Merge pull request #2288 from sbreingold-ms/wi-541835-mdc-ep-64

Stacyrch140 · web-flow · commit db7417d4bd24 · 2026-01-07T10:28:28.000-05:00
wi-541835-mdc-ep-64
diff --git a/articles/defender-for-cloud/TOC.yml b/articles/defender-for-cloud/TOC.yml
@@ -1490,6 +1490,9 @@
         - name: Integrate CLI with CI/CD pipelines
           DisplayName: Defender for Cloud CLI, CI/CD pipelines
           href: episode-fifty-nine.md
+        - name: Storage aggregated logs
+          DisplayName: Storage aggregated logs, Advanced Hunting, CloudStorageAggregatedEvents
+          href: episode-sixty-four.md
     - name: Microsoft Defender for IoT documentation
       href: /azure/defender-for-iot/
     - name: Azure security documentation
diff --git a/articles/defender-for-cloud/episode-sixty-four.md b/articles/defender-for-cloud/episode-sixty-four.md
@@ -0,0 +1,35 @@
+---
+title: Storage aggregated logs
+description: Learn about storage aggregated logs and how to investigate storage activity in XDR Advanced Hunting.
+ms.topic: reference
+ms.date: 09/26/2025
+---
+
+# Storage aggregated logs
+
+**Episode description**: In this episode of Defender for Cloud in the Field, Lior Tsalovich joins Yuri Diogenes to talk about storage aggregated logs in XDR's Advanced Hunting. Lior explains the new CloudStorageAggregatedEvents table available in Microsoft Defender XDR's Advanced Hunting experience. She explains how aggregated storage activity logs can help SOC Teams during an investigation. Lior also demonstrates how to use Defender XDR advanced hunting to query data using CloudStorageAggregatedEvents table.
+
+> [!VIDEO https://aka.ms/docs/player?id=4720b59c-2c9e-4908-982c-9dab1fe0bca4]
+
+- [01:20](/shows/mdc-in-the-field/storage-aggregated-logs#time=01m20s) - Current challenges faced by SOC Teams and how this feature helps
+- [02:50](/shows/mdc-in-the-field/storage-aggregated-logs#time=02m50s) - Storage investigation gaps addressed by this solution
+- [05:09](/shows/mdc-in-the-field/storage-aggregated-logs#time=05m09s) - Data aggregation and enhancement
+- [06:16](/shows/mdc-in-the-field/storage-aggregated-logs#time=06m16s) - Other scenarios covered by this feature
+- [08:42](/shows/mdc-in-the-field/storage-aggregated-logs#time=08m42s) - Demonstration
+
+## Recommended resources
+
+- Learn more about [managing security policies](tutorial-security-policy.md).
+- Subscribe to [Microsoft Security on YouTube](https://www.youtube.com/playlist?list=PL3ZTgFEc7LysiX4PfHhdJPR7S8mGO14YS).
+- Join our [Tech Community](https://aka.ms/SecurityTechCommunity).
+- For more about [Microsoft Security](https://msft.it/6002T9HQY).
+
+- Follow us on social media:
+
+  - [LinkedIn](https://www.linkedin.com/showcase/microsoft-security/posts/)
+  - [X](https://x.com/msftsecurity)
+
+## Next steps
+
+> [!div class="nextstepaction"]
+> [New AWS connector in Microsoft Defender for Cloud](episode-one.md)
