This detection rule identifies modifications to access levels of Azure Blob Storage containers by analyzing relevant activity logs. The rule is primarily focused on changes that indicate potential account manipulation or data collection activities within cloud storage environments. Through the utilization of the Splunk query, the detection rule captures a variety of parameters, including timestamp, user identity, access key details, and the specific actions taken on the Blob services. It collects data related to Azure activity logs which are crucial as they provide insights into potentially unauthorized modifications made to container access levels. The detection specifically filters events related to writing actions in Azure Blob Containers, which are pivotal for maintaining the security of cloud storage and preventing unauthorized access to sensitive data.