{ "swagger": "2.0", "schemes": [ "https" ], "host": "management.azure.com", "info": { "description": "API spec for Microsoft.Security (Azure Security Center) resource provider", "title": "Security Center", "version": "2017-08-01-preview", "x-apisguru-categories": [ "cloud" ], "x-logo": { "url": "https://api.apis.guru/v2/cache/logo/https_assets.onestore.ms_cdnfiles_onestorerolling-1606-01000_shell_v3_images_logo_microsoft.png" }, "x-origin": [ { "format": "swagger", "url": "https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/specification/security/resource-manager/Microsoft.Security/preview/2017-08-01-preview/deviceSecurityGroups.json", "version": "2.0" } ], "x-preferred": false, "x-providerName": "azure.com", "x-serviceName": "security-deviceSecurityGroups", "x-tags": [ "Azure", "Microsoft" ] }, "consumes": [ "application/json" ], "produces": [ "application/json" ], "securityDefinitions": { "azure_auth": { "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", "description": "Azure Active Directory OAuth2 Flow", "flow": "implicit", "scopes": { "user_impersonation": "impersonate your user account" }, "type": "oauth2" } }, "security": [ { "azure_auth": [ "user_impersonation" ] } ], "parameters": { "DeviceSecurityGroup": { "description": "Security group object.", "in": "body", "name": "deviceSecurityGroup", "required": true, "schema": { "$ref": "#/definitions/DeviceSecurityGroup" }, "x-ms-parameter-location": "method" }, "DeviceSecurityGroupName": { "description": "The name of the security group. Please notice that the name is case insensitive.", "in": "path", "name": "deviceSecurityGroupName", "required": true, "type": "string", "x-ms-parameter-location": "method" } }, "paths": { "/{resourceId}/providers/Microsoft.Security/deviceSecurityGroups": { "get": { "description": "Gets the list of device security groups for the specified IoT hub resource.", "operationId": "DeviceSecurityGroups_List", "parameters": [ { "description": "API version for the operation", "in": "query", "name": "api-version", "required": true, "type": "string" }, { "description": "The identifier of the resource.", "in": "path", "name": "resourceId", "required": true, "type": "string", "x-ms-parameter-location": "method" } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/DeviceSecurityGroupList" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "description": "Error response structure.", "properties": { "error": { "description": "Error details.", "properties": { "code": { "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.", "readOnly": true, "type": "string" }, "message": { "description": "A message describing the error, intended to be suitable for display in a user interface.", "readOnly": true, "type": "string" } }, "type": "object", "x-ms-external": true } }, "type": "object", "x-ms-external": true } } }, "tags": [ "DeviceSecurityGroups" ], "x-ms-examples": { "List all device security groups for the specified IoT hub resource": { "parameters": { "api-version": "2017-08-01-preview", "resourceId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Devices/iotHubs/sampleiothub" }, "responses": { "200": { "body": { "value": [ { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Devices/iotHubs/sampleiothub/providers/Microsoft.Security/deviceSecurityGroups/samplesecuritygroup", "name": "samplesecuritygroup", "properties": { "allowlistRules": [ { "allowlistValues": [], "description": "Get an alert when an outbound connection is created between your device and an ip that isn't allowed", "displayName": "Outbound connection to an ip that isn't allowed", "isEnabled": false, "ruleType": "ConnectionToIpNotAllowed", "valueType": "IpCidr" }, { "allowlistValues": [], "description": "Get an alert when a local user that isn't allowed logins to the device", "displayName": "Login by a local user that isn't allowed", "isEnabled": false, "ruleType": "LocalUserNotAllowed", "valueType": "String" }, { "allowlistValues": [], "description": "Get an alert when a process that isn't allowed is executed", "displayName": "Execution of a process that isn't allowed", "isEnabled": false, "ruleType": "ProcessNotAllowed", "valueType": "String" } ], "denylistRules": [], "thresholdRules": [], "timeWindowRules": [ { "description": "Get an alert when the number of active connections of a device in the time window is not in the allowed range", "displayName": "Number of active connections is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "ActiveConnectionsNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of cloud to device messages (AMQP protocol) in the time window is not in the allowed range", "displayName": "Number of cloud to device messages (AMQP protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "AmqpC2DMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of cloud to device messages (MQTT protocol) in the time window is not in the allowed range", "displayName": "Number of cloud to device messages (MQTT protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "MqttC2DMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of cloud to device messages (HTTP protocol) in the time window is not in the allowed range", "displayName": "Number of cloud to device messages (HTTP protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "HttpC2DMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of cloud to device messages (AMQP protocol) that were rejected by the device in the time window is not in the allowed range", "displayName": "Number of rejected cloud to device messages (AMQP protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "AmqpC2DRejectedMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of cloud to device messages (MQTT protocol) that were rejected by the device in the time window is not in the allowed range", "displayName": "Number of rejected cloud to device messages (MQTT protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "MqttC2DRejectedMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of cloud to device messages (HTTP protocol) that were rejected by the device in the time window is not in the allowed range", "displayName": "Number of rejected cloud to device messages (HTTP protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "HttpC2DRejectedMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of device to cloud messages (AMQP protocol) in the time window is not in the allowed range", "displayName": "Number of device to cloud messages (AMQP protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "AmqpD2CMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of device to cloud messages (MQTT protocol) in the time window is not in the allowed range", "displayName": "Number of device to cloud messages (MQTT protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "MqttD2CMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of device to cloud messages (HTTP protocol) in the time window is not in the allowed range", "displayName": "Number of device to cloud messages (HTTP protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "HttpD2CMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of direct method invokes in the time window is not in the allowed range", "displayName": "Number of direct method invokes is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "DirectMethodInvokesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of failed local logins on the device in the time window is not in the allowed range", "displayName": "Number of failed local logins is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "FailedLocalLoginsNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of file uploads from the device to the cloud in the time window is not in the allowed range", "displayName": "Number of file uploads is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "FileUploadsNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of device queue purges in the time window is not in the allowed range", "displayName": "Number of device queue purges is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "QueuePurgesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of twin updates (by the device or the service) in the time window is not in the allowed range", "displayName": "Number of twin updates is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "TwinUpdatesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number unauthorized operations in the time window is not in the allowed range. Unauthorized operations are operations that affect the device (or done by it) that fail because of an unauthorized error", "displayName": "Number of unauthorized operations is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "UnauthorizedOperationsNotInAllowedRange", "timeWindowSize": "PT15M" } ] }, "type": "Microsoft.Security/deviceSecurityGroups" } ] } } } } }, "x-ms-pageable": { "nextLinkName": "nextLink" } } }, "/{resourceId}/providers/Microsoft.Security/deviceSecurityGroups/{deviceSecurityGroupName}": { "delete": { "description": "Deletes the security group", "operationId": "DeviceSecurityGroups_Delete", "parameters": [ { "description": "API version for the operation", "in": "query", "name": "api-version", "required": true, "type": "string" }, { "description": "The identifier of the resource.", "in": "path", "name": "resourceId", "required": true, "type": "string", "x-ms-parameter-location": "method" }, { "$ref": "#/parameters/DeviceSecurityGroupName" } ], "responses": { "200": { "description": "Device security group has been deleted." }, "204": { "description": "Device security group does not exist." }, "default": { "description": "Error response describing why the operation failed.", "schema": { "description": "Error response structure.", "properties": { "error": { "description": "Error details.", "properties": { "code": { "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.", "readOnly": true, "type": "string" }, "message": { "description": "A message describing the error, intended to be suitable for display in a user interface.", "readOnly": true, "type": "string" } }, "type": "object", "x-ms-external": true } }, "type": "object", "x-ms-external": true } } }, "tags": [ "DeviceSecurityGroups" ], "x-ms-examples": { "Delete a device security group for the specified IoT hub resource": { "parameters": { "api-version": "2017-08-01-preview", "deviceSecurityGroupName": "samplesecuritygroup", "resourceId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Devices/iotHubs/sampleiothub" }, "responses": { "200": {}, "204": {} } } } }, "get": { "description": "Gets the device security group for the specified IoT hub resource.", "operationId": "DeviceSecurityGroups_Get", "parameters": [ { "description": "API version for the operation", "in": "query", "name": "api-version", "required": true, "type": "string" }, { "description": "The identifier of the resource.", "in": "path", "name": "resourceId", "required": true, "type": "string", "x-ms-parameter-location": "method" }, { "$ref": "#/parameters/DeviceSecurityGroupName" } ], "responses": { "200": { "description": "Successful request to get security group.", "schema": { "$ref": "#/definitions/DeviceSecurityGroup" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "description": "Error response structure.", "properties": { "error": { "description": "Error details.", "properties": { "code": { "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.", "readOnly": true, "type": "string" }, "message": { "description": "A message describing the error, intended to be suitable for display in a user interface.", "readOnly": true, "type": "string" } }, "type": "object", "x-ms-external": true } }, "type": "object", "x-ms-external": true } } }, "tags": [ "DeviceSecurityGroups" ], "x-ms-examples": { "Get an device security group for the specified IoT hub resource": { "parameters": { "api-version": "2017-08-01-preview", "deviceSecurityGroupName": "samplesecuritygroup", "resourceId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Devices/iotHubs/sampleiothub" }, "responses": { "200": { "body": { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Devices/iotHubs/sampleiothub/providers/Microsoft.Security/deviceSecurityGroups/samplesecuritygroup", "name": "samplesecuritygroup", "properties": { "allowlistRules": [ { "allowlistValues": [], "description": "Get an alert when an outbound connection is created between your device and an ip that isn't allowed", "displayName": "Outbound connection to an ip that isn't allowed", "isEnabled": false, "ruleType": "ConnectionToIpNotAllowed", "valueType": "IpCidr" }, { "allowlistValues": [], "description": "Get an alert when a local user that isn't allowed logins to the device", "displayName": "Login by a local user that isn't allowed", "isEnabled": false, "ruleType": "LocalUserNotAllowed", "valueType": "String" }, { "allowlistValues": [], "description": "Get an alert when a process that isn't allowed is executed", "displayName": "Execution of a process that isn't allowed", "isEnabled": false, "ruleType": "ProcessNotAllowed", "valueType": "String" } ], "denylistRules": [], "thresholdRules": [], "timeWindowRules": [ { "description": "Get an alert when the number of active connections of a device in the time window is not in the allowed range", "displayName": "Number of active connections is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "ActiveConnectionsNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of cloud to device messages (AMQP protocol) in the time window is not in the allowed range", "displayName": "Number of cloud to device messages (AMQP protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "AmqpC2DMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of cloud to device messages (MQTT protocol) in the time window is not in the allowed range", "displayName": "Number of cloud to device messages (MQTT protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "MqttC2DMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of cloud to device messages (HTTP protocol) in the time window is not in the allowed range", "displayName": "Number of cloud to device messages (HTTP protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "HttpC2DMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of cloud to device messages (AMQP protocol) that were rejected by the device in the time window is not in the allowed range", "displayName": "Number of rejected cloud to device messages (AMQP protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "AmqpC2DRejectedMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of cloud to device messages (MQTT protocol) that were rejected by the device in the time window is not in the allowed range", "displayName": "Number of rejected cloud to device messages (MQTT protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "MqttC2DRejectedMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of cloud to device messages (HTTP protocol) that were rejected by the device in the time window is not in the allowed range", "displayName": "Number of rejected cloud to device messages (HTTP protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "HttpC2DRejectedMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of device to cloud messages (AMQP protocol) in the time window is not in the allowed range", "displayName": "Number of device to cloud messages (AMQP protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "AmqpD2CMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of device to cloud messages (MQTT protocol) in the time window is not in the allowed range", "displayName": "Number of device to cloud messages (MQTT protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "MqttD2CMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of device to cloud messages (HTTP protocol) in the time window is not in the allowed range", "displayName": "Number of device to cloud messages (HTTP protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "HttpD2CMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of direct method invokes in the time window is not in the allowed range", "displayName": "Number of direct method invokes is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "DirectMethodInvokesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of failed local logins on the device in the time window is not in the allowed range", "displayName": "Number of failed local logins is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "FailedLocalLoginsNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of file uploads from the device to the cloud in the time window is not in the allowed range", "displayName": "Number of file uploads is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "FileUploadsNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of device queue purges in the time window is not in the allowed range", "displayName": "Number of device queue purges is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "QueuePurgesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of twin updates (by the device or the service) in the time window is not in the allowed range", "displayName": "Number of twin updates is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "TwinUpdatesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number unauthorized operations in the time window is not in the allowed range. Unauthorized operations are operations that affect the device (or done by it) that fail because of an unauthorized error", "displayName": "Number of unauthorized operations is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "UnauthorizedOperationsNotInAllowedRange", "timeWindowSize": "PT15M" } ] }, "type": "Microsoft.Security/deviceSecurityGroups" } } } } } }, "put": { "description": "Creates or updates the device security group on a specified IoT hub resource.", "operationId": "DeviceSecurityGroups_CreateOrUpdate", "parameters": [ { "description": "API version for the operation", "in": "query", "name": "api-version", "required": true, "type": "string" }, { "description": "The identifier of the resource.", "in": "path", "name": "resourceId", "required": true, "type": "string", "x-ms-parameter-location": "method" }, { "$ref": "#/parameters/DeviceSecurityGroupName" }, { "$ref": "#/parameters/DeviceSecurityGroup" } ], "responses": { "200": { "description": "Security group was updated", "schema": { "$ref": "#/definitions/DeviceSecurityGroup" } }, "201": { "description": "Security group was created", "schema": { "$ref": "#/definitions/DeviceSecurityGroup" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "description": "Error response structure.", "properties": { "error": { "description": "Error details.", "properties": { "code": { "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.", "readOnly": true, "type": "string" }, "message": { "description": "A message describing the error, intended to be suitable for display in a user interface.", "readOnly": true, "type": "string" } }, "type": "object", "x-ms-external": true } }, "type": "object", "x-ms-external": true } } }, "tags": [ "DeviceSecurityGroups" ], "x-ms-examples": { "Create or update a device security group for the specified IoT hub resource": { "parameters": { "api-version": "2017-08-01-preview", "deviceSecurityGroup": { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Devices/iotHubs/sampleiothub/providers/Microsoft.Security/deviceSecurityGroups/samplesecuritygroup", "name": "samplesecuritygroup", "properties": { "timeWindowRules": [ { "description": "Get an alert when the number of active connections of a device in the time window is not in the allowed range", "displayName": "Number of active connections is not in allowed range", "isEnabled": true, "maxThreshold": 30, "minThreshold": 0, "ruleType": "ActiveConnectionsNotInAllowedRange", "timeWindowSize": "PT05M" } ] }, "type": "Microsoft.Security/deviceSecurityGroups" }, "deviceSecurityGroupName": "samplesecuritygroup", "resourceId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Devices/iotHubs/sampleiothub" }, "responses": { "200": { "body": { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Devices/iotHubs/sampleiothub/providers/Microsoft.Security/deviceSecurityGroups/samplesecuritygroup", "name": "samplesecuritygroup", "properties": { "allowlistRules": [ { "allowlistValues": [], "description": "Get an alert when an outbound connection is created between your device and an ip that isn't allowed", "displayName": "Outbound connection to an ip that isn't allowed", "isEnabled": false, "ruleType": "ConnectionToIpNotAllowed" }, { "allowlistValues": [], "description": "Get an alert when a local user that isn't allowed logins to the device", "displayName": "Login by a local user that isn't allowed", "isEnabled": false, "ruleType": "LocalUserNotAllowed" }, { "allowlistValues": [], "description": "Get an alert when a process that isn't allowed is executed", "displayName": "Execution of a process that isn't allowed", "isEnabled": false, "ruleType": "ProcessNotAllowed" } ], "denylistRules": [], "thresholdRules": [], "timeWindowRules": [ { "description": "Get an alert when the number of active connections of a device in the time window is not in the allowed range", "displayName": "Number of active connections is not in allowed range", "isEnabled": true, "maxThreshold": 30, "minThreshold": 0, "ruleType": "ActiveConnectionsNotInAllowedRange", "timeWindowSize": "PT05M" }, { "description": "Get an alert when the number of cloud to device messages (AMQP protocol) in the time window is not in the allowed range", "displayName": "Number of cloud to device messages (AMQP protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "AmqpC2DMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of cloud to device messages (MQTT protocol) in the time window is not in the allowed range", "displayName": "Number of cloud to device messages (MQTT protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "MqttC2DMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of cloud to device messages (HTTP protocol) in the time window is not in the allowed range", "displayName": "Number of cloud to device messages (HTTP protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "HttpC2DMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of cloud to device messages (AMQP protocol) that were rejected by the device in the time window is not in the allowed range", "displayName": "Number of rejected cloud to device messages (AMQP protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "AmqpC2DRejectedMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of cloud to device messages (MQTT protocol) that were rejected by the device in the time window is not in the allowed range", "displayName": "Number of rejected cloud to device messages (MQTT protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "MqttC2DRejectedMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of cloud to device messages (HTTP protocol) that were rejected by the device in the time window is not in the allowed range", "displayName": "Number of rejected cloud to device messages (HTTP protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "HttpC2DRejectedMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of device to cloud messages (AMQP protocol) in the time window is not in the allowed range", "displayName": "Number of device to cloud messages (AMQP protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "AmqpD2CMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of device to cloud messages (MQTT protocol) in the time window is not in the allowed range", "displayName": "Number of device to cloud messages (MQTT protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "MqttD2CMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of device to cloud messages (HTTP protocol) in the time window is not in the allowed range", "displayName": "Number of device to cloud messages (HTTP protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "HttpD2CMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of direct method invokes in the time window is not in the allowed range", "displayName": "Number of direct method invokes is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "DirectMethodInvokesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of failed local logins on the device in the time window is not in the allowed range", "displayName": "Number of failed local logins is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "FailedLocalLoginsNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of file uploads from the device to the cloud in the time window is not in the allowed range", "displayName": "Number of file uploads is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "FileUploadsNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of device queue purges in the time window is not in the allowed range", "displayName": "Number of device queue purges is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "QueuePurgesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of twin updates (by the device or the service) in the time window is not in the allowed range", "displayName": "Number of twin updates is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "TwinUpdatesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number unauthorized operations in the time window is not in the allowed range. Unauthorized operations are operations that affect the device (or done by it) that fail because of an unauthorized error", "displayName": "Number of unauthorized operations is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "UnauthorizedOperationsNotInAllowedRange", "timeWindowSize": "PT15M" } ] }, "type": "Microsoft.Security/deviceSecurityGroups" } }, "201": { "body": { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Devices/iotHubs/sampleiothub/providers/Microsoft.Security/deviceSecurityGroups/samplesecuritygroup", "name": "samplesecuritygroup", "properties": { "allowlistRules": [ { "allowlistValues": [], "description": "Get an alert when an outbound connection is created between your device and an ip that isn't allowed", "displayName": "Outbound connection to an ip that isn't allowed", "isEnabled": false, "ruleType": "ConnectionToIpNotAllowed" }, { "allowlistValues": [], "description": "Get an alert when a local user that isn't allowed logins to the device", "displayName": "Login by a local user that isn't allowed", "isEnabled": false, "ruleType": "LocalUserNotAllowed" }, { "allowlistValues": [], "description": "Get an alert when a process that isn't allowed is executed", "displayName": "Execution of a process that isn't allowed", "isEnabled": false, "ruleType": "ProcessNotAllowed" } ], "denylistRules": [], "thresholdRules": [], "timeWindowRules": [ { "description": "Get an alert when the number of active connections of a device in the time window is not in the allowed range", "displayName": "Number of active connections is not in allowed range", "isEnabled": true, "maxThreshold": 30, "minThreshold": 0, "ruleType": "ActiveConnectionsNotInAllowedRange", "timeWindowSize": "PT05M" }, { "description": "Get an alert when the number of cloud to device messages (AMQP protocol) in the time window is not in the allowed range", "displayName": "Number of cloud to device messages (AMQP protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "AmqpC2DMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of cloud to device messages (MQTT protocol) in the time window is not in the allowed range", "displayName": "Number of cloud to device messages (MQTT protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "MqttC2DMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of cloud to device messages (HTTP protocol) in the time window is not in the allowed range", "displayName": "Number of cloud to device messages (HTTP protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "HttpC2DMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of cloud to device messages (AMQP protocol) that were rejected by the device in the time window is not in the allowed range", "displayName": "Number of rejected cloud to device messages (AMQP protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "AmqpC2DRejectedMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of cloud to device messages (MQTT protocol) that were rejected by the device in the time window is not in the allowed range", "displayName": "Number of rejected cloud to device messages (MQTT protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "MqttC2DRejectedMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of cloud to device messages (HTTP protocol) that were rejected by the device in the time window is not in the allowed range", "displayName": "Number of rejected cloud to device messages (HTTP protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "HttpC2DRejectedMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of device to cloud messages (AMQP protocol) in the time window is not in the allowed range", "displayName": "Number of device to cloud messages (AMQP protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "AmqpD2CMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of device to cloud messages (MQTT protocol) in the time window is not in the allowed range", "displayName": "Number of device to cloud messages (MQTT protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "MqttD2CMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of device to cloud messages (HTTP protocol) in the time window is not in the allowed range", "displayName": "Number of device to cloud messages (HTTP protocol) is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "HttpD2CMessagesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of direct method invokes in the time window is not in the allowed range", "displayName": "Number of direct method invokes is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "DirectMethodInvokesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of failed local logins on the device in the time window is not in the allowed range", "displayName": "Number of failed local logins is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "FailedLocalLoginsNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of file uploads from the device to the cloud in the time window is not in the allowed range", "displayName": "Number of file uploads is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "FileUploadsNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of device queue purges in the time window is not in the allowed range", "displayName": "Number of device queue purges is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "QueuePurgesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number of twin updates (by the device or the service) in the time window is not in the allowed range", "displayName": "Number of twin updates is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "TwinUpdatesNotInAllowedRange", "timeWindowSize": "PT15M" }, { "description": "Get an alert when the number unauthorized operations in the time window is not in the allowed range. Unauthorized operations are operations that affect the device (or done by it) that fail because of an unauthorized error", "displayName": "Number of unauthorized operations is not in allowed range", "isEnabled": false, "maxThreshold": 0, "minThreshold": 0, "ruleType": "UnauthorizedOperationsNotInAllowedRange", "timeWindowSize": "PT15M" } ] }, "type": "Microsoft.Security/deviceSecurityGroups" } } } } } } } }, "definitions": { "AllowlistCustomAlertRule": { "allOf": [ { "$ref": "#/definitions/ListCustomAlertRule" } ], "description": "A custom alert rule that checks if a value (depends on the custom alert type) is allowed", "properties": { "allowlistValues": { "description": "The values to allow. The format of the values depends on the rule type.", "items": { "type": "string" }, "type": "array" }, "ruleType": { "description": "The type of the custom alert rule.", "enum": [ "ConnectionToIpNotAllowed", "LocalUserNotAllowed", "ProcessNotAllowed" ], "type": "string", "x-ms-enum": { "modelAsString": true, "name": "ruleType", "values": [ { "description": "Outbound connection to an ip that isn't allowed. Allow list consists of ipv4 or ipv6 range in CIDR notation.", "value": "ConnectionToIpNotAllowed" }, { "description": "Login by a local user that isn't allowed. Allow list consists of login names to allow.", "value": "LocalUserNotAllowed" }, { "description": "Execution of a process that isn't allowed. Allow list consists of process names to allow.", "value": "ProcessNotAllowed" } ] } } }, "required": [ "allowlistValues" ], "type": "object" }, "CustomAlertRule": { "description": "A custom alert rule", "properties": { "description": { "description": "The description of the custom alert.", "readOnly": true, "type": "string" }, "displayName": { "description": "The display name of the custom alert.", "readOnly": true, "type": "string" }, "isEnabled": { "description": "Whether the custom alert is enabled.", "type": "boolean" }, "ruleType": { "description": "The type of the custom alert rule.", "type": "string" } }, "required": [ "isEnabled", "ruleType" ], "type": "object" }, "DenylistCustomAlertRule": { "allOf": [ { "$ref": "#/definitions/ListCustomAlertRule" } ], "description": "A custom alert rule that checks if a value (depends on the custom alert type) is denied", "properties": { "denylistValues": { "description": "The values to deny. The format of the values depends on the rule type.", "items": { "type": "string" }, "type": "array" } }, "required": [ "denylistValues" ], "type": "object" }, "DeviceSecurityGroup": { "allOf": [ { "description": "Describes an Azure resource.", "properties": { "id": { "description": "Resource Id", "readOnly": true, "type": "string" }, "name": { "description": "Resource name", "readOnly": true, "type": "string" }, "type": { "description": "Resource type", "readOnly": true, "type": "string" } }, "type": "object", "x-ms-azure-resource": true } ], "description": "The device security group resource", "properties": { "properties": { "$ref": "#/definitions/DeviceSecurityGroupProperties", "description": "Device Security group data", "x-ms-client-flatten": true } }, "type": "object" }, "DeviceSecurityGroupList": { "description": "List of device security groups", "properties": { "nextLink": { "description": "The URI to fetch the next page.", "readOnly": true, "type": "string" }, "value": { "description": "List of device security group objects", "items": { "$ref": "#/definitions/DeviceSecurityGroup" }, "type": "array" } }, "readOnly": true, "type": "object" }, "DeviceSecurityGroupProperties": { "description": "describes properties of a security group.", "properties": { "allowlistRules": { "description": "A list of allow-list custom alert rules.", "items": { "$ref": "#/definitions/AllowlistCustomAlertRule", "type": "object" }, "type": "array" }, "denylistRules": { "description": "A list of deny-list custom alert rules.", "items": { "$ref": "#/definitions/DenylistCustomAlertRule", "type": "object" }, "type": "array" }, "thresholdRules": { "description": "A list of threshold custom alert rules.", "items": { "$ref": "#/definitions/ThresholdCustomAlertRule", "type": "object" }, "type": "array" }, "timeWindowRules": { "description": "A list of time window custom alert rules.", "items": { "$ref": "#/definitions/TimeWindowCustomAlertRule", "type": "object" }, "type": "array" } }, "type": "object" }, "ListCustomAlertRule": { "allOf": [ { "$ref": "#/definitions/CustomAlertRule" } ], "description": "A List custom alert rule", "properties": { "valueType": { "description": "The value type of the items in the list", "enum": [ "IpCidr", "String" ], "readOnly": true, "type": "string", "x-ms-enum": { "modelAsString": true, "name": "valueType", "values": [ { "description": "An IP range in CIDR format (e.g. '192.168.0.1/8').", "value": "IpCidr" }, { "description": "Any string value.", "value": "String" } ] } } }, "type": "object" }, "ThresholdCustomAlertRule": { "allOf": [ { "$ref": "#/definitions/CustomAlertRule" } ], "description": "A custom alert rule that checks if a value (depends on the custom alert type) is within the given range.", "properties": { "maxThreshold": { "description": "The maximum threshold.", "type": "integer" }, "minThreshold": { "description": "The minimum threshold.", "type": "integer" } }, "required": [ "minThreshold", "maxThreshold" ], "type": "object" }, "TimeWindowCustomAlertRule": { "allOf": [ { "$ref": "#/definitions/CustomAlertRule" }, { "$ref": "#/definitions/ThresholdCustomAlertRule" } ], "description": "A custom alert rule that checks if the number of activities (depends on the custom alert type) in a time window is within the given range.", "properties": { "ruleType": { "description": "The type of the custom alert rule.", "enum": [ "ActiveConnectionsNotInAllowedRange", "AmqpC2DMessagesNotInAllowedRange", "MqttC2DMessagesNotInAllowedRange", "HttpC2DMessagesNotInAllowedRange", "AmqpC2DRejectedMessagesNotInAllowedRange", "MqttC2DRejectedMessagesNotInAllowedRange", "HttpC2DRejectedMessagesNotInAllowedRange", "AmqpD2CMessagesNotInAllowedRange", "MqttD2CMessagesNotInAllowedRange", "HttpD2CMessagesNotInAllowedRange", "DirectMethodInvokesNotInAllowedRange", "FailedLocalLoginsNotInAllowedRange", "FileUploadsNotInAllowedRange", "QueuePurgesNotInAllowedRange", "TwinUpdatesNotInAllowedRange", "UnauthorizedOperationsNotInAllowedRange" ], "type": "string", "x-ms-enum": { "modelAsString": true, "name": "ruleType", "values": [ { "description": "Number of active connections is not in allowed range.", "value": "ActiveConnectionsNotInAllowedRange" }, { "description": "Number of cloud to device messages (AMQP protocol) is not in allowed range.", "value": "AmqpC2DMessagesNotInAllowedRange" }, { "description": "Number of cloud to device messages (MQTT protocol) is not in allowed range.", "value": "MqttC2DMessagesNotInAllowedRange" }, { "description": "Number of cloud to device messages (HTTP protocol) is not in allowed range.", "value": "HttpC2DMessagesNotInAllowedRange" }, { "description": "Number of rejected cloud to device messages (AMQP protocol) is not in allowed range.", "value": "AmqpC2DRejectedMessagesNotInAllowedRange" }, { "description": "Number of rejected cloud to device messages (MQTT protocol) is not in allowed range.", "value": "MqttC2DRejectedMessagesNotInAllowedRange" }, { "description": "Number of rejected cloud to device messages (HTTP protocol) is not in allowed range.", "value": "HttpC2DRejectedMessagesNotInAllowedRange" }, { "description": "Number of device to cloud messages (AMQP protocol) is not in allowed range.", "value": "AmqpD2CMessagesNotInAllowedRange" }, { "description": "Number of device to cloud messages (MQTT protocol) is not in allowed range.", "value": "MqttD2CMessagesNotInAllowedRange" }, { "description": "Number of device to cloud messages (HTTP protocol) is not in allowed range.", "value": "HttpD2CMessagesNotInAllowedRange" }, { "description": "Number of direct method invokes is not in allowed range.", "value": "DirectMethodInvokesNotInAllowedRange" }, { "description": "Number of failed local logins is not in allowed range.", "value": "FailedLocalLoginsNotInAllowedRange" }, { "description": "Number of file uploads is not in allowed range.", "value": "FileUploadsNotInAllowedRange" }, { "description": "Number of device queue purges is not in allowed range.", "value": "QueuePurgesNotInAllowedRange" }, { "description": "Number of twin updates is not in allowed range.", "value": "TwinUpdatesNotInAllowedRange" }, { "description": "Number of unauthorized operations is not in allowed range.", "value": "UnauthorizedOperationsNotInAllowedRange" } ] } }, "timeWindowSize": { "description": "The time window size in iso8601 format.", "format": "duration", "type": "string" } }, "required": [ "timeWindowSize" ], "type": "object" } } }