of Microsoft Defender for Storage alerts](alerts-reference.md#alerts-azurestorage)
131-
- [Stream alerts to a SIEM, SOAR, or IT Service Management solution](export-to-siem.md)
132-
- [Save Storage telemetry for investigation](../azure-monitor/essentials/diagnostic-settings.md)

0 commit comments

Comments
 (0)