Device Security Groups - Create Or Update

Referência

Serviço:: Defender for Cloud

Versão da API:: 2019-08-01

Use esse método para criar ou atualizar o grupo de segurança do dispositivo em um recurso especificado do Hub IoT.

PUT https://management.azure.com/{resourceId}/providers/Microsoft.Security/deviceSecurityGroups/{deviceSecurityGroupName}?api-version=2019-08-01

Parâmetros de URI

Nome	Em	Obrigatório	Tipo	Description
deviceSecurityGroupName	path	True	string	O nome do grupo de segurança do dispositivo. Observe que o nome do grupo de segurança do dispositivo não diferencia maiúsculas de minúsculas.
resourceId	path	True	string	O identificador do recurso.
api-version	query	True	string	Versão da API para a operação

Corpo da solicitação

Nome	Tipo	Description
properties.allowlistRules	AllowlistCustomAlertRule[]	As regras de alerta personalizadas da lista de permissões.
properties.denylistRules	DenylistCustomAlertRule[]	As regras de alerta personalizadas da lista de negação.
properties.thresholdRules	ThresholdCustomAlertRule[]	A lista de regras de limite de alerta personalizadas.
properties.timeWindowRules	TimeWindowCustomAlertRule[]	A lista de regras personalizadas da janela de tempo de alerta.

Respostas

Nome	Tipo	Description
200 OK	DeviceSecurityGroup	O grupo de segurança foi atualizado.
201 Created	DeviceSecurityGroup	O grupo de segurança foi criado.
Other Status Codes	CloudError	Resposta de erro que descreve por que a operação falhou.

Segurança

azure_auth

Fluxo OAuth2 do Azure Active Directory

Tipo: oauth2
Flow: implicit
URL de Autorização: https://login.microsoftonline.com/common/oauth2/authorize

Escopos

Nome	Description
user_impersonation	representar sua conta de usuário

Exemplos

Create or update a device security group for the specified IoT hub resource

Solicitação de exemplo

PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Devices/iotHubs/sampleiothub/providers/Microsoft.Security/deviceSecurityGroups/samplesecuritygroup?api-version=2019-08-01

{
  "properties": {
    "timeWindowRules": [
      {
        "ruleType": "ActiveConnectionsNotInAllowedRange",
        "isEnabled": true,
        "minThreshold": 0,
        "maxThreshold": 30,
        "timeWindowSize": "PT05M"
      }
    ]
  }
}


import com.azure.resourcemanager.security.models.ActiveConnectionsNotInAllowedRange;
import java.time.Duration;
import java.util.Arrays;

/**
 * Samples for DeviceSecurityGroups CreateOrUpdate.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/DeviceSecurityGroups/
     * PutDeviceSecurityGroups_example.json
     */
    /**
     * Sample code: Create or update a device security group for the specified IoT hub resource.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void createOrUpdateADeviceSecurityGroupForTheSpecifiedIoTHubResource(
        com.azure.resourcemanager.security.SecurityManager manager) {
        manager.deviceSecurityGroups().define("samplesecuritygroup").withExistingResourceId(
            "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Devices/iotHubs/sampleiothub")
            .withTimeWindowRules(Arrays.asList(new ActiveConnectionsNotInAllowedRange().withIsEnabled(true)
                .withMinThreshold(0).withMaxThreshold(30).withTimeWindowSize(Duration.parse("PT05M"))))
            .create();
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/DeviceSecurityGroups/PutDeviceSecurityGroups_example.json
func ExampleDeviceSecurityGroupsClient_CreateOrUpdate() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewDeviceSecurityGroupsClient().CreateOrUpdate(ctx, "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Devices/iotHubs/sampleiothub", "samplesecuritygroup", armsecurity.DeviceSecurityGroup{
		Properties: &armsecurity.DeviceSecurityGroupProperties{
			TimeWindowRules: []armsecurity.TimeWindowCustomAlertRuleClassification{
				&armsecurity.ActiveConnectionsNotInAllowedRange{
					IsEnabled:      to.Ptr(true),
					RuleType:       to.Ptr("ActiveConnectionsNotInAllowedRange"),
					MaxThreshold:   to.Ptr[int32](30),
					MinThreshold:   to.Ptr[int32](0),
					TimeWindowSize: to.Ptr("PT05M"),
				}},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.DeviceSecurityGroup = armsecurity.DeviceSecurityGroup{
	// 	Name: to.Ptr("samplesecuritygroup"),
	// 	Type: to.Ptr("Microsoft.Security/deviceSecurityGroups"),
	// 	ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Devices/iotHubs/sampleiothub/providers/Microsoft.Security/deviceSecurityGroups/samplesecuritygroup"),
	// 	Properties: &armsecurity.DeviceSecurityGroupProperties{
	// 		AllowlistRules: []armsecurity.AllowlistCustomAlertRuleClassification{
	// 			&armsecurity.ConnectionToIPNotAllowed{
	// 				Description: to.Ptr("Get an alert when an outbound connection is created between your device and an ip that isn't allowed"),
	// 				DisplayName: to.Ptr("Outbound connection to an ip that isn't allowed"),
	// 				IsEnabled: to.Ptr(false),
	// 				RuleType: to.Ptr("ConnectionToIpNotAllowed"),
	// 				AllowlistValues: []*string{
	// 				},
	// 			},
	// 			&armsecurity.LocalUserNotAllowed{
	// 				Description: to.Ptr("Get an alert when a local user that isn't allowed logins to the device"),
	// 				DisplayName: to.Ptr("Login by a local user that isn't allowed"),
	// 				IsEnabled: to.Ptr(false),
	// 				RuleType: to.Ptr("LocalUserNotAllowed"),
	// 				AllowlistValues: []*string{
	// 				},
	// 			},
	// 			&armsecurity.ProcessNotAllowed{
	// 				Description: to.Ptr("Get an alert when a process that isn't allowed is executed"),
	// 				DisplayName: to.Ptr("Execution of a process that isn't allowed"),
	// 				IsEnabled: to.Ptr(false),
	// 				RuleType: to.Ptr("ProcessNotAllowed"),
	// 				AllowlistValues: []*string{
	// 				},
	// 		}},
	// 		DenylistRules: []*armsecurity.DenylistCustomAlertRule{
	// 		},
	// 		ThresholdRules: []armsecurity.ThresholdCustomAlertRuleClassification{
	// 		},
	// 		TimeWindowRules: []armsecurity.TimeWindowCustomAlertRuleClassification{
	// 			&armsecurity.ActiveConnectionsNotInAllowedRange{
	// 				Description: to.Ptr("Get an alert when the number of active connections of a device in the time window is not in the allowed range"),
	// 				DisplayName: to.Ptr("Number of active connections is not in allowed range"),
	// 				IsEnabled: to.Ptr(true),
	// 				RuleType: to.Ptr("ActiveConnectionsNotInAllowedRange"),
	// 				MaxThreshold: to.Ptr[int32](30),
	// 				MinThreshold: to.Ptr[int32](0),
	// 				TimeWindowSize: to.Ptr("PT05M"),
	// 			},
	// 			&armsecurity.AmqpC2DMessagesNotInAllowedRange{
	// 				Description: to.Ptr("Get an alert when the number of cloud to device messages (AMQP protocol) in the time window is not in the allowed range"),
	// 				DisplayName: to.Ptr("Number of cloud to device messages (AMQP protocol) is not in allowed range"),
	// 				IsEnabled: to.Ptr(false),
	// 				RuleType: to.Ptr("AmqpC2DMessagesNotInAllowedRange"),
	// 				MaxThreshold: to.Ptr[int32](0),
	// 				MinThreshold: to.Ptr[int32](0),
	// 				TimeWindowSize: to.Ptr("PT15M"),
	// 			},
	// 			&armsecurity.MqttC2DMessagesNotInAllowedRange{
	// 				Description: to.Ptr("Get an alert when the number of cloud to device messages (MQTT protocol) in the time window is not in the allowed range"),
	// 				DisplayName: to.Ptr("Number of cloud to device messages (MQTT protocol) is not in allowed range"),
	// 				IsEnabled: to.Ptr(false),
	// 				RuleType: to.Ptr("MqttC2DMessagesNotInAllowedRange"),
	// 				MaxThreshold: to.Ptr[int32](0),
	// 				MinThreshold: to.Ptr[int32](0),
	// 				TimeWindowSize: to.Ptr("PT15M"),
	// 			},
	// 			&armsecurity.HTTPC2DMessagesNotInAllowedRange{
	// 				Description: to.Ptr("Get an alert when the number of cloud to device messages (HTTP protocol) in the time window is not in the allowed range"),
	// 				DisplayName: to.Ptr("Number of cloud to device messages (HTTP protocol) is not in allowed range"),
	// 				IsEnabled: to.Ptr(false),
	// 				RuleType: to.Ptr("HttpC2DMessagesNotInAllowedRange"),
	// 				MaxThreshold: to.Ptr[int32](0),
	// 				MinThreshold: to.Ptr[int32](0),
	// 				TimeWindowSize: to.Ptr("PT15M"),
	// 			},
	// 			&armsecurity.AmqpC2DRejectedMessagesNotInAllowedRange{
	// 				Description: to.Ptr("Get an alert when the number of cloud to device messages (AMQP protocol) that were rejected by the device in the time window is not in the allowed range"),
	// 				DisplayName: to.Ptr("Number of rejected cloud to device messages (AMQP protocol) is not in allowed range"),
	// 				IsEnabled: to.Ptr(false),
	// 				RuleType: to.Ptr("AmqpC2DRejectedMessagesNotInAllowedRange"),
	// 				MaxThreshold: to.Ptr[int32](0),
	// 				MinThreshold: to.Ptr[int32](0),
	// 				TimeWindowSize: to.Ptr("PT15M"),
	// 			},
	// 			&armsecurity.MqttC2DRejectedMessagesNotInAllowedRange{
	// 				Description: to.Ptr("Get an alert when the number of cloud to device messages (MQTT protocol) that were rejected by the device in the time window is not in the allowed range"),
	// 				DisplayName: to.Ptr("Number of rejected cloud to device messages (MQTT protocol) is not in allowed range"),
	// 				IsEnabled: to.Ptr(false),
	// 				RuleType: to.Ptr("MqttC2DRejectedMessagesNotInAllowedRange"),
	// 				MaxThreshold: to.Ptr[int32](0),
	// 				MinThreshold: to.Ptr[int32](0),
	// 				TimeWindowSize: to.Ptr("PT15M"),
	// 			},
	// 			&armsecurity.HTTPC2DRejectedMessagesNotInAllowedRange{
	// 				Description: to.Ptr("Get an alert when the number of cloud to device messages (HTTP protocol) that were rejected by the device in the time window is not in the allowed range"),
	// 				DisplayName: to.Ptr("Number of rejected cloud to device messages (HTTP protocol) is not in allowed range"),
	// 				IsEnabled: to.Ptr(false),
	// 				RuleType: to.Ptr("HttpC2DRejectedMessagesNotInAllowedRange"),
	// 				MaxThreshold: to.Ptr[int32](0),
	// 				MinThreshold: to.Ptr[int32](0),
	// 				TimeWindowSize: to.Ptr("PT15M"),
	// 			},
	// 			&armsecurity.AmqpD2CMessagesNotInAllowedRange{
	// 				Description: to.Ptr("Get an alert when the number of device to cloud messages (AMQP protocol) in the time window is not in the allowed range"),
	// 				DisplayName: to.Ptr("Number of device to cloud messages (AMQP protocol) is not in allowed range"),
	// 				IsEnabled: to.Ptr(false),
	// 				RuleType: to.Ptr("AmqpD2CMessagesNotInAllowedRange"),
	// 				MaxThreshold: to.Ptr[int32](0),
	// 				MinThreshold: to.Ptr[int32](0),
	// 				TimeWindowSize: to.Ptr("PT15M"),
	// 			},
	// 			&armsecurity.MqttD2CMessagesNotInAllowedRange{
	// 				Description: to.Ptr("Get an alert when the number of device to cloud messages (MQTT protocol) in the time window is not in the allowed range"),
	// 				DisplayName: to.Ptr("Number of device to cloud messages (MQTT protocol) is not in allowed range"),
	// 				IsEnabled: to.Ptr(false),
	// 				RuleType: to.Ptr("MqttD2CMessagesNotInAllowedRange"),
	// 				MaxThreshold: to.Ptr[int32](0),
	// 				MinThreshold: to.Ptr[int32](0),
	// 				TimeWindowSize: to.Ptr("PT15M"),
	// 			},
	// 			&armsecurity.HTTPD2CMessagesNotInAllowedRange{
	// 				Description: to.Ptr("Get an alert when the number of device to cloud messages (HTTP protocol) in the time window is not in the allowed range"),
	// 				DisplayName: to.Ptr("Number of device to cloud messages (HTTP protocol) is not in allowed range"),
	// 				IsEnabled: to.Ptr(false),
	// 				RuleType: to.Ptr("HttpD2CMessagesNotInAllowedRange"),
	// 				MaxThreshold: to.Ptr[int32](0),
	// 				MinThreshold: to.Ptr[int32](0),
	// 				TimeWindowSize: to.Ptr("PT15M"),
	// 			},
	// 			&armsecurity.DirectMethodInvokesNotInAllowedRange{
	// 				Description: to.Ptr("Get an alert when the number of direct method invokes in the time window is not in the allowed range"),
	// 				DisplayName: to.Ptr("Number of direct method invokes is not in allowed range"),
	// 				IsEnabled: to.Ptr(false),
	// 				RuleType: to.Ptr("DirectMethodInvokesNotInAllowedRange"),
	// 				MaxThreshold: to.Ptr[int32](0),
	// 				MinThreshold: to.Ptr[int32](0),
	// 				TimeWindowSize: to.Ptr("PT15M"),
	// 			},
	// 			&armsecurity.FailedLocalLoginsNotInAllowedRange{
	// 				Description: to.Ptr("Get an alert when the number of failed local logins on the device in the time window is not in the allowed range"),
	// 				DisplayName: to.Ptr("Number of failed local logins is not in allowed range"),
	// 				IsEnabled: to.Ptr(false),
	// 				RuleType: to.Ptr("FailedLocalLoginsNotInAllowedRange"),
	// 				MaxThreshold: to.Ptr[int32](0),
	// 				MinThreshold: to.Ptr[int32](0),
	// 				TimeWindowSize: to.Ptr("PT15M"),
	// 			},
	// 			&armsecurity.FileUploadsNotInAllowedRange{
	// 				Description: to.Ptr("Get an alert when the number of file uploads from the device to the cloud in the time window is not in the allowed range"),
	// 				DisplayName: to.Ptr("Number of file uploads is not in allowed range"),
	// 				IsEnabled: to.Ptr(false),
	// 				RuleType: to.Ptr("FileUploadsNotInAllowedRange"),
	// 				MaxThreshold: to.Ptr[int32](0),
	// 				MinThreshold: to.Ptr[int32](0),
	// 				TimeWindowSize: to.Ptr("PT15M"),
	// 			},
	// 			&armsecurity.QueuePurgesNotInAllowedRange{
	// 				Description: to.Ptr("Get an alert when the number of device queue purges in the time window is not in the allowed range"),
	// 				DisplayName: to.Ptr("Number of device queue purges is not in allowed range"),
	// 				IsEnabled: to.Ptr(false),
	// 				RuleType: to.Ptr("QueuePurgesNotInAllowedRange"),
	// 				MaxThreshold: to.Ptr[int32](0),
	// 				MinThreshold: to.Ptr[int32](0),
	// 				TimeWindowSize: to.Ptr("PT15M"),
	// 			},
	// 			&armsecurity.TwinUpdatesNotInAllowedRange{
	// 				Description: to.Ptr("Get an alert when the number of twin updates (by the device or the service) in the time window is not in the allowed range"),
	// 				DisplayName: to.Ptr("Number of twin updates is not in allowed range"),
	// 				IsEnabled: to.Ptr(false),
	// 				RuleType: to.Ptr("TwinUpdatesNotInAllowedRange"),
	// 				MaxThreshold: to.Ptr[int32](0),
	// 				MinThreshold: to.Ptr[int32](0),
	// 				TimeWindowSize: to.Ptr("PT15M"),
	// 			},
	// 			&armsecurity.UnauthorizedOperationsNotInAllowedRange{
	// 				Description: to.Ptr("Get an alert when the number unauthorized operations in the time window is not in the allowed range. Unauthorized operations are operations that affect the device (or done by it) that fail because of an unauthorized error"),
	// 				DisplayName: to.Ptr("Number of unauthorized operations is not in allowed range"),
	// 				IsEnabled: to.Ptr(false),
	// 				RuleType: to.Ptr("UnauthorizedOperationsNotInAllowedRange"),
	// 				MaxThreshold: to.Ptr[int32](0),
	// 				MinThreshold: to.Ptr[int32](0),
	// 				TimeWindowSize: to.Ptr("PT15M"),
	// 		}},
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Use this method to creates or updates the device security group on a specified IoT Hub resource.
 *
 * @summary Use this method to creates or updates the device security group on a specified IoT Hub resource.
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/DeviceSecurityGroups/PutDeviceSecurityGroups_example.json
 */
async function createOrUpdateADeviceSecurityGroupForTheSpecifiedIoTHubResource() {
  const resourceId =
    "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Devices/iotHubs/sampleiothub";
  const deviceSecurityGroupName = "samplesecuritygroup";
  const deviceSecurityGroup = {
    timeWindowRules: [
      {
        isEnabled: true,
        maxThreshold: 30,
        minThreshold: 0,
        ruleType: "ActiveConnectionsNotInAllowedRange",
        timeWindowSize: "PT05M",
      },
    ],
  };
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential);
  const result = await client.deviceSecurityGroups.createOrUpdate(
    resourceId,
    deviceSecurityGroupName,
    deviceSecurityGroup,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using System.Xml;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/DeviceSecurityGroups/PutDeviceSecurityGroups_example.json
// this example is just showing the usage of "DeviceSecurityGroups_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this DeviceSecurityGroupResource created on azure
// for more information of creating DeviceSecurityGroupResource, please refer to the document of DeviceSecurityGroupResource
string resourceId = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Devices/iotHubs/sampleiothub";
string deviceSecurityGroupName = "samplesecuritygroup";
ResourceIdentifier deviceSecurityGroupResourceId = DeviceSecurityGroupResource.CreateResourceIdentifier(resourceId, deviceSecurityGroupName);
DeviceSecurityGroupResource deviceSecurityGroup = client.GetDeviceSecurityGroupResource(deviceSecurityGroupResourceId);

// invoke the operation
DeviceSecurityGroupData data = new DeviceSecurityGroupData()
{
    TimeWindowRules =
    {
    new ActiveConnectionsNotInAllowedRange(true,0,30,XmlConvert.ToTimeSpan("PT05M"))
    },
};
ArmOperation<DeviceSecurityGroupResource> lro = await deviceSecurityGroup.UpdateAsync(WaitUntil.Completed, data);
DeviceSecurityGroupResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
DeviceSecurityGroupData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Resposta de exemplo

Código de status:: 200

{
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Devices/iotHubs/sampleiothub/providers/Microsoft.Security/deviceSecurityGroups/samplesecuritygroup",
  "name": "samplesecuritygroup",
  "type": "Microsoft.Security/deviceSecurityGroups",
  "properties": {
    "thresholdRules": [],
    "timeWindowRules": [
      {
        "ruleType": "ActiveConnectionsNotInAllowedRange",
        "displayName": "Number of active connections is not in allowed range",
        "description": "Get an alert when the number of active connections of a device in the time window is not in the allowed range",
        "isEnabled": true,
        "minThreshold": 0,
        "maxThreshold": 30,
        "timeWindowSize": "PT05M"
      },
      {
        "ruleType": "AmqpC2DMessagesNotInAllowedRange",
        "displayName": "Number of cloud to device messages (AMQP protocol) is not in allowed range",
        "description": "Get an alert when the number of cloud to device messages (AMQP protocol) in the time window is not in the allowed range",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      },
      {
        "ruleType": "MqttC2DMessagesNotInAllowedRange",
        "displayName": "Number of cloud to device messages (MQTT protocol) is not in allowed range",
        "description": "Get an alert when the number of cloud to device messages (MQTT protocol) in the time window is not in the allowed range",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      },
      {
        "ruleType": "HttpC2DMessagesNotInAllowedRange",
        "displayName": "Number of cloud to device messages (HTTP protocol) is not in allowed range",
        "description": "Get an alert when the number of cloud to device messages (HTTP protocol) in the time window is not in the allowed range",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      },
      {
        "ruleType": "AmqpC2DRejectedMessagesNotInAllowedRange",
        "displayName": "Number of rejected cloud to device messages (AMQP protocol) is not in allowed range",
        "description": "Get an alert when the number of cloud to device messages (AMQP protocol) that were rejected by the device in the time window is not in the allowed range",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      },
      {
        "ruleType": "MqttC2DRejectedMessagesNotInAllowedRange",
        "displayName": "Number of rejected cloud to device messages (MQTT protocol) is not in allowed range",
        "description": "Get an alert when the number of cloud to device messages (MQTT protocol) that were rejected by the device in the time window is not in the allowed range",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      },
      {
        "ruleType": "HttpC2DRejectedMessagesNotInAllowedRange",
        "displayName": "Number of rejected cloud to device messages (HTTP protocol) is not in allowed range",
        "description": "Get an alert when the number of cloud to device messages (HTTP protocol) that were rejected by the device in the time window is not in the allowed range",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      },
      {
        "ruleType": "AmqpD2CMessagesNotInAllowedRange",
        "displayName": "Number of device to cloud messages (AMQP protocol) is not in allowed range",
        "description": "Get an alert when the number of device to cloud messages (AMQP protocol) in the time window is not in the allowed range",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      },
      {
        "ruleType": "MqttD2CMessagesNotInAllowedRange",
        "displayName": "Number of device to cloud messages (MQTT protocol) is not in allowed range",
        "description": "Get an alert when the number of device to cloud messages (MQTT protocol) in the time window is not in the allowed range",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      },
      {
        "ruleType": "HttpD2CMessagesNotInAllowedRange",
        "displayName": "Number of device to cloud messages (HTTP protocol) is not in allowed range",
        "description": "Get an alert when the number of device to cloud messages (HTTP protocol) in the time window is not in the allowed range",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      },
      {
        "ruleType": "DirectMethodInvokesNotInAllowedRange",
        "displayName": "Number of direct method invokes is not in allowed range",
        "description": "Get an alert when the number of direct method invokes in the time window is not in the allowed range",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      },
      {
        "ruleType": "FailedLocalLoginsNotInAllowedRange",
        "displayName": "Number of failed local logins is not in allowed range",
        "description": "Get an alert when the number of failed local logins on the device in the time window is not in the allowed range",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      },
      {
        "ruleType": "FileUploadsNotInAllowedRange",
        "displayName": "Number of file uploads is not in allowed range",
        "description": "Get an alert when the number of file uploads from the device to the cloud in the time window is not in the allowed range",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      },
      {
        "ruleType": "QueuePurgesNotInAllowedRange",
        "displayName": "Number of device queue purges is not in allowed range",
        "description": "Get an alert when the number of device queue purges in the time window is not in the allowed range",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      },
      {
        "ruleType": "TwinUpdatesNotInAllowedRange",
        "displayName": "Number of twin updates is not in allowed range",
        "description": "Get an alert when the number of twin updates (by the device or the service) in the time window is not in the allowed range",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      },
      {
        "ruleType": "UnauthorizedOperationsNotInAllowedRange",
        "displayName": "Number of unauthorized operations is not in allowed range",
        "description": "Get an alert when the number unauthorized operations in the time window is not in the allowed range. Unauthorized operations are operations that affect the device (or done by it) that fail because of an unauthorized error",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      }
    ],
    "allowlistRules": [
      {
        "ruleType": "ConnectionToIpNotAllowed",
        "displayName": "Outbound connection to an ip that isn't allowed",
        "description": "Get an alert when an outbound connection is created between your device and an ip that isn't allowed",
        "isEnabled": false,
        "allowlistValues": []
      },
      {
        "ruleType": "LocalUserNotAllowed",
        "displayName": "Login by a local user that isn't allowed",
        "description": "Get an alert when a local user that isn't allowed logins to the device",
        "isEnabled": false,
        "allowlistValues": []
      },
      {
        "ruleType": "ProcessNotAllowed",
        "displayName": "Execution of a process that isn't allowed",
        "description": "Get an alert when a process that isn't allowed is executed",
        "isEnabled": false,
        "allowlistValues": []
      }
    ],
    "denylistRules": []
  }
}

Código de status:: 201

{
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Devices/iotHubs/sampleiothub/providers/Microsoft.Security/deviceSecurityGroups/samplesecuritygroup",
  "name": "samplesecuritygroup",
  "type": "Microsoft.Security/deviceSecurityGroups",
  "properties": {
    "thresholdRules": [],
    "timeWindowRules": [
      {
        "ruleType": "ActiveConnectionsNotInAllowedRange",
        "displayName": "Number of active connections is not in allowed range",
        "description": "Get an alert when the number of active connections of a device in the time window is not in the allowed range",
        "isEnabled": true,
        "minThreshold": 0,
        "maxThreshold": 30,
        "timeWindowSize": "PT05M"
      },
      {
        "ruleType": "AmqpC2DMessagesNotInAllowedRange",
        "displayName": "Number of cloud to device messages (AMQP protocol) is not in allowed range",
        "description": "Get an alert when the number of cloud to device messages (AMQP protocol) in the time window is not in the allowed range",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      },
      {
        "ruleType": "MqttC2DMessagesNotInAllowedRange",
        "displayName": "Number of cloud to device messages (MQTT protocol) is not in allowed range",
        "description": "Get an alert when the number of cloud to device messages (MQTT protocol) in the time window is not in the allowed range",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      },
      {
        "ruleType": "HttpC2DMessagesNotInAllowedRange",
        "displayName": "Number of cloud to device messages (HTTP protocol) is not in allowed range",
        "description": "Get an alert when the number of cloud to device messages (HTTP protocol) in the time window is not in the allowed range",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      },
      {
        "ruleType": "AmqpC2DRejectedMessagesNotInAllowedRange",
        "displayName": "Number of rejected cloud to device messages (AMQP protocol) is not in allowed range",
        "description": "Get an alert when the number of cloud to device messages (AMQP protocol) that were rejected by the device in the time window is not in the allowed range",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      },
      {
        "ruleType": "MqttC2DRejectedMessagesNotInAllowedRange",
        "displayName": "Number of rejected cloud to device messages (MQTT protocol) is not in allowed range",
        "description": "Get an alert when the number of cloud to device messages (MQTT protocol) that were rejected by the device in the time window is not in the allowed range",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      },
      {
        "ruleType": "HttpC2DRejectedMessagesNotInAllowedRange",
        "displayName": "Number of rejected cloud to device messages (HTTP protocol) is not in allowed range",
        "description": "Get an alert when the number of cloud to device messages (HTTP protocol) that were rejected by the device in the time window is not in the allowed range",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      },
      {
        "ruleType": "AmqpD2CMessagesNotInAllowedRange",
        "displayName": "Number of device to cloud messages (AMQP protocol) is not in allowed range",
        "description": "Get an alert when the number of device to cloud messages (AMQP protocol) in the time window is not in the allowed range",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      },
      {
        "ruleType": "MqttD2CMessagesNotInAllowedRange",
        "displayName": "Number of device to cloud messages (MQTT protocol) is not in allowed range",
        "description": "Get an alert when the number of device to cloud messages (MQTT protocol) in the time window is not in the allowed range",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      },
      {
        "ruleType": "HttpD2CMessagesNotInAllowedRange",
        "displayName": "Number of device to cloud messages (HTTP protocol) is not in allowed range",
        "description": "Get an alert when the number of device to cloud messages (HTTP protocol) in the time window is not in the allowed range",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      },
      {
        "ruleType": "DirectMethodInvokesNotInAllowedRange",
        "displayName": "Number of direct method invokes is not in allowed range",
        "description": "Get an alert when the number of direct method invokes in the time window is not in the allowed range",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      },
      {
        "ruleType": "FailedLocalLoginsNotInAllowedRange",
        "displayName": "Number of failed local logins is not in allowed range",
        "description": "Get an alert when the number of failed local logins on the device in the time window is not in the allowed range",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      },
      {
        "ruleType": "FileUploadsNotInAllowedRange",
        "displayName": "Number of file uploads is not in allowed range",
        "description": "Get an alert when the number of file uploads from the device to the cloud in the time window is not in the allowed range",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      },
      {
        "ruleType": "QueuePurgesNotInAllowedRange",
        "displayName": "Number of device queue purges is not in allowed range",
        "description": "Get an alert when the number of device queue purges in the time window is not in the allowed range",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      },
      {
        "ruleType": "TwinUpdatesNotInAllowedRange",
        "displayName": "Number of twin updates is not in allowed range",
        "description": "Get an alert when the number of twin updates (by the device or the service) in the time window is not in the allowed range",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      },
      {
        "ruleType": "UnauthorizedOperationsNotInAllowedRange",
        "displayName": "Number of unauthorized operations is not in allowed range",
        "description": "Get an alert when the number unauthorized operations in the time window is not in the allowed range. Unauthorized operations are operations that affect the device (or done by it) that fail because of an unauthorized error",
        "isEnabled": false,
        "minThreshold": 0,
        "maxThreshold": 0,
        "timeWindowSize": "PT15M"
      }
    ],
    "allowlistRules": [
      {
        "ruleType": "ConnectionToIpNotAllowed",
        "displayName": "Outbound connection to an ip that isn't allowed",
        "description": "Get an alert when an outbound connection is created between your device and an ip that isn't allowed",
        "isEnabled": false,
        "allowlistValues": []
      },
      {
        "ruleType": "LocalUserNotAllowed",
        "displayName": "Login by a local user that isn't allowed",
        "description": "Get an alert when a local user that isn't allowed logins to the device",
        "isEnabled": false,
        "allowlistValues": []
      },
      {
        "ruleType": "ProcessNotAllowed",
        "displayName": "Execution of a process that isn't allowed",
        "description": "Get an alert when a process that isn't allowed is executed",
        "isEnabled": false,
        "allowlistValues": []
      }
    ],
    "denylistRules": []
  }
}

Definições

Nome	Description
AllowlistCustomAlertRule	Uma regra de alerta personalizada que verifica se um valor (depende do tipo de alerta personalizado) é permitido.
CloudError	Resposta de erro comum para todas as APIs do Azure Resource Manager retornarem detalhes de erro para operações com falha. (Isso também segue o formato de resposta de erro OData.).
CloudErrorBody	O detalhe do erro.
DenylistCustomAlertRule	Uma regra de alerta personalizada que verifica se um valor (depende do tipo de alerta personalizado) é negado.
DeviceSecurityGroup	O recurso de grupo de segurança do dispositivo
ErrorAdditionalInfo	As informações adicionais do erro de gerenciamento de recursos.
ThresholdCustomAlertRule	Uma regra de alerta personalizada que verifica se um valor (depende do tipo de alerta personalizado) está dentro do intervalo determinado.
TimeWindowCustomAlertRule	Uma regra de alerta personalizada que verifica se o número de atividades (depende do tipo de alerta personalizado) em uma janela de tempo está dentro do intervalo determinado.
valueType	O tipo de valor dos itens na lista.

AllowlistCustomAlertRule

Uma regra de alerta personalizada que verifica se um valor (depende do tipo de alerta personalizado) é permitido.

Nome	Tipo	Description
allowlistValues	string[]	Os valores a serem permitidos. O formato dos valores depende do tipo de regra.
description	string	A descrição do alerta personalizado.
displayName	string	O nome de exibição do alerta personalizado.
isEnabled	boolean	Status do alerta personalizado.
ruleType	string	O tipo da regra de alerta personalizada.
valueType	valueType	O tipo de valor dos itens na lista.

CloudError

Resposta de erro comum para todas as APIs do Azure Resource Manager retornarem detalhes de erro para operações com falha. (Isso também segue o formato de resposta de erro OData.).

Nome	Tipo	Description
error.additionalInfo	ErrorAdditionalInfo[]	As informações adicionais do erro.
error.code	string	O código de erro.
error.details	CloudErrorBody[]	Os detalhes do erro.
error.message	string	A mensagem de erro.
error.target	string	O destino do erro.

CloudErrorBody

O detalhe do erro.

Nome	Tipo	Description
additionalInfo	ErrorAdditionalInfo[]	As informações adicionais do erro.
code	string	O código de erro.
details	CloudErrorBody[]	Os detalhes do erro.
message	string	A mensagem de erro.
target	string	O destino do erro.

DenylistCustomAlertRule

Uma regra de alerta personalizada que verifica se um valor (depende do tipo de alerta personalizado) é negado.

Nome	Tipo	Description
denylistValues	string[]	Os valores a negar. O formato dos valores depende do tipo de regra.
description	string	A descrição do alerta personalizado.
displayName	string	O nome de exibição do alerta personalizado.
isEnabled	boolean	Status do alerta personalizado.
ruleType	string	O tipo da regra de alerta personalizada.
valueType	valueType	O tipo de valor dos itens na lista.