This detection rule is designed to identify potential enumeration of Azure storage resources by monitoring specific operations related to listing blobs, shares, files, and containers within Azure Storage. The rule utilizes Splunk's query language to extract relevant logs from Azure activity logs. It looks for operations such as ListBlobs, ListShares, ListFiles, and ListContainers, indicating attempts to discover storage resources. The extracted data includes key attributes such as storage names, types, source IP addresses, and user identities, enabling security analysts to spot suspicious activity indicative of reconnaissance efforts. Furthermore, it employs statistics to track the distinct count of source IPs accessing Azure storage resources and summarizes these events over 60 seconds to facilitate timely detection of any unauthorized or malicious enumeration activities.