Iot Security Solution Analytics - Get

Service:

Defender for Cloud

API Version:

2019-08-01

Use this method to get IoT Security Analytics metrics.

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default?api-version=2019-08-01

URI Parameters

Name	In	Required	Type	Description
resourceGroupName	path	True	string	The name of the resource group within the user's subscription. The name is case insensitive. Regex pattern: ^[-\w\._\(\)]+$
solutionName	path	True	string	The name of the IoT Security solution.
subscriptionId	path	True	string	Azure subscription ID Regex pattern: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$
api-version	query	True	string	API version for the operation

Responses

Name	Type	Description
200 OK	IoTSecuritySolutionAnalyticsModel	OK
Other Status Codes	CloudError	Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

Get Security Solution Analytics

Sample request

HTTP

GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/iotSecuritySolutions/default/analyticsModels/default?api-version=2019-08-01

Java

/**
 * Samples for IotSecuritySolutionAnalytics Get.
 */
public final class Main {
    /*
     * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/
     * IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics.json
     */
    /**
     * Sample code: Get Security Solution Analytics.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void getSecuritySolutionAnalytics(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.iotSecuritySolutionAnalytics().getWithResponse("MyGroup", "default", com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics.json
func ExampleIotSecuritySolutionAnalyticsClient_Get() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewIotSecuritySolutionAnalyticsClient().Get(ctx, "MyGroup", "default", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.IoTSecuritySolutionAnalyticsModel = armsecurity.IoTSecuritySolutionAnalyticsModel{
	// 	Name: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default"),
	// 	Type: to.Ptr("Microsoft.Security/iotSecuritySolutions/analyticsModels"),
	// 	ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default"),
	// 	Properties: &armsecurity.IoTSecuritySolutionAnalyticsModelProperties{
	// 		DevicesMetrics: []*armsecurity.IoTSecuritySolutionAnalyticsModelPropertiesDevicesMetricsItem{
	// 			{
	// 				Date: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-02-01T00:00:00.000Z"); return t}()),
	// 				DevicesMetrics: &armsecurity.IoTSeverityMetrics{
	// 					High: to.Ptr[int64](3),
	// 					Low: to.Ptr[int64](70),
	// 					Medium: to.Ptr[int64](15),
	// 				},
	// 			},
	// 			{
	// 				Date: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-02-02T00:00:00.000Z"); return t}()),
	// 				DevicesMetrics: &armsecurity.IoTSeverityMetrics{
	// 					High: to.Ptr[int64](3),
	// 					Low: to.Ptr[int64](65),
	// 					Medium: to.Ptr[int64](45),
	// 				},
	// 		}},
	// 		Metrics: &armsecurity.IoTSeverityMetrics{
	// 			High: to.Ptr[int64](5),
	// 			Low: to.Ptr[int64](102),
	// 			Medium: to.Ptr[int64](200),
	// 		},
	// 		MostPrevalentDeviceAlerts: []*armsecurity.IoTSecurityDeviceAlert{
	// 			{
	// 				AlertDisplayName: to.Ptr("Custom Alert - number of device to cloud messages in AMQP protocol is not in the allowed range"),
	// 				AlertsCount: to.Ptr[int64](200),
	// 				ReportedSeverity: to.Ptr(armsecurity.ReportedSeverityLow),
	// 			},
	// 			{
	// 				AlertDisplayName: to.Ptr("Custom Alert - execution of a process that is not allowed"),
	// 				AlertsCount: to.Ptr[int64](170),
	// 				ReportedSeverity: to.Ptr(armsecurity.ReportedSeverityMedium),
	// 			},
	// 			{
	// 				AlertDisplayName: to.Ptr("Successful Bruteforce"),
	// 				AlertsCount: to.Ptr[int64](150),
	// 				ReportedSeverity: to.Ptr(armsecurity.ReportedSeverityLow),
	// 		}},
	// 		MostPrevalentDeviceRecommendations: []*armsecurity.IoTSecurityDeviceRecommendation{
	// 			{
	// 				DevicesCount: to.Ptr[int64](200),
	// 				RecommendationDisplayName: to.Ptr("Install the Azure Security of Things Agent"),
	// 				ReportedSeverity: to.Ptr(armsecurity.ReportedSeverityLow),
	// 			},
	// 			{
	// 				DevicesCount: to.Ptr[int64](170),
	// 				RecommendationDisplayName: to.Ptr("High level permissions configured in Edge model twin for Edge module"),
	// 				ReportedSeverity: to.Ptr(armsecurity.ReportedSeverityLow),
	// 			},
	// 			{
	// 				DevicesCount: to.Ptr[int64](150),
	// 				RecommendationDisplayName: to.Ptr("Same Authentication Credentials used by multiple devices"),
	// 				ReportedSeverity: to.Ptr(armsecurity.ReportedSeverityMedium),
	// 		}},
	// 		TopAlertedDevices: []*armsecurity.IoTSecurityAlertedDevice{
	// 			{
	// 				AlertsCount: to.Ptr[int64](200),
	// 				DeviceID: to.Ptr("id1"),
	// 			},
	// 			{
	// 				AlertsCount: to.Ptr[int64](170),
	// 				DeviceID: to.Ptr("id2"),
	// 			},
	// 			{
	// 				AlertsCount: to.Ptr[int64](150),
	// 				DeviceID: to.Ptr("id3"),
	// 		}},
	// 		UnhealthyDeviceCount: to.Ptr[int64](1200),
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Use this method to get IoT Security Analytics metrics.
 *
 * @summary Use this method to get IoT Security Analytics metrics.
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics.json
 */
async function getSecuritySolutionAnalytics() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const resourceGroupName = process.env["SECURITY_RESOURCE_GROUP"] || "MyGroup";
  const solutionName = "default";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const result = await client.iotSecuritySolutionAnalytics.get(resourceGroupName, solutionName);
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics.json
// this example is just showing the usage of "IotSecuritySolutionAnalytics_Get" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this IotSecuritySolutionAnalyticsModelResource created on azure
// for more information of creating IotSecuritySolutionAnalyticsModelResource, please refer to the document of IotSecuritySolutionAnalyticsModelResource
string subscriptionId = "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
string resourceGroupName = "MyGroup";
string solutionName = "default";
ResourceIdentifier iotSecuritySolutionAnalyticsModelResourceId = IotSecuritySolutionAnalyticsModelResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, solutionName);
IotSecuritySolutionAnalyticsModelResource iotSecuritySolutionAnalyticsModel = client.GetIotSecuritySolutionAnalyticsModelResource(iotSecuritySolutionAnalyticsModelResourceId);

// invoke the operation
IotSecuritySolutionAnalyticsModelResource result = await iotSecuritySolutionAnalyticsModel.GetAsync();

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
IotSecuritySolutionAnalyticsModelData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:

200

{
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default",
  "name": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default",
  "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels",
  "properties": {
    "metrics": {
      "high": 5,
      "medium": 200,
      "low": 102
    },
    "unhealthyDeviceCount": 1200,
    "devicesMetrics": [
      {
        "date": "2019-02-01T00:00:00Z",
        "devicesMetrics": {
          "high": 3,
          "medium": 15,
          "low": 70
        }
      },
      {
        "date": "2019-02-02T00:00:00Z",
        "devicesMetrics": {
          "high": 3,
          "medium": 45,
          "low": 65
        }
      }
    ],
    "topAlertedDevices": [
      {
        "deviceId": "id1",
        "alertsCount": 200
      },
      {
        "deviceId": "id2",
        "alertsCount": 170
      },
      {
        "deviceId": "id3",
        "alertsCount": 150
      }
    ],
    "mostPrevalentDeviceAlerts": [
      {
        "alertDisplayName": "Custom Alert - number of device to cloud messages in AMQP protocol is not in the allowed range",
        "reportedSeverity": "Low",
        "alertsCount": 200
      },
      {
        "alertDisplayName": "Custom Alert - execution of a process that is not allowed",
        "reportedSeverity": "Medium",
        "alertsCount": 170
      },
      {
        "alertDisplayName": "Successful Bruteforce",
        "reportedSeverity": "Low",
        "alertsCount": 150
      }
    ],
    "mostPrevalentDeviceRecommendations": [
      {
        "recommendationDisplayName": "Install the Azure Security of Things Agent",
        "reportedSeverity": "Low",
        "devicesCount": 200
      },
      {
        "recommendationDisplayName": "High level permissions configured in Edge model twin for Edge module",
        "reportedSeverity": "Low",
        "devicesCount": 170
      },
      {
        "recommendationDisplayName": "Same Authentication Credentials used by multiple devices",
        "reportedSeverity": "Medium",
        "devicesCount": 150
      }
    ]
  }
}

Definitions

Name	Description
CloudError	Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).
CloudErrorBody	The error detail.
DevicesMetrics	List of device metrics by the aggregation date.
ErrorAdditionalInfo	The resource management error additional info.
IoTSecurityAlertedDevice	Statistical information about the number of alerts per device during last set number of days.
IoTSecurityDeviceAlert	Statistical information about the number of alerts per alert type during last set number of days
IoTSecurityDeviceRecommendation	Statistical information about the number of recommendations per device, per recommendation type.
IoTSecuritySolutionAnalyticsModel	Security analytics of your IoT Security solution
IoTSeverityMetrics	IoT Security solution analytics severity metrics.
reportedSeverity	Assessed Alert severity.

CloudError

Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).

Name	Type	Description
error.additionalInfo	ErrorAdditionalInfo[]	The error additional info.
error.code	string	The error code.
error.details	CloudErrorBody[]	The error details.
error.message	string	The error message.
error.target	string	The error target.

CloudErrorBody

The error detail.

Name	Type	Description
additionalInfo	ErrorAdditionalInfo[]	The error additional info.
code	string	The error code.
details	CloudErrorBody[]	The error details.
message	string	The error message.
target	string	The error target.

DevicesMetrics

List of device metrics by the aggregation date.

Name	Type	Description
date	string	Aggregation of IoT Security solution device alert metrics by date.
devicesMetrics	IoTSeverityMetrics	Device alert count by severity.

ErrorAdditionalInfo

The resource management error additional info.

Name	Type	Description
info	object	The additional info.
type	string	The additional info type.

IoTSecurityAlertedDevice

Statistical information about the number of alerts per device during last set number of days.

Name	Type	Description
alertsCount	integer	Number of alerts raised for this device.
deviceId	string	Device identifier.

IoTSecurityDeviceAlert

Statistical information about the number of alerts per alert type during last set number of days

Name	Type	Description
alertDisplayName	string	Display name of the alert
alertsCount	integer	Number of alerts raised for this alert type.
reportedSeverity	reportedSeverity	Assessed Alert severity.

IoTSecurityDeviceRecommendation

Statistical information about the number of recommendations per device, per recommendation type.

Name	Type	Description
devicesCount	integer	Number of devices with this recommendation.
recommendationDisplayName	string	Display name of the recommendation.
reportedSeverity	reportedSeverity	Assessed recommendation severity.

IoTSecuritySolutionAnalyticsModel

Security analytics of your IoT Security solution

Name	Type	Description
id	string	Resource Id
name	string	Resource name
properties.devicesMetrics	DevicesMetrics[]	List of device metrics by the aggregation date.
properties.metrics	IoTSeverityMetrics	Security analytics of your IoT Security solution.
properties.mostPrevalentDeviceAlerts	IoTSecurityDeviceAlert[]	List of the 3 most prevalent device alerts.
properties.mostPrevalentDeviceRecommendations	IoTSecurityDeviceRecommendation[]	List of the 3 most prevalent device recommendations.
properties.topAlertedDevices	IoTSecurityAlertedDevice[]	List of the 3 devices with the most alerts.
properties.unhealthyDeviceCount	integer	Number of unhealthy devices within your IoT Security solution.
type	string	Resource type

IoTSeverityMetrics

IoT Security solution analytics severity metrics.

Name	Type	Description
high	integer	Count of high severity alerts/recommendations.
low	integer	Count of low severity alerts/recommendations.
medium	integer	Count of medium severity alerts/recommendations.

reportedSeverity

Assessed Alert severity.

Name	Type	Description
High	string
Informational	string
Low	string
Medium	string