Microsoft.Security deviceSecurityGroups

Bicep resource definition

The deviceSecurityGroups resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Security/deviceSecurityGroups resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Security/deviceSecurityGroups@2019-08-01' = {
  scope: resourceSymbolicName or scope
  name: 'string'
  properties: {
    allowlistRules: [
      {
        allowlistValues: [
          'string'
        ]
        isEnabled: bool
        ruleType: 'string'
        // For remaining properties, see AllowlistCustomAlertRule objects
      }
    ]
    denylistRules: [
      {
        denylistValues: [
          'string'
        ]
        isEnabled: bool
        ruleType: 'string'
      }
    ]
    thresholdRules: [
      {
        isEnabled: bool
        maxThreshold: int
        minThreshold: int
        ruleType: 'string'
        // For remaining properties, see ThresholdCustomAlertRule objects
      }
    ]
    timeWindowRules: [
      {
        isEnabled: bool
        maxThreshold: int
        minThreshold: int
        timeWindowSize: 'string'
        ruleType: 'string'
        // For remaining properties, see TimeWindowCustomAlertRule objects
      }
    ]
  }
}

AllowlistCustomAlertRule objects

Set the ruleType property to specify the type of object.

For ConnectionFromIpNotAllowed, use:

{
  ruleType: 'ConnectionFromIpNotAllowed'
}

For ConnectionToIpNotAllowed, use:

{
  ruleType: 'ConnectionToIpNotAllowed'
}

For LocalUserNotAllowed, use:

{
  ruleType: 'LocalUserNotAllowed'
}

For ProcessNotAllowed, use:

{
  ruleType: 'ProcessNotAllowed'
}

TimeWindowCustomAlertRule objects

Set the ruleType property to specify the type of object.

For ActiveConnectionsNotInAllowedRange, use:

{
  ruleType: 'ActiveConnectionsNotInAllowedRange'
}

For AmqpC2DMessagesNotInAllowedRange, use:

{
  ruleType: 'AmqpC2DMessagesNotInAllowedRange'
}

For AmqpC2DRejectedMessagesNotInAllowedRange, use:

{
  ruleType: 'AmqpC2DRejectedMessagesNotInAllowedRange'
}

For AmqpD2CMessagesNotInAllowedRange, use:

{
  ruleType: 'AmqpD2CMessagesNotInAllowedRange'
}

For DirectMethodInvokesNotInAllowedRange, use:

{
  ruleType: 'DirectMethodInvokesNotInAllowedRange'
}

For FailedLocalLoginsNotInAllowedRange, use:

{
  ruleType: 'FailedLocalLoginsNotInAllowedRange'
}

For FileUploadsNotInAllowedRange, use:

{
  ruleType: 'FileUploadsNotInAllowedRange'
}

For HttpC2DMessagesNotInAllowedRange, use:

{
  ruleType: 'HttpC2DMessagesNotInAllowedRange'
}

For HttpC2DRejectedMessagesNotInAllowedRange, use:

{
  ruleType: 'HttpC2DRejectedMessagesNotInAllowedRange'
}

For HttpD2CMessagesNotInAllowedRange, use:

{
  ruleType: 'HttpD2CMessagesNotInAllowedRange'
}

For MqttC2DMessagesNotInAllowedRange, use:

{
  ruleType: 'MqttC2DMessagesNotInAllowedRange'
}

For MqttC2DRejectedMessagesNotInAllowedRange, use:

{
  ruleType: 'MqttC2DRejectedMessagesNotInAllowedRange'
}

For MqttD2CMessagesNotInAllowedRange, use:

{
  ruleType: 'MqttD2CMessagesNotInAllowedRange'
}

For QueuePurgesNotInAllowedRange, use:

{
  ruleType: 'QueuePurgesNotInAllowedRange'
}

For TwinUpdatesNotInAllowedRange, use:

{
  ruleType: 'TwinUpdatesNotInAllowedRange'
}

For UnauthorizedOperationsNotInAllowedRange, use:

{
  ruleType: 'UnauthorizedOperationsNotInAllowedRange'
}

ThresholdCustomAlertRule objects

Set the ruleType property to specify the type of object.

For ActiveConnectionsNotInAllowedRange, use:

{
  ruleType: 'ActiveConnectionsNotInAllowedRange'
  timeWindowSize: 'string'
}

For AmqpC2DMessagesNotInAllowedRange, use:

{
  ruleType: 'AmqpC2DMessagesNotInAllowedRange'
  timeWindowSize: 'string'
}

For AmqpC2DRejectedMessagesNotInAllowedRange, use:

{
  ruleType: 'AmqpC2DRejectedMessagesNotInAllowedRange'
  timeWindowSize: 'string'
}

For AmqpD2CMessagesNotInAllowedRange, use:

{
  ruleType: 'AmqpD2CMessagesNotInAllowedRange'
  timeWindowSize: 'string'
}

For DirectMethodInvokesNotInAllowedRange, use:

{
  ruleType: 'DirectMethodInvokesNotInAllowedRange'
  timeWindowSize: 'string'
}

For FailedLocalLoginsNotInAllowedRange, use:

{
  ruleType: 'FailedLocalLoginsNotInAllowedRange'
  timeWindowSize: 'string'
}

For FileUploadsNotInAllowedRange, use:

{
  ruleType: 'FileUploadsNotInAllowedRange'
  timeWindowSize: 'string'
}

For HttpC2DMessagesNotInAllowedRange, use:

{
  ruleType: 'HttpC2DMessagesNotInAllowedRange'
  timeWindowSize: 'string'
}

For HttpC2DRejectedMessagesNotInAllowedRange, use:

{
  ruleType: 'HttpC2DRejectedMessagesNotInAllowedRange'
  timeWindowSize: 'string'
}

For HttpD2CMessagesNotInAllowedRange, use:

{
  ruleType: 'HttpD2CMessagesNotInAllowedRange'
  timeWindowSize: 'string'
}

For MqttC2DMessagesNotInAllowedRange, use:

{
  ruleType: 'MqttC2DMessagesNotInAllowedRange'
  timeWindowSize: 'string'
}

For MqttC2DRejectedMessagesNotInAllowedRange, use:

{
  ruleType: 'MqttC2DRejectedMessagesNotInAllowedRange'
  timeWindowSize: 'string'
}

For MqttD2CMessagesNotInAllowedRange, use:

{
  ruleType: 'MqttD2CMessagesNotInAllowedRange'
  timeWindowSize: 'string'
}

For QueuePurgesNotInAllowedRange, use:

{
  ruleType: 'QueuePurgesNotInAllowedRange'
  timeWindowSize: 'string'
}

For TwinUpdatesNotInAllowedRange, use:

{
  ruleType: 'TwinUpdatesNotInAllowedRange'
  timeWindowSize: 'string'
}

For UnauthorizedOperationsNotInAllowedRange, use:

{
  ruleType: 'UnauthorizedOperationsNotInAllowedRange'
  timeWindowSize: 'string'
}

Property values

ActiveConnectionsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'ActiveConnectionsNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

ActiveConnectionsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'ActiveConnectionsNotInAllowedRange' (required)

AllowlistCustomAlertRule

Name Description Value
allowlistValues The values to allow. The format of the values depends on the rule type. string[] (required)
isEnabled Status of the custom alert. bool (required)
ruleType Set to 'ConnectionFromIpNotAllowed' for type ConnectionFromIpNotAllowed. Set to 'ConnectionToIpNotAllowed' for type ConnectionToIpNotAllowed. Set to 'LocalUserNotAllowed' for type LocalUserNotAllowed. Set to 'ProcessNotAllowed' for type ProcessNotAllowed. 'ConnectionFromIpNotAllowed'
'ConnectionToIpNotAllowed'
'LocalUserNotAllowed'
'ProcessNotAllowed' (required)

AmqpC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'AmqpC2DMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

AmqpC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'AmqpC2DMessagesNotInAllowedRange' (required)

AmqpC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'AmqpC2DRejectedMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

AmqpC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'AmqpC2DRejectedMessagesNotInAllowedRange' (required)

AmqpD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'AmqpD2CMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

AmqpD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'AmqpD2CMessagesNotInAllowedRange' (required)

ConnectionFromIpNotAllowed

Name Description Value
ruleType The type of the custom alert rule. 'ConnectionFromIpNotAllowed' (required)

ConnectionToIpNotAllowed

Name Description Value
ruleType The type of the custom alert rule. 'ConnectionToIpNotAllowed' (required)

DenylistCustomAlertRule

Name Description Value
denylistValues The values to deny. The format of the values depends on the rule type. string[] (required)
isEnabled Status of the custom alert. bool (required)
ruleType The type of the custom alert rule. string (required)

DeviceSecurityGroupProperties

Name Description Value
allowlistRules The allow-list custom alert rules. AllowlistCustomAlertRule[]
denylistRules The deny-list custom alert rules. DenylistCustomAlertRule[]
thresholdRules The list of custom alert threshold rules. ThresholdCustomAlertRule[]
timeWindowRules The list of custom alert time-window rules. TimeWindowCustomAlertRule[]

DirectMethodInvokesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'DirectMethodInvokesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

DirectMethodInvokesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'DirectMethodInvokesNotInAllowedRange' (required)

FailedLocalLoginsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'FailedLocalLoginsNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

FailedLocalLoginsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'FailedLocalLoginsNotInAllowedRange' (required)

FileUploadsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'FileUploadsNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

FileUploadsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'FileUploadsNotInAllowedRange' (required)

HttpC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'HttpC2DMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

HttpC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'HttpC2DMessagesNotInAllowedRange' (required)

HttpC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'HttpC2DRejectedMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

HttpC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'HttpC2DRejectedMessagesNotInAllowedRange' (required)

HttpD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'HttpD2CMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

HttpD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'HttpD2CMessagesNotInAllowedRange' (required)

LocalUserNotAllowed

Name Description Value
ruleType The type of the custom alert rule. 'LocalUserNotAllowed' (required)

Microsoft.Security/deviceSecurityGroups

Name Description Value
name The resource name string (required)
properties Device Security group data DeviceSecurityGroupProperties
scope Use when creating a resource at a scope that is different than the deployment scope. Set this property to the symbolic name of a resource to apply the extension resource.

MqttC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'MqttC2DMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

MqttC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'MqttC2DMessagesNotInAllowedRange' (required)

MqttC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'MqttC2DRejectedMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

MqttC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'MqttC2DRejectedMessagesNotInAllowedRange' (required)

MqttD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'MqttD2CMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

MqttD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'MqttD2CMessagesNotInAllowedRange' (required)

ProcessNotAllowed

Name Description Value
ruleType The type of the custom alert rule. 'ProcessNotAllowed' (required)

QueuePurgesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'QueuePurgesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

QueuePurgesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'QueuePurgesNotInAllowedRange' (required)

ThresholdCustomAlertRule

Name Description Value
isEnabled Status of the custom alert. bool (required)
maxThreshold The maximum threshold. int (required)
minThreshold The minimum threshold. int (required)
ruleType Set to 'ActiveConnectionsNotInAllowedRange' for type ActiveConnectionsNotInAllowedRange. Set to 'AmqpC2DMessagesNotInAllowedRange' for type AmqpC2DMessagesNotInAllowedRange. Set to 'AmqpC2DRejectedMessagesNotInAllowedRange' for type AmqpC2DRejectedMessagesNotInAllowedRange. Set to 'AmqpD2CMessagesNotInAllowedRange' for type AmqpD2CMessagesNotInAllowedRange. Set to 'DirectMethodInvokesNotInAllowedRange' for type DirectMethodInvokesNotInAllowedRange. Set to 'FailedLocalLoginsNotInAllowedRange' for type FailedLocalLoginsNotInAllowedRange. Set to 'FileUploadsNotInAllowedRange' for type FileUploadsNotInAllowedRange. Set to 'HttpC2DMessagesNotInAllowedRange' for type HttpC2DMessagesNotInAllowedRange. Set to 'HttpC2DRejectedMessagesNotInAllowedRange' for type HttpC2DRejectedMessagesNotInAllowedRange. Set to 'HttpD2CMessagesNotInAllowedRange' for type HttpD2CMessagesNotInAllowedRange. Set to 'MqttC2DMessagesNotInAllowedRange' for type MqttC2DMessagesNotInAllowedRange. Set to 'MqttC2DRejectedMessagesNotInAllowedRange' for type MqttC2DRejectedMessagesNotInAllowedRange. Set to 'MqttD2CMessagesNotInAllowedRange' for type MqttD2CMessagesNotInAllowedRange. Set to 'QueuePurgesNotInAllowedRange' for type QueuePurgesNotInAllowedRange. Set to 'TwinUpdatesNotInAllowedRange' for type TwinUpdatesNotInAllowedRange. Set to 'UnauthorizedOperationsNotInAllowedRange' for type UnauthorizedOperationsNotInAllowedRange. 'ActiveConnectionsNotInAllowedRange'
'AmqpC2DMessagesNotInAllowedRange'
'AmqpC2DRejectedMessagesNotInAllowedRange'
'AmqpD2CMessagesNotInAllowedRange'
'DirectMethodInvokesNotInAllowedRange'
'FailedLocalLoginsNotInAllowedRange'
'FileUploadsNotInAllowedRange'
'HttpC2DMessagesNotInAllowedRange'
'HttpC2DRejectedMessagesNotInAllowedRange'
'HttpD2CMessagesNotInAllowedRange'
'MqttC2DMessagesNotInAllowedRange'
'MqttC2DRejectedMessagesNotInAllowedRange'
'MqttD2CMessagesNotInAllowedRange'
'QueuePurgesNotInAllowedRange'
'TwinUpdatesNotInAllowedRange'
'UnauthorizedOperationsNotInAllowedRange' (required)

TimeWindowCustomAlertRule

Name Description Value
isEnabled Status of the custom alert. bool (required)
maxThreshold The maximum threshold. int (required)
minThreshold The minimum threshold. int (required)
ruleType Set to 'ActiveConnectionsNotInAllowedRange' for type ActiveConnectionsNotInAllowedRange. Set to 'AmqpC2DMessagesNotInAllowedRange' for type AmqpC2DMessagesNotInAllowedRange. Set to 'AmqpC2DRejectedMessagesNotInAllowedRange' for type AmqpC2DRejectedMessagesNotInAllowedRange. Set to 'AmqpD2CMessagesNotInAllowedRange' for type AmqpD2CMessagesNotInAllowedRange. Set to 'DirectMethodInvokesNotInAllowedRange' for type DirectMethodInvokesNotInAllowedRange. Set to 'FailedLocalLoginsNotInAllowedRange' for type FailedLocalLoginsNotInAllowedRange. Set to 'FileUploadsNotInAllowedRange' for type FileUploadsNotInAllowedRange. Set to 'HttpC2DMessagesNotInAllowedRange' for type HttpC2DMessagesNotInAllowedRange. Set to 'HttpC2DRejectedMessagesNotInAllowedRange' for type HttpC2DRejectedMessagesNotInAllowedRange. Set to 'HttpD2CMessagesNotInAllowedRange' for type HttpD2CMessagesNotInAllowedRange. Set to 'MqttC2DMessagesNotInAllowedRange' for type MqttC2DMessagesNotInAllowedRange. Set to 'MqttC2DRejectedMessagesNotInAllowedRange' for type MqttC2DRejectedMessagesNotInAllowedRange. Set to 'MqttD2CMessagesNotInAllowedRange' for type MqttD2CMessagesNotInAllowedRange. Set to 'QueuePurgesNotInAllowedRange' for type QueuePurgesNotInAllowedRange. Set to 'TwinUpdatesNotInAllowedRange' for type TwinUpdatesNotInAllowedRange. Set to 'UnauthorizedOperationsNotInAllowedRange' for type UnauthorizedOperationsNotInAllowedRange. 'ActiveConnectionsNotInAllowedRange'
'AmqpC2DMessagesNotInAllowedRange'
'AmqpC2DRejectedMessagesNotInAllowedRange'
'AmqpD2CMessagesNotInAllowedRange'
'DirectMethodInvokesNotInAllowedRange'
'FailedLocalLoginsNotInAllowedRange'
'FileUploadsNotInAllowedRange'
'HttpC2DMessagesNotInAllowedRange'
'HttpC2DRejectedMessagesNotInAllowedRange'
'HttpD2CMessagesNotInAllowedRange'
'MqttC2DMessagesNotInAllowedRange'
'MqttC2DRejectedMessagesNotInAllowedRange'
'MqttD2CMessagesNotInAllowedRange'
'QueuePurgesNotInAllowedRange'
'TwinUpdatesNotInAllowedRange'
'UnauthorizedOperationsNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

TwinUpdatesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'TwinUpdatesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

TwinUpdatesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'TwinUpdatesNotInAllowedRange' (required)

UnauthorizedOperationsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'UnauthorizedOperationsNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

UnauthorizedOperationsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'UnauthorizedOperationsNotInAllowedRange' (required)

ARM template resource definition

The deviceSecurityGroups resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Security/deviceSecurityGroups resource, add the following JSON to your template.

{
  "type": "Microsoft.Security/deviceSecurityGroups",
  "apiVersion": "2019-08-01",
  "name": "string",
  "properties": {
    "allowlistRules": [ {
      "allowlistValues": [ "string" ],
      "isEnabled": "bool",
      "ruleType": "string"
      // For remaining properties, see AllowlistCustomAlertRule objects
    } ],
    "denylistRules": [
      {
        "denylistValues": [ "string" ],
        "isEnabled": "bool",
        "ruleType": "string"
      }
    ],
    "thresholdRules": [ {
      "isEnabled": "bool",
      "maxThreshold": "int",
      "minThreshold": "int",
      "ruleType": "string"
      // For remaining properties, see ThresholdCustomAlertRule objects
    } ],
    "timeWindowRules": [ {
      "isEnabled": "bool",
      "maxThreshold": "int",
      "minThreshold": "int",
      "timeWindowSize": "string",
      "ruleType": "string"
      // For remaining properties, see TimeWindowCustomAlertRule objects
    } ]
  }
}

AllowlistCustomAlertRule objects

Set the ruleType property to specify the type of object.

For ConnectionFromIpNotAllowed, use:

{
  "ruleType": "ConnectionFromIpNotAllowed"
}

For ConnectionToIpNotAllowed, use:

{
  "ruleType": "ConnectionToIpNotAllowed"
}

For LocalUserNotAllowed, use:

{
  "ruleType": "LocalUserNotAllowed"
}

For ProcessNotAllowed, use:

{
  "ruleType": "ProcessNotAllowed"
}

TimeWindowCustomAlertRule objects

Set the ruleType property to specify the type of object.

For ActiveConnectionsNotInAllowedRange, use:

{
  "ruleType": "ActiveConnectionsNotInAllowedRange"
}

For AmqpC2DMessagesNotInAllowedRange, use:

{
  "ruleType": "AmqpC2DMessagesNotInAllowedRange"
}

For AmqpC2DRejectedMessagesNotInAllowedRange, use:

{
  "ruleType": "AmqpC2DRejectedMessagesNotInAllowedRange"
}

For AmqpD2CMessagesNotInAllowedRange, use:

{
  "ruleType": "AmqpD2CMessagesNotInAllowedRange"
}

For DirectMethodInvokesNotInAllowedRange, use:

{
  "ruleType": "DirectMethodInvokesNotInAllowedRange"
}

For FailedLocalLoginsNotInAllowedRange, use:

{
  "ruleType": "FailedLocalLoginsNotInAllowedRange"
}

For FileUploadsNotInAllowedRange, use:

{
  "ruleType": "FileUploadsNotInAllowedRange"
}

For HttpC2DMessagesNotInAllowedRange, use:

{
  "ruleType": "HttpC2DMessagesNotInAllowedRange"
}

For HttpC2DRejectedMessagesNotInAllowedRange, use:

{
  "ruleType": "HttpC2DRejectedMessagesNotInAllowedRange"
}

For HttpD2CMessagesNotInAllowedRange, use:

{
  "ruleType": "HttpD2CMessagesNotInAllowedRange"
}

For MqttC2DMessagesNotInAllowedRange, use:

{
  "ruleType": "MqttC2DMessagesNotInAllowedRange"
}

For MqttC2DRejectedMessagesNotInAllowedRange, use:

{
  "ruleType": "MqttC2DRejectedMessagesNotInAllowedRange"
}

For MqttD2CMessagesNotInAllowedRange, use:

{
  "ruleType": "MqttD2CMessagesNotInAllowedRange"
}

For QueuePurgesNotInAllowedRange, use:

{
  "ruleType": "QueuePurgesNotInAllowedRange"
}

For TwinUpdatesNotInAllowedRange, use:

{
  "ruleType": "TwinUpdatesNotInAllowedRange"
}

For UnauthorizedOperationsNotInAllowedRange, use:

{
  "ruleType": "UnauthorizedOperationsNotInAllowedRange"
}

ThresholdCustomAlertRule objects

Set the ruleType property to specify the type of object.

For ActiveConnectionsNotInAllowedRange, use:

{
  "ruleType": "ActiveConnectionsNotInAllowedRange",
  "timeWindowSize": "string"
}

For AmqpC2DMessagesNotInAllowedRange, use:

{
  "ruleType": "AmqpC2DMessagesNotInAllowedRange",
  "timeWindowSize": "string"
}

For AmqpC2DRejectedMessagesNotInAllowedRange, use:

{
  "ruleType": "AmqpC2DRejectedMessagesNotInAllowedRange",
  "timeWindowSize": "string"
}

For AmqpD2CMessagesNotInAllowedRange, use:

{
  "ruleType": "AmqpD2CMessagesNotInAllowedRange",
  "timeWindowSize": "string"
}

For DirectMethodInvokesNotInAllowedRange, use:

{
  "ruleType": "DirectMethodInvokesNotInAllowedRange",
  "timeWindowSize": "string"
}

For FailedLocalLoginsNotInAllowedRange, use:

{
  "ruleType": "FailedLocalLoginsNotInAllowedRange",
  "timeWindowSize": "string"
}

For FileUploadsNotInAllowedRange, use:

{
  "ruleType": "FileUploadsNotInAllowedRange",
  "timeWindowSize": "string"
}

For HttpC2DMessagesNotInAllowedRange, use:

{
  "ruleType": "HttpC2DMessagesNotInAllowedRange",
  "timeWindowSize": "string"
}

For HttpC2DRejectedMessagesNotInAllowedRange, use:

{
  "ruleType": "HttpC2DRejectedMessagesNotInAllowedRange",
  "timeWindowSize": "string"
}

For HttpD2CMessagesNotInAllowedRange, use:

{
  "ruleType": "HttpD2CMessagesNotInAllowedRange",
  "timeWindowSize": "string"
}

For MqttC2DMessagesNotInAllowedRange, use:

{
  "ruleType": "MqttC2DMessagesNotInAllowedRange",
  "timeWindowSize": "string"
}

For MqttC2DRejectedMessagesNotInAllowedRange, use:

{
  "ruleType": "MqttC2DRejectedMessagesNotInAllowedRange",
  "timeWindowSize": "string"
}

For MqttD2CMessagesNotInAllowedRange, use:

{
  "ruleType": "MqttD2CMessagesNotInAllowedRange",
  "timeWindowSize": "string"
}

For QueuePurgesNotInAllowedRange, use:

{
  "ruleType": "QueuePurgesNotInAllowedRange",
  "timeWindowSize": "string"
}

For TwinUpdatesNotInAllowedRange, use:

{
  "ruleType": "TwinUpdatesNotInAllowedRange",
  "timeWindowSize": "string"
}

For UnauthorizedOperationsNotInAllowedRange, use:

{
  "ruleType": "UnauthorizedOperationsNotInAllowedRange",
  "timeWindowSize": "string"
}

Property values

ActiveConnectionsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'ActiveConnectionsNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

ActiveConnectionsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'ActiveConnectionsNotInAllowedRange' (required)

AllowlistCustomAlertRule

Name Description Value
allowlistValues The values to allow. The format of the values depends on the rule type. string[] (required)
isEnabled Status of the custom alert. bool (required)
ruleType Set to 'ConnectionFromIpNotAllowed' for type ConnectionFromIpNotAllowed. Set to 'ConnectionToIpNotAllowed' for type ConnectionToIpNotAllowed. Set to 'LocalUserNotAllowed' for type LocalUserNotAllowed. Set to 'ProcessNotAllowed' for type ProcessNotAllowed. 'ConnectionFromIpNotAllowed'
'ConnectionToIpNotAllowed'
'LocalUserNotAllowed'
'ProcessNotAllowed' (required)

AmqpC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'AmqpC2DMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

AmqpC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'AmqpC2DMessagesNotInAllowedRange' (required)

AmqpC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'AmqpC2DRejectedMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

AmqpC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'AmqpC2DRejectedMessagesNotInAllowedRange' (required)

AmqpD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'AmqpD2CMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

AmqpD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'AmqpD2CMessagesNotInAllowedRange' (required)

ConnectionFromIpNotAllowed

Name Description Value
ruleType The type of the custom alert rule. 'ConnectionFromIpNotAllowed' (required)

ConnectionToIpNotAllowed

Name Description Value
ruleType The type of the custom alert rule. 'ConnectionToIpNotAllowed' (required)

DenylistCustomAlertRule

Name Description Value
denylistValues The values to deny. The format of the values depends on the rule type. string[] (required)
isEnabled Status of the custom alert. bool (required)
ruleType The type of the custom alert rule. string (required)

DeviceSecurityGroupProperties

Name Description Value
allowlistRules The allow-list custom alert rules. AllowlistCustomAlertRule[]
denylistRules The deny-list custom alert rules. DenylistCustomAlertRule[]
thresholdRules The list of custom alert threshold rules. ThresholdCustomAlertRule[]
timeWindowRules The list of custom alert time-window rules. TimeWindowCustomAlertRule[]

DirectMethodInvokesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'DirectMethodInvokesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

DirectMethodInvokesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'DirectMethodInvokesNotInAllowedRange' (required)

FailedLocalLoginsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'FailedLocalLoginsNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

FailedLocalLoginsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'FailedLocalLoginsNotInAllowedRange' (required)

FileUploadsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'FileUploadsNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

FileUploadsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'FileUploadsNotInAllowedRange' (required)

HttpC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'HttpC2DMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

HttpC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'HttpC2DMessagesNotInAllowedRange' (required)

HttpC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'HttpC2DRejectedMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

HttpC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'HttpC2DRejectedMessagesNotInAllowedRange' (required)

HttpD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'HttpD2CMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

HttpD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'HttpD2CMessagesNotInAllowedRange' (required)

LocalUserNotAllowed

Name Description Value
ruleType The type of the custom alert rule. 'LocalUserNotAllowed' (required)

Microsoft.Security/deviceSecurityGroups

Name Description Value
apiVersion The api version '2019-08-01'
name The resource name string (required)
properties Device Security group data DeviceSecurityGroupProperties
type The resource type 'Microsoft.Security/deviceSecurityGroups'

MqttC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'MqttC2DMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

MqttC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'MqttC2DMessagesNotInAllowedRange' (required)

MqttC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'MqttC2DRejectedMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

MqttC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'MqttC2DRejectedMessagesNotInAllowedRange' (required)

MqttD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'MqttD2CMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

MqttD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'MqttD2CMessagesNotInAllowedRange' (required)

ProcessNotAllowed

Name Description Value
ruleType The type of the custom alert rule. 'ProcessNotAllowed' (required)

QueuePurgesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'QueuePurgesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

QueuePurgesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'QueuePurgesNotInAllowedRange' (required)

ThresholdCustomAlertRule

Name Description Value
isEnabled Status of the custom alert. bool (required)
maxThreshold The maximum threshold. int (required)
minThreshold The minimum threshold. int (required)
ruleType Set to 'ActiveConnectionsNotInAllowedRange' for type ActiveConnectionsNotInAllowedRange. Set to 'AmqpC2DMessagesNotInAllowedRange' for type AmqpC2DMessagesNotInAllowedRange. Set to 'AmqpC2DRejectedMessagesNotInAllowedRange' for type AmqpC2DRejectedMessagesNotInAllowedRange. Set to 'AmqpD2CMessagesNotInAllowedRange' for type AmqpD2CMessagesNotInAllowedRange. Set to 'DirectMethodInvokesNotInAllowedRange' for type DirectMethodInvokesNotInAllowedRange. Set to 'FailedLocalLoginsNotInAllowedRange' for type FailedLocalLoginsNotInAllowedRange. Set to 'FileUploadsNotInAllowedRange' for type FileUploadsNotInAllowedRange. Set to 'HttpC2DMessagesNotInAllowedRange' for type HttpC2DMessagesNotInAllowedRange. Set to 'HttpC2DRejectedMessagesNotInAllowedRange' for type HttpC2DRejectedMessagesNotInAllowedRange. Set to 'HttpD2CMessagesNotInAllowedRange' for type HttpD2CMessagesNotInAllowedRange. Set to 'MqttC2DMessagesNotInAllowedRange' for type MqttC2DMessagesNotInAllowedRange. Set to 'MqttC2DRejectedMessagesNotInAllowedRange' for type MqttC2DRejectedMessagesNotInAllowedRange. Set to 'MqttD2CMessagesNotInAllowedRange' for type MqttD2CMessagesNotInAllowedRange. Set to 'QueuePurgesNotInAllowedRange' for type QueuePurgesNotInAllowedRange. Set to 'TwinUpdatesNotInAllowedRange' for type TwinUpdatesNotInAllowedRange. Set to 'UnauthorizedOperationsNotInAllowedRange' for type UnauthorizedOperationsNotInAllowedRange. 'ActiveConnectionsNotInAllowedRange'
'AmqpC2DMessagesNotInAllowedRange'
'AmqpC2DRejectedMessagesNotInAllowedRange'
'AmqpD2CMessagesNotInAllowedRange'
'DirectMethodInvokesNotInAllowedRange'
'FailedLocalLoginsNotInAllowedRange'
'FileUploadsNotInAllowedRange'
'HttpC2DMessagesNotInAllowedRange'
'HttpC2DRejectedMessagesNotInAllowedRange'
'HttpD2CMessagesNotInAllowedRange'
'MqttC2DMessagesNotInAllowedRange'
'MqttC2DRejectedMessagesNotInAllowedRange'
'MqttD2CMessagesNotInAllowedRange'
'QueuePurgesNotInAllowedRange'
'TwinUpdatesNotInAllowedRange'
'UnauthorizedOperationsNotInAllowedRange' (required)

TimeWindowCustomAlertRule

Name Description Value
isEnabled Status of the custom alert. bool (required)
maxThreshold The maximum threshold. int (required)
minThreshold The minimum threshold. int (required)
ruleType Set to 'ActiveConnectionsNotInAllowedRange' for type ActiveConnectionsNotInAllowedRange. Set to 'AmqpC2DMessagesNotInAllowedRange' for type AmqpC2DMessagesNotInAllowedRange. Set to 'AmqpC2DRejectedMessagesNotInAllowedRange' for type AmqpC2DRejectedMessagesNotInAllowedRange. Set to 'AmqpD2CMessagesNotInAllowedRange' for type AmqpD2CMessagesNotInAllowedRange. Set to 'DirectMethodInvokesNotInAllowedRange' for type DirectMethodInvokesNotInAllowedRange. Set to 'FailedLocalLoginsNotInAllowedRange' for type FailedLocalLoginsNotInAllowedRange. Set to 'FileUploadsNotInAllowedRange' for type FileUploadsNotInAllowedRange. Set to 'HttpC2DMessagesNotInAllowedRange' for type HttpC2DMessagesNotInAllowedRange. Set to 'HttpC2DRejectedMessagesNotInAllowedRange' for type HttpC2DRejectedMessagesNotInAllowedRange. Set to 'HttpD2CMessagesNotInAllowedRange' for type HttpD2CMessagesNotInAllowedRange. Set to 'MqttC2DMessagesNotInAllowedRange' for type MqttC2DMessagesNotInAllowedRange. Set to 'MqttC2DRejectedMessagesNotInAllowedRange' for type MqttC2DRejectedMessagesNotInAllowedRange. Set to 'MqttD2CMessagesNotInAllowedRange' for type MqttD2CMessagesNotInAllowedRange. Set to 'QueuePurgesNotInAllowedRange' for type QueuePurgesNotInAllowedRange. Set to 'TwinUpdatesNotInAllowedRange' for type TwinUpdatesNotInAllowedRange. Set to 'UnauthorizedOperationsNotInAllowedRange' for type UnauthorizedOperationsNotInAllowedRange. 'ActiveConnectionsNotInAllowedRange'
'AmqpC2DMessagesNotInAllowedRange'
'AmqpC2DRejectedMessagesNotInAllowedRange'
'AmqpD2CMessagesNotInAllowedRange'
'DirectMethodInvokesNotInAllowedRange'
'FailedLocalLoginsNotInAllowedRange'
'FileUploadsNotInAllowedRange'
'HttpC2DMessagesNotInAllowedRange'
'HttpC2DRejectedMessagesNotInAllowedRange'
'HttpD2CMessagesNotInAllowedRange'
'MqttC2DMessagesNotInAllowedRange'
'MqttC2DRejectedMessagesNotInAllowedRange'
'MqttD2CMessagesNotInAllowedRange'
'QueuePurgesNotInAllowedRange'
'TwinUpdatesNotInAllowedRange'
'UnauthorizedOperationsNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

TwinUpdatesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'TwinUpdatesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

TwinUpdatesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'TwinUpdatesNotInAllowedRange' (required)

UnauthorizedOperationsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'UnauthorizedOperationsNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

UnauthorizedOperationsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'UnauthorizedOperationsNotInAllowedRange' (required)

Terraform (AzAPI provider) resource definition

The deviceSecurityGroups resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Security/deviceSecurityGroups resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Security/deviceSecurityGroups@2019-08-01"
  name = "string"
  parent_id = "string"
  body = jsonencode({
    properties = {
      allowlistRules = [
        {
          allowlistValues = [
            "string"
          ]
          isEnabled = bool
          ruleType = "string"
          // For remaining properties, see AllowlistCustomAlertRule objects
        }
      ]
      denylistRules = [
        {
          denylistValues = [
            "string"
          ]
          isEnabled = bool
          ruleType = "string"
        }
      ]
      thresholdRules = [
        {
          isEnabled = bool
          maxThreshold = int
          minThreshold = int
          ruleType = "string"
          // For remaining properties, see ThresholdCustomAlertRule objects
        }
      ]
      timeWindowRules = [
        {
          isEnabled = bool
          maxThreshold = int
          minThreshold = int
          timeWindowSize = "string"
          ruleType = "string"
          // For remaining properties, see TimeWindowCustomAlertRule objects
        }
      ]
    }
  })
}

AllowlistCustomAlertRule objects

Set the ruleType property to specify the type of object.

For ConnectionFromIpNotAllowed, use:

{
  ruleType = "ConnectionFromIpNotAllowed"
}

For ConnectionToIpNotAllowed, use:

{
  ruleType = "ConnectionToIpNotAllowed"
}

For LocalUserNotAllowed, use:

{
  ruleType = "LocalUserNotAllowed"
}

For ProcessNotAllowed, use:

{
  ruleType = "ProcessNotAllowed"
}

TimeWindowCustomAlertRule objects

Set the ruleType property to specify the type of object.

For ActiveConnectionsNotInAllowedRange, use:

{
  ruleType = "ActiveConnectionsNotInAllowedRange"
}

For AmqpC2DMessagesNotInAllowedRange, use:

{
  ruleType = "AmqpC2DMessagesNotInAllowedRange"
}

For AmqpC2DRejectedMessagesNotInAllowedRange, use:

{
  ruleType = "AmqpC2DRejectedMessagesNotInAllowedRange"
}

For AmqpD2CMessagesNotInAllowedRange, use:

{
  ruleType = "AmqpD2CMessagesNotInAllowedRange"
}

For DirectMethodInvokesNotInAllowedRange, use:

{
  ruleType = "DirectMethodInvokesNotInAllowedRange"
}

For FailedLocalLoginsNotInAllowedRange, use:

{
  ruleType = "FailedLocalLoginsNotInAllowedRange"
}

For FileUploadsNotInAllowedRange, use:

{
  ruleType = "FileUploadsNotInAllowedRange"
}

For HttpC2DMessagesNotInAllowedRange, use:

{
  ruleType = "HttpC2DMessagesNotInAllowedRange"
}

For HttpC2DRejectedMessagesNotInAllowedRange, use:

{
  ruleType = "HttpC2DRejectedMessagesNotInAllowedRange"
}

For HttpD2CMessagesNotInAllowedRange, use:

{
  ruleType = "HttpD2CMessagesNotInAllowedRange"
}

For MqttC2DMessagesNotInAllowedRange, use:

{
  ruleType = "MqttC2DMessagesNotInAllowedRange"
}

For MqttC2DRejectedMessagesNotInAllowedRange, use:

{
  ruleType = "MqttC2DRejectedMessagesNotInAllowedRange"
}

For MqttD2CMessagesNotInAllowedRange, use:

{
  ruleType = "MqttD2CMessagesNotInAllowedRange"
}

For QueuePurgesNotInAllowedRange, use:

{
  ruleType = "QueuePurgesNotInAllowedRange"
}

For TwinUpdatesNotInAllowedRange, use:

{
  ruleType = "TwinUpdatesNotInAllowedRange"
}

For UnauthorizedOperationsNotInAllowedRange, use:

{
  ruleType = "UnauthorizedOperationsNotInAllowedRange"
}

ThresholdCustomAlertRule objects

Set the ruleType property to specify the type of object.

For ActiveConnectionsNotInAllowedRange, use:

{
  ruleType = "ActiveConnectionsNotInAllowedRange"
  timeWindowSize = "string"
}

For AmqpC2DMessagesNotInAllowedRange, use:

{
  ruleType = "AmqpC2DMessagesNotInAllowedRange"
  timeWindowSize = "string"
}

For AmqpC2DRejectedMessagesNotInAllowedRange, use:

{
  ruleType = "AmqpC2DRejectedMessagesNotInAllowedRange"
  timeWindowSize = "string"
}

For AmqpD2CMessagesNotInAllowedRange, use:

{
  ruleType = "AmqpD2CMessagesNotInAllowedRange"
  timeWindowSize = "string"
}

For DirectMethodInvokesNotInAllowedRange, use:

{
  ruleType = "DirectMethodInvokesNotInAllowedRange"
  timeWindowSize = "string"
}

For FailedLocalLoginsNotInAllowedRange, use:

{
  ruleType = "FailedLocalLoginsNotInAllowedRange"
  timeWindowSize = "string"
}

For FileUploadsNotInAllowedRange, use:

{
  ruleType = "FileUploadsNotInAllowedRange"
  timeWindowSize = "string"
}

For HttpC2DMessagesNotInAllowedRange, use:

{
  ruleType = "HttpC2DMessagesNotInAllowedRange"
  timeWindowSize = "string"
}

For HttpC2DRejectedMessagesNotInAllowedRange, use:

{
  ruleType = "HttpC2DRejectedMessagesNotInAllowedRange"
  timeWindowSize = "string"
}

For HttpD2CMessagesNotInAllowedRange, use:

{
  ruleType = "HttpD2CMessagesNotInAllowedRange"
  timeWindowSize = "string"
}

For MqttC2DMessagesNotInAllowedRange, use:

{
  ruleType = "MqttC2DMessagesNotInAllowedRange"
  timeWindowSize = "string"
}

For MqttC2DRejectedMessagesNotInAllowedRange, use:

{
  ruleType = "MqttC2DRejectedMessagesNotInAllowedRange"
  timeWindowSize = "string"
}

For MqttD2CMessagesNotInAllowedRange, use:

{
  ruleType = "MqttD2CMessagesNotInAllowedRange"
  timeWindowSize = "string"
}

For QueuePurgesNotInAllowedRange, use:

{
  ruleType = "QueuePurgesNotInAllowedRange"
  timeWindowSize = "string"
}

For TwinUpdatesNotInAllowedRange, use:

{
  ruleType = "TwinUpdatesNotInAllowedRange"
  timeWindowSize = "string"
}

For UnauthorizedOperationsNotInAllowedRange, use:

{
  ruleType = "UnauthorizedOperationsNotInAllowedRange"
  timeWindowSize = "string"
}

Property values

ActiveConnectionsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'ActiveConnectionsNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

ActiveConnectionsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'ActiveConnectionsNotInAllowedRange' (required)

AllowlistCustomAlertRule

Name Description Value
allowlistValues The values to allow. The format of the values depends on the rule type. string[] (required)
isEnabled Status of the custom alert. bool (required)
ruleType Set to 'ConnectionFromIpNotAllowed' for type ConnectionFromIpNotAllowed. Set to 'ConnectionToIpNotAllowed' for type ConnectionToIpNotAllowed. Set to 'LocalUserNotAllowed' for type LocalUserNotAllowed. Set to 'ProcessNotAllowed' for type ProcessNotAllowed. 'ConnectionFromIpNotAllowed'
'ConnectionToIpNotAllowed'
'LocalUserNotAllowed'
'ProcessNotAllowed' (required)

AmqpC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'AmqpC2DMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

AmqpC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'AmqpC2DMessagesNotInAllowedRange' (required)

AmqpC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'AmqpC2DRejectedMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

AmqpC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'AmqpC2DRejectedMessagesNotInAllowedRange' (required)

AmqpD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'AmqpD2CMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

AmqpD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'AmqpD2CMessagesNotInAllowedRange' (required)

ConnectionFromIpNotAllowed

Name Description Value
ruleType The type of the custom alert rule. 'ConnectionFromIpNotAllowed' (required)

ConnectionToIpNotAllowed

Name Description Value
ruleType The type of the custom alert rule. 'ConnectionToIpNotAllowed' (required)

DenylistCustomAlertRule

Name Description Value
denylistValues The values to deny. The format of the values depends on the rule type. string[] (required)
isEnabled Status of the custom alert. bool (required)
ruleType The type of the custom alert rule. string (required)

DeviceSecurityGroupProperties

Name Description Value
allowlistRules The allow-list custom alert rules. AllowlistCustomAlertRule[]
denylistRules The deny-list custom alert rules. DenylistCustomAlertRule[]
thresholdRules The list of custom alert threshold rules. ThresholdCustomAlertRule[]
timeWindowRules The list of custom alert time-window rules. TimeWindowCustomAlertRule[]

DirectMethodInvokesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'DirectMethodInvokesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

DirectMethodInvokesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'DirectMethodInvokesNotInAllowedRange' (required)

FailedLocalLoginsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'FailedLocalLoginsNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

FailedLocalLoginsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'FailedLocalLoginsNotInAllowedRange' (required)

FileUploadsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'FileUploadsNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

FileUploadsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'FileUploadsNotInAllowedRange' (required)

HttpC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'HttpC2DMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

HttpC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'HttpC2DMessagesNotInAllowedRange' (required)

HttpC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'HttpC2DRejectedMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

HttpC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'HttpC2DRejectedMessagesNotInAllowedRange' (required)

HttpD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'HttpD2CMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

HttpD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'HttpD2CMessagesNotInAllowedRange' (required)

LocalUserNotAllowed

Name Description Value
ruleType The type of the custom alert rule. 'LocalUserNotAllowed' (required)

Microsoft.Security/deviceSecurityGroups

Name Description Value
name The resource name string (required)
parent_id The ID of the resource to apply this extension resource to. string (required)
properties Device Security group data DeviceSecurityGroupProperties
type The resource type "Microsoft.Security/deviceSecurityGroups@2019-08-01"

MqttC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'MqttC2DMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

MqttC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'MqttC2DMessagesNotInAllowedRange' (required)

MqttC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'MqttC2DRejectedMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

MqttC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'MqttC2DRejectedMessagesNotInAllowedRange' (required)

MqttD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'MqttD2CMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

MqttD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'MqttD2CMessagesNotInAllowedRange' (required)

ProcessNotAllowed

Name Description Value
ruleType The type of the custom alert rule. 'ProcessNotAllowed' (required)

QueuePurgesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'QueuePurgesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

QueuePurgesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'QueuePurgesNotInAllowedRange' (required)

ThresholdCustomAlertRule

Name Description Value
isEnabled Status of the custom alert. bool (required)
maxThreshold The maximum threshold. int (required)
minThreshold The minimum threshold. int (required)
ruleType Set to 'ActiveConnectionsNotInAllowedRange' for type ActiveConnectionsNotInAllowedRange. Set to 'AmqpC2DMessagesNotInAllowedRange' for type AmqpC2DMessagesNotInAllowedRange. Set to 'AmqpC2DRejectedMessagesNotInAllowedRange' for type AmqpC2DRejectedMessagesNotInAllowedRange. Set to 'AmqpD2CMessagesNotInAllowedRange' for type AmqpD2CMessagesNotInAllowedRange. Set to 'DirectMethodInvokesNotInAllowedRange' for type DirectMethodInvokesNotInAllowedRange. Set to 'FailedLocalLoginsNotInAllowedRange' for type FailedLocalLoginsNotInAllowedRange. Set to 'FileUploadsNotInAllowedRange' for type FileUploadsNotInAllowedRange. Set to 'HttpC2DMessagesNotInAllowedRange' for type HttpC2DMessagesNotInAllowedRange. Set to 'HttpC2DRejectedMessagesNotInAllowedRange' for type HttpC2DRejectedMessagesNotInAllowedRange. Set to 'HttpD2CMessagesNotInAllowedRange' for type HttpD2CMessagesNotInAllowedRange. Set to 'MqttC2DMessagesNotInAllowedRange' for type MqttC2DMessagesNotInAllowedRange. Set to 'MqttC2DRejectedMessagesNotInAllowedRange' for type MqttC2DRejectedMessagesNotInAllowedRange. Set to 'MqttD2CMessagesNotInAllowedRange' for type MqttD2CMessagesNotInAllowedRange. Set to 'QueuePurgesNotInAllowedRange' for type QueuePurgesNotInAllowedRange. Set to 'TwinUpdatesNotInAllowedRange' for type TwinUpdatesNotInAllowedRange. Set to 'UnauthorizedOperationsNotInAllowedRange' for type UnauthorizedOperationsNotInAllowedRange. 'ActiveConnectionsNotInAllowedRange'
'AmqpC2DMessagesNotInAllowedRange'
'AmqpC2DRejectedMessagesNotInAllowedRange'
'AmqpD2CMessagesNotInAllowedRange'
'DirectMethodInvokesNotInAllowedRange'
'FailedLocalLoginsNotInAllowedRange'
'FileUploadsNotInAllowedRange'
'HttpC2DMessagesNotInAllowedRange'
'HttpC2DRejectedMessagesNotInAllowedRange'
'HttpD2CMessagesNotInAllowedRange'
'MqttC2DMessagesNotInAllowedRange'
'MqttC2DRejectedMessagesNotInAllowedRange'
'MqttD2CMessagesNotInAllowedRange'
'QueuePurgesNotInAllowedRange'
'TwinUpdatesNotInAllowedRange'
'UnauthorizedOperationsNotInAllowedRange' (required)

TimeWindowCustomAlertRule

Name Description Value
isEnabled Status of the custom alert. bool (required)
maxThreshold The maximum threshold. int (required)
minThreshold The minimum threshold. int (required)
ruleType Set to 'ActiveConnectionsNotInAllowedRange' for type ActiveConnectionsNotInAllowedRange. Set to 'AmqpC2DMessagesNotInAllowedRange' for type AmqpC2DMessagesNotInAllowedRange. Set to 'AmqpC2DRejectedMessagesNotInAllowedRange' for type AmqpC2DRejectedMessagesNotInAllowedRange. Set to 'AmqpD2CMessagesNotInAllowedRange' for type AmqpD2CMessagesNotInAllowedRange. Set to 'DirectMethodInvokesNotInAllowedRange' for type DirectMethodInvokesNotInAllowedRange. Set to 'FailedLocalLoginsNotInAllowedRange' for type FailedLocalLoginsNotInAllowedRange. Set to 'FileUploadsNotInAllowedRange' for type FileUploadsNotInAllowedRange. Set to 'HttpC2DMessagesNotInAllowedRange' for type HttpC2DMessagesNotInAllowedRange. Set to 'HttpC2DRejectedMessagesNotInAllowedRange' for type HttpC2DRejectedMessagesNotInAllowedRange. Set to 'HttpD2CMessagesNotInAllowedRange' for type HttpD2CMessagesNotInAllowedRange. Set to 'MqttC2DMessagesNotInAllowedRange' for type MqttC2DMessagesNotInAllowedRange. Set to 'MqttC2DRejectedMessagesNotInAllowedRange' for type MqttC2DRejectedMessagesNotInAllowedRange. Set to 'MqttD2CMessagesNotInAllowedRange' for type MqttD2CMessagesNotInAllowedRange. Set to 'QueuePurgesNotInAllowedRange' for type QueuePurgesNotInAllowedRange. Set to 'TwinUpdatesNotInAllowedRange' for type TwinUpdatesNotInAllowedRange. Set to 'UnauthorizedOperationsNotInAllowedRange' for type UnauthorizedOperationsNotInAllowedRange. 'ActiveConnectionsNotInAllowedRange'
'AmqpC2DMessagesNotInAllowedRange'
'AmqpC2DRejectedMessagesNotInAllowedRange'
'AmqpD2CMessagesNotInAllowedRange'
'DirectMethodInvokesNotInAllowedRange'
'FailedLocalLoginsNotInAllowedRange'
'FileUploadsNotInAllowedRange'
'HttpC2DMessagesNotInAllowedRange'
'HttpC2DRejectedMessagesNotInAllowedRange'
'HttpD2CMessagesNotInAllowedRange'
'MqttC2DMessagesNotInAllowedRange'
'MqttC2DRejectedMessagesNotInAllowedRange'
'MqttD2CMessagesNotInAllowedRange'
'QueuePurgesNotInAllowedRange'
'TwinUpdatesNotInAllowedRange'
'UnauthorizedOperationsNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

TwinUpdatesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'TwinUpdatesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

TwinUpdatesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'TwinUpdatesNotInAllowedRange' (required)

UnauthorizedOperationsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'UnauthorizedOperationsNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

UnauthorizedOperationsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'UnauthorizedOperationsNotInAllowedRange' (required)