- Enable Storage Analytics Logging
- Location: Azure Portal > Storage Account > Diagnostic settings.
- What it captures: Logs for requests made to the storage account (including source IPs, user agents, and request types).
- Analyze logs:
- Identify unique IPs, request patterns, or client applications based on the logs.
- Export logs to Log Analytics, Event Hub, or Storage Account for easier querying.
AzureDiagnostics | where ResourceType == "STORAGEACCOUNTS" | where Category == "StorageWrite" or Category == "StorageRead" | project TimeGenerated, CallerIpAddress, UserAgent_s, RequestUri_s
- Check Azure Monitor Metrics
- Go to Insights > Storage Accounts in Azure Monitor.
- Monitor incoming connections by protocol version (check for TLS metrics if enabled) and look for unusual access patterns.
- Network Logs from NSGs or Firewalls
- If you’re using Network Security Groups (NSGs) or Azure Firewall, export flow logs to identify connections to your storage accounts.
- Analyze logs for source IPs and ports connecting to storage account endpoints.
- Check Application Insights or Log Traces
- If applications using the storage accounts are monitored through Application Insights, look for dependencies related to storage access in the telemetry.
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
hth
Marcin