This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 91%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENB%3C/text%3E%3C/svg%3E)
When we are enabling Defender for Storage plan or other plan -where its store the logs.
we can check the alerts, but to get the alert, defender must be checking some logs, so that logs where it store ? and how to check it ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
@Naresh Badgujar Thank you for your feedback, let me check on your ask with my team and revert back.
Hi,
as per Understand malware scanning results:
On that same document you can find information how to view the results on blob index tags. You can check Set up logging for malware scanning if you wish the results to be send to Log Analytics workspace or event grid. On Security alerts and incidents you can find more about Defender for Cloud security alerts.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Hi,
Thanks for the reply, but my question is suppose i am enabling just a defender for database or storage plan, Defender must be monitoring some traffic so where exactly that traffic logs getting stored.
Defender for Storage is not monitoring traffic. It scans your files on the storage accounts. The mentioned logs are the only logs available.
If you are looking for broader, raw data for archival or hunting I don't think that is an option. MDC stores much of what you see in the portal in the resource graph. You can export this for reporting and archival but it likely is not as detailed as you might expect. The primary output is alerts that can be correlated with other sources like ActivityLog and XDR logs. https://zcusa.951200.xyz/en-us/azure/defender-for-cloud/benefits-of-continuous-export
@Naresh Badgujar Just checking in to see if above information was helpful. If you have any further updates on this issue, please feel free to post back.