Share via

Iot Security Solution - List By Resource Group

  • Reference
Service:
Defender for Cloud
API Version:
2019-08-01

Use this method to get the list IoT Security solutions organized by resource group.

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions?api-version=2019-08-01
With optional parameters: 
GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions?api-version=2019-08-01&$filter={$filter}

URI Parameters

Name In Required Type Description
resourceGroupName
 path True

string

The name of the resource group within the user's subscription. The name is case insensitive.

Regex pattern: ^[-\w\._\(\)]+$
subscriptionId
 path True

string

Azure subscription ID

Regex pattern: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$
api-version
 query True

string

API version for the operation
$filter
 query

string

Filter the IoT Security solution with OData syntax. Supports filtering by iotHubs.

Responses

Name Type Description
200 OK

IoTSecuritySolutionsList

OK
Other Status Codes

CloudError

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

List IoT Security solutions by resource group
List IoT Security solutions by resource group and IoT Hub

List IoT Security solutions by resource group

Sample request

GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/iotSecuritySolutions?api-version=2019-08-01

Sample response

Status code:
200 
{
  "value": [
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default",
      "name": "default",
      "location": "East Us",
      "type": "Microsoft.Security/IoTSecuritySolutions",
      "tags": {},
      "properties": {
        "workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1",
        "status": "Enabled",
        "export": [],
        "disabledDataSources": [],
        "displayName": "Solution Default",
        "iotHubs": [
          "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"
        ],
        "userDefinedResources": {
          "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"",
          "querySubscriptions": [
            "075423e9-7d33-4166-8bdf-3920b04e3735"
          ]
        },
        "autoDiscoveredResources": [
          "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735",
          "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"
        ],
        "recommendationsConfiguration": [
          {
            "recommendationType": "IoT_ACRAuthentication",
            "name": "Service Principal Not Used with ACR",
            "status": "Enabled"
          },
          {
            "recommendationType": "IoT_AgentSendsUnutilizedMessages",
            "name": "Agent sending underutilized messages",
            "status": "TurnedOn"
          },
          {
            "recommendationType": "IoT_Baseline",
            "name": "Operating system (OS) baseline validation failure",
            "status": "Enabled"
          },
          {
            "recommendationType": "IoT_EdgeHubMemOptimize",
            "name": "Edge Hub memory can be optimized",
            "status": "Enabled"
          },
          {
            "recommendationType": "IoT_EdgeLoggingOptions",
            "name": "No Logging Configured for Edge Module",
            "status": "Enabled"
          },
          {
            "recommendationType": "IoT_InconsistentModuleSettings",
            "name": "Module Settings Inconsistent in SecurityGroup",
            "status": "Enabled"
          },
          {
            "recommendationType": "IoT_InstallAgent",
            "name": "Install the Azure Security of Things Agent",
            "status": "Enabled"
          },
          {
            "recommendationType": "IoT_IPFilter_DenyAll",
            "name": "Default IP Filter Policy should be Deny",
            "status": "Enabled"
          },
          {
            "recommendationType": "IoT_IPFilter_PermissiveRule",
            "name": "IP Filter rule includes large IP range",
            "status": "Enabled"
          },
          {
            "recommendationType": "IoT_OpenPorts",
            "name": "Open Ports On Device",
            "status": "Disabled"
          },
          {
            "recommendationType": "IoT_PermissiveFirewallPolicy",
            "name": "Permissive firewall policy in one of the chains was found",
            "status": "Enabled"
          },
          {
            "recommendationType": "IoT_PermissiveInputFirewallRules",
            "name": "Permissive firewall rule in the input chain was found",
            "status": "Enabled"
          },
          {
            "recommendationType": "IoT_PermissiveOutputFirewallRules",
            "name": "Permissive firewall rule in the output chain was found",
            "status": "Enabled"
          },
          {
            "recommendationType": "IoT_PrivilegedDockerOptions",
            "name": "High level permissions configured in Edge model twin for Edge module",
            "status": "Enabled"
          },
          {
            "recommendationType": "IoT_SharedCredentials",
            "name": "Same Authentication Credentials used by multiple devices",
            "status": "Disabled"
          },
          {
            "recommendationType": "IoT_VulnerableTLSCipherSuite",
            "name": "TLS cipher suite upgrade",
            "status": "Enabled"
          }
        ],
        "unmaskedIpLoggingStatus": "Enabled"
      },
      "systemData": {
        "createdBy": "string",
        "createdByType": "User",
        "createdAt": "2020-04-27T21:53:29.0928001Z",
        "lastModifiedBy": "string",
        "lastModifiedByType": "User",
        "lastModifiedAt": "2020-04-27T21:53:29.0928001Z"
      }
    }
  ]
}

List IoT Security solutions by resource group and IoT Hub

Sample request

GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyRg/providers/Microsoft.Security/iotSecuritySolutions?api-version=2019-08-01&$filter=properties.iotHubs/any(i eq "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub")

Sample response

Status code:
200 
{
  "value": [
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyRg/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default",
      "name": "default",
      "type": "Microsoft.Security/IoTSecuritySolutions",
      "location": "East Us",
      "tags": {},
      "properties": {
        "workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1",
        "status": "Enabled",
        "export": [
          "RawEvents"
        ],
        "disabledDataSources": [],
        "displayName": "Solution Default",
        "iotHubs": [
          "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"
        ],
        "userDefinedResources": {
          "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"",
          "querySubscriptions": [
            "075423e9-7d33-4166-8bdf-3920b04e3735"
          ]
        },
        "autoDiscoveredResources": [
          "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735",
          "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"
        ],
        "recommendationsConfiguration": [
          {
            "recommendationType": "IoT_ACRAuthentication",
            "name": "Service Principal Not Used with ACR",
            "status": "Enabled"
          },
          {
            "recommendationType": "IoT_AgentSendsUnutilizedMessages",
            "name": "Agent sending underutilized messages",
            "status": "TurnedOn"
          },
          {
            "recommendationType": "IoT_Baseline",
            "name": "Operating system (OS) baseline validation failure",
            "status": "Enabled"
          },
          {
            "recommendationType": "IoT_EdgeHubMemOptimize",
            "name": "Edge Hub memory can be optimized",
            "status": "Enabled"
          },
          {
            "recommendationType": "IoT_EdgeLoggingOptions",
            "name": "No Logging Configured for Edge Module",
            "status": "Enabled"
          },
          {
            "recommendationType": "IoT_InconsistentModuleSettings",
            "name": "Module Settings Inconsistent in SecurityGroup",
            "status": "Enabled"
          },
          {
            "recommendationType": "IoT_InstallAgent",
            "name": "Install the Azure Security of Things Agent",
            "status": "Enabled"
          },
          {
            "recommendationType": "IoT_IPFilter_DenyAll",
            "name": "Default IP Filter Policy should be Deny",
            "status": "Enabled"
          },
          {
            "recommendationType": "IoT_IPFilter_PermissiveRule",
            "name": "IP Filter rule includes large IP range",
            "status": "Enabled"
          },
          {
            "recommendationType": "IoT_OpenPorts",
            "name": "Open Ports On Device",
            "status": "Disabled"
          },
          {
            "recommendationType": "IoT_PermissiveFirewallPolicy",
            "name": "Permissive firewall policy in one of the chains was found",
            "status": "Enabled"
          },
          {
            "recommendationType": "IoT_PermissiveInputFirewallRules",
            "name": "Permissive firewall rule in the input chain was found",
            "status": "Enabled"
          },
          {
            "recommendationType": "IoT_PermissiveOutputFirewallRules",
            "name": "Permissive firewall rule in the output chain was found",
            "status": "Enabled"
          },
          {
            "recommendationType": "IoT_PrivilegedDockerOptions",
            "name": "High level permissions configured in Edge model twin for Edge module",
            "status": "Enabled"
          },
          {
            "recommendationType": "IoT_SharedCredentials",
            "name": "Same Authentication Credentials used by multiple devices",
            "status": "Disabled"
          },
          {
            "recommendationType": "IoT_VulnerableTLSCipherSuite",
            "name": "TLS cipher suite upgrade",
            "status": "Enabled"
          }
        ],
        "unmaskedIpLoggingStatus": "Enabled"
      },
      "systemData": {
        "createdBy": "string",
        "createdByType": "User",
        "createdAt": "2020-04-27T21:53:29.0928001Z",
        "lastModifiedBy": "string",
        "lastModifiedByType": "User",
        "lastModifiedAt": "2020-04-27T21:53:29.0928001Z"
      }
    }
  ]
}

Definitions

Name Description
AdditionalWorkspaceDataType

List of data types sent to workspace
AdditionalWorkspacesProperties

Properties of the additional workspaces.
AdditionalWorkspaceType

Workspace type.
CloudError

Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).
CloudErrorBody

The error detail.
createdByType

The type of identity that created the resource.
DataSource

Disabled data sources. Disabling these data sources compromises the system.
ErrorAdditionalInfo

The resource management error additional info.
ExportData

List of additional options for exporting to workspace data.
IoTSecuritySolutionModel

IoT Security solution configuration and resource information.
IoTSecuritySolutionsList

List of IoT Security solutions.
RecommendationConfigStatus

Recommendation status. When the recommendation status is disabled recommendations are not generated.
RecommendationConfigurationProperties

The type of IoT Security recommendation.
RecommendationType

The type of IoT Security recommendation.
SecuritySolutionStatus

Status of the IoT Security solution.
systemData

Metadata pertaining to creation and last modification of the resource.
UnmaskedIpLoggingStatus

Unmasked IP address logging status
UserDefinedResourcesProperties

Properties of the IoT Security solution's user defined resources.

AdditionalWorkspaceDataType

List of data types sent to workspace

Name Type Description
Alerts

string

RawEvents

string

AdditionalWorkspacesProperties

Properties of the additional workspaces.

Name Type Default value Description
dataTypes

AdditionalWorkspaceDataType[]

List of data types sent to workspace
type

AdditionalWorkspaceType

Sentinel

Workspace type.
workspace

string

Workspace resource id

AdditionalWorkspaceType

Workspace type.

Name Type Description
Sentinel

string

CloudError

Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).

Name Type Description
error.additionalInfo

ErrorAdditionalInfo[]

The error additional info.
error.code

string

The error code.
error.details

CloudErrorBody[]

The error details.
error.message

string

The error message.
error.target

string

The error target.

CloudErrorBody

The error detail.

Name Type Description
additionalInfo

ErrorAdditionalInfo[]

The error additional info.
code

string

The error code.
details

CloudErrorBody[]

The error details.
message

string

The error message.
target

string

The error target.

createdByType

The type of identity that created the resource.

Name Type Description
Application

string

Key

string

ManagedIdentity

string

User

string

DataSource

Disabled data sources. Disabling these data sources compromises the system.

Name Type Description
TwinData

string

Devices twin data

ErrorAdditionalInfo

The resource management error additional info.

Name Type Description
info

object

The additional info.
type

string

The additional info type.

ExportData

List of additional options for exporting to workspace data.

Name Type Description
RawEvents

string

Agent raw events

IoTSecuritySolutionModel

IoT Security solution configuration and resource information.

Name Type Default value Description
id

string

Resource Id
location

string

The resource location.
name

string

Resource name
properties.additionalWorkspaces

AdditionalWorkspacesProperties[]

List of additional workspaces
properties.autoDiscoveredResources

string[]

List of resources that were automatically discovered as relevant to the security solution.
properties.disabledDataSources

DataSource[]

Disabled data sources. Disabling these data sources compromises the system.
properties.displayName

string

Resource display name.
properties.export

ExportData[]

List of additional options for exporting to workspace data.
properties.iotHubs

string[]

IoT Hub resource IDs
properties.recommendationsConfiguration

RecommendationConfigurationProperties[]

List of the configuration status for each recommendation type.
properties.status

SecuritySolutionStatus

Enabled

Status of the IoT Security solution.
properties.unmaskedIpLoggingStatus

UnmaskedIpLoggingStatus

Disabled

Unmasked IP address logging status
properties.userDefinedResources

UserDefinedResourcesProperties

Properties of the IoT Security solution's user defined resources.
properties.workspace

string

Workspace resource ID
systemData

systemData

Azure Resource Manager metadata containing createdBy and modifiedBy information.
tags

object

Resource tags
type

string

Resource type

IoTSecuritySolutionsList

List of IoT Security solutions.

Name Type Description
nextLink

string

The URI to fetch the next page.
value

IoTSecuritySolutionModel[]

List of IoT Security solutions

RecommendationConfigStatus

Recommendation status. When the recommendation status is disabled recommendations are not generated.

Name Type Description
Disabled

string

Enabled

string

RecommendationConfigurationProperties

The type of IoT Security recommendation.

Name Type Default value Description
name

string

recommendationType

RecommendationType

The type of IoT Security recommendation.
status

RecommendationConfigStatus

Enabled

Recommendation status. When the recommendation status is disabled recommendations are not generated.

RecommendationType

The type of IoT Security recommendation.

Name Type Description
IoT_ACRAuthentication

string

Authentication schema used for pull an edge module from an ACR repository does not use Service Principal Authentication.
IoT_AgentSendsUnutilizedMessages

string

IoT agent message size capacity is currently underutilized, causing an increase in the number of sent messages. Adjust message intervals for better utilization.
IoT_Baseline

string

Identified security related system configuration issues.
IoT_EdgeHubMemOptimize

string

You can optimize Edge Hub memory usage by turning off protocol heads for any protocols not used by Edge modules in your solution.
IoT_EdgeLoggingOptions

string

Logging is disabled for this edge module.
IoT_IPFilter_DenyAll

string

IP Filter Configuration should have rules defined for allowed traffic and should deny all other traffic by default.
IoT_IPFilter_PermissiveRule

string

An Allow IP Filter rules source IP range is too large. Overly permissive rules might expose your IoT hub to malicious intenders.
IoT_InconsistentModuleSettings

string

A minority within a device security group has inconsistent Edge Module settings with the rest of their group.
IoT_InstallAgent

string

Install the Azure Security of Things Agent.
IoT_OpenPorts

string

A listening endpoint was found on the device.
IoT_PermissiveFirewallPolicy

string

An Allowed firewall policy was found (INPUT/OUTPUT). The policy should Deny all traffic by default and define rules to allow necessary communication to/from the device.
IoT_PermissiveInputFirewallRules

string

A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or Ports.
IoT_PermissiveOutputFirewallRules

string

A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or Ports.
IoT_PrivilegedDockerOptions

string

Edge module is configured to run in privileged mode, with extensive Linux capabilities or with host-level network access (send/receive data to host machine).
IoT_SharedCredentials

string

Same authentication credentials to the IoT Hub used by multiple devices. This could indicate an illegitimate device impersonating a legitimate device. It also exposes the risk of device impersonation by an attacker.
IoT_VulnerableTLSCipherSuite

string

Insecure TLS configurations detected. Immediate upgrade recommended.

SecuritySolutionStatus

Status of the IoT Security solution.

Name Type Description
Disabled

string

Enabled

string

systemData

Metadata pertaining to creation and last modification of the resource.

Name Type Description
createdAt

string

The timestamp of resource creation (UTC).
createdBy

string

The identity that created the resource.
createdByType

createdByType

The type of identity that created the resource.
lastModifiedAt

string

The timestamp of resource last modification (UTC)
lastModifiedBy

string

The identity that last modified the resource.
lastModifiedByType

createdByType

The type of identity that last modified the resource.

UnmaskedIpLoggingStatus

Unmasked IP address logging status

Name Type Description
Disabled

string

Unmasked IP logging is disabled
Enabled

string

Unmasked IP logging is enabled

UserDefinedResourcesProperties

Properties of the IoT Security solution's user defined resources.

Name Type Description
query

string

Azure Resource Graph query which represents the security solution's user defined resources. Required to start with "where type != "Microsoft.Devices/IotHubs""
querySubscriptions

string[]

List of Azure subscription ids on which the user defined resources query should be executed.