Azure Application Insights

Do not depend on logs in your downstream workflow. Logs are subject to change without prior notice. Use Service Bus Topic instead. If there is any necessary information that only exists in logs, please contact support with a feature request.

Search for scan results in Application Insights

File Storage Security logs its scan results in Azure Application Insights Logs. These logs contain a bit more information than what's available in the fss-* tags. You can search for scan results in Application Insights Logs. Below is an example of how to set up a query.

  1. In Azure portal, go to Resource groups > your scanner stack > Overview and click the Application Insights resource that has a tmai0 prefix.
  2. Go to Monitoring > Logs, and set a Time range.
  3. Replace the contents of the query box with the following lines:

    traces
    | where message has "scanner result"
    | sort by timestamp desc 
    | limit 20
    | project timestamp, message
    

    This query finds all scan results, up to a maximum of 20.

  4. Select Run. A list of messages containing scan results appears.

    If you were expecting results and don't see them, try setting a broader time range.

  5. Expand a message to view the scan results. For help on understanding the scan results, see Scan result format.

Monitor for malicious files using Application Insights

You can monitor your system for malicious files using Azure Application Insights Logs.

Here is an example of a script that searches for logs generated by the Scanner Function when it finds malicious files:

traces
| where message has "scanner result"
| sort by timestamp desc 
| limit 20
| extend scannerResult=parse_json(substring(message, 16))
| extend scanner_status=scannerResult.scanner_status_message
| extend file_url=scannerResult.file_url
| extend malware=scannerResult.scanning_result.Findings[0].malware
| extend infected=isnotempty(malware)
| project timestamp, scanner_status, infected, malware, file_url

After creating the query, you can save it and re-run it periodically to monitor for malicious files.

screen shot