Queries for the StorageMalwareScanningResults table

For information on using these queries in the Azure portal, see Log Analytics tutorial. For the REST API, see Query.

Malicious blobs per storage account

Blobs with malicious scan results group by storage account name.

StorageMalwareScanningResults
| where ScanResultType == "Malicious"
| summarize BlobUris = make_list(BlobUri), count() by StorageAccountName

Unsuccessful Scans

Unsuccessful scans grouped by verdict and error information with related blob uris list, containing failed scans and encrypted blobs.

StorageMalwareScanningResults
| where ScanResultType in ("Error", "Not Scanned")
| summarize count(), BlobUris = make_list(BlobUri) by ScanResultType, ScanResultDetails