Queries for the StorageMalwareScanningResults table
For information on using these queries in the Azure portal, see Log Analytics tutorial. For the REST API, see Query.
Malicious blobs per storage account
Blobs with malicious scan results group by storage account name.
StorageMalwareScanningResults
| where ScanResultType == "Malicious"
| summarize BlobUris = make_list(BlobUri), count() by StorageAccountName
Unsuccessful Scans
Unsuccessful scans grouped by verdict and error information with related blob uris list, containing failed scans and encrypted blobs.
StorageMalwareScanningResults
| where ScanResultType in ("Error", "Not Scanned")
| summarize count(), BlobUris = make_list(BlobUri) by ScanResultType, ScanResultDetails