Hi!
We’d like to inform you that a new alert has been detected in Azure Defender for Azure Storage Account: A malicious blob has been downloaded from a storage account.
| Alert (alert type) | Description | MITRE tactics | Severity |
|---|---|---|---|
| Malicious blob was downloaded from a storage account (Preview) Storage.Blob_MalwareDownload | The alert indicates that a malicious blob was downloaded from a storage account. Potential causes may include malware that was uploaded to the storage account and not removed or quarantined, thereby enabling a threat actor to download it, or an unintentional download of the malware by legitimate users or applications. Applies to: Azure Blob (Standard general-purpose v2, Azure Data Lake Storage Gen2 or premium block blobs) storage accounts with the new Defender for Storage plan with the Malware Scanning feature enabled. | Lateral Movement | High, if Eicar – low |
You can see a list of all of the alerts for for Azure Storage Account.
Maxime.