Device Security Groups - Create Or Update
Använd den här metoden för att skapa eller uppdatera enhetssäkerhetsgruppen på en angiven IoT Hub-resurs.
PUT https://management.azure.com/{resourceId}/providers/Microsoft.Security/deviceSecurityGroups/{deviceSecurityGroupName}?api-version=2019-08-01
URI-parametrar
Name | I | Obligatorisk | Typ | Description |
---|---|---|---|---|
device
|
path | True |
string |
Namnet på enhetssäkerhetsgruppen. Observera att namnet på enhetssäkerhetsgruppen är skiftlägesokänsligt. |
resource
|
path | True |
string |
Resursens identifierare. |
api-version
|
query | True |
string |
API-version för åtgärden |
Begärandetext
Name | Typ | Description |
---|---|---|
properties.allowlistRules |
Anpassade aviseringsregler för tillåtna listor. |
|
properties.denylistRules |
De anpassade aviseringsreglerna för neka-listan. |
|
properties.thresholdRules |
Listan över regler för anpassade aviseringströskelregler. |
|
properties.timeWindowRules |
Listan över regler för anpassad aviseringstid. |
Svar
Name | Typ | Description |
---|---|---|
200 OK |
Säkerhetsgruppen har uppdaterats. |
|
201 Created |
Säkerhetsgruppen skapades. |
|
Other Status Codes |
Felsvar som beskriver varför åtgärden misslyckades. |
Säkerhet
azure_auth
Azure Active Directory OAuth2 Flow
Typ:
oauth2
Flow:
implicit
Auktoriseringswebbadress:
https://login.microsoftonline.com/common/oauth2/authorize
Omfattningar
Name | Description |
---|---|
user_impersonation | personifiera ditt användarkonto |
Exempel
Create or update a device security group for the specified IoT hub resource
Exempelbegäran
PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Devices/iotHubs/sampleiothub/providers/Microsoft.Security/deviceSecurityGroups/samplesecuritygroup?api-version=2019-08-01
{
"properties": {
"timeWindowRules": [
{
"ruleType": "ActiveConnectionsNotInAllowedRange",
"isEnabled": true,
"minThreshold": 0,
"maxThreshold": 30,
"timeWindowSize": "PT05M"
}
]
}
}
Exempelsvar
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Devices/iotHubs/sampleiothub/providers/Microsoft.Security/deviceSecurityGroups/samplesecuritygroup",
"name": "samplesecuritygroup",
"type": "Microsoft.Security/deviceSecurityGroups",
"properties": {
"thresholdRules": [],
"timeWindowRules": [
{
"ruleType": "ActiveConnectionsNotInAllowedRange",
"displayName": "Number of active connections is not in allowed range",
"description": "Get an alert when the number of active connections of a device in the time window is not in the allowed range",
"isEnabled": true,
"minThreshold": 0,
"maxThreshold": 30,
"timeWindowSize": "PT05M"
},
{
"ruleType": "AmqpC2DMessagesNotInAllowedRange",
"displayName": "Number of cloud to device messages (AMQP protocol) is not in allowed range",
"description": "Get an alert when the number of cloud to device messages (AMQP protocol) in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "MqttC2DMessagesNotInAllowedRange",
"displayName": "Number of cloud to device messages (MQTT protocol) is not in allowed range",
"description": "Get an alert when the number of cloud to device messages (MQTT protocol) in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "HttpC2DMessagesNotInAllowedRange",
"displayName": "Number of cloud to device messages (HTTP protocol) is not in allowed range",
"description": "Get an alert when the number of cloud to device messages (HTTP protocol) in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "AmqpC2DRejectedMessagesNotInAllowedRange",
"displayName": "Number of rejected cloud to device messages (AMQP protocol) is not in allowed range",
"description": "Get an alert when the number of cloud to device messages (AMQP protocol) that were rejected by the device in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "MqttC2DRejectedMessagesNotInAllowedRange",
"displayName": "Number of rejected cloud to device messages (MQTT protocol) is not in allowed range",
"description": "Get an alert when the number of cloud to device messages (MQTT protocol) that were rejected by the device in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "HttpC2DRejectedMessagesNotInAllowedRange",
"displayName": "Number of rejected cloud to device messages (HTTP protocol) is not in allowed range",
"description": "Get an alert when the number of cloud to device messages (HTTP protocol) that were rejected by the device in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "AmqpD2CMessagesNotInAllowedRange",
"displayName": "Number of device to cloud messages (AMQP protocol) is not in allowed range",
"description": "Get an alert when the number of device to cloud messages (AMQP protocol) in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "MqttD2CMessagesNotInAllowedRange",
"displayName": "Number of device to cloud messages (MQTT protocol) is not in allowed range",
"description": "Get an alert when the number of device to cloud messages (MQTT protocol) in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "HttpD2CMessagesNotInAllowedRange",
"displayName": "Number of device to cloud messages (HTTP protocol) is not in allowed range",
"description": "Get an alert when the number of device to cloud messages (HTTP protocol) in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "DirectMethodInvokesNotInAllowedRange",
"displayName": "Number of direct method invokes is not in allowed range",
"description": "Get an alert when the number of direct method invokes in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "FailedLocalLoginsNotInAllowedRange",
"displayName": "Number of failed local logins is not in allowed range",
"description": "Get an alert when the number of failed local logins on the device in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "FileUploadsNotInAllowedRange",
"displayName": "Number of file uploads is not in allowed range",
"description": "Get an alert when the number of file uploads from the device to the cloud in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "QueuePurgesNotInAllowedRange",
"displayName": "Number of device queue purges is not in allowed range",
"description": "Get an alert when the number of device queue purges in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "TwinUpdatesNotInAllowedRange",
"displayName": "Number of twin updates is not in allowed range",
"description": "Get an alert when the number of twin updates (by the device or the service) in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "UnauthorizedOperationsNotInAllowedRange",
"displayName": "Number of unauthorized operations is not in allowed range",
"description": "Get an alert when the number unauthorized operations in the time window is not in the allowed range. Unauthorized operations are operations that affect the device (or done by it) that fail because of an unauthorized error",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
}
],
"allowlistRules": [
{
"ruleType": "ConnectionToIpNotAllowed",
"displayName": "Outbound connection to an ip that isn't allowed",
"description": "Get an alert when an outbound connection is created between your device and an ip that isn't allowed",
"isEnabled": false,
"allowlistValues": []
},
{
"ruleType": "LocalUserNotAllowed",
"displayName": "Login by a local user that isn't allowed",
"description": "Get an alert when a local user that isn't allowed logins to the device",
"isEnabled": false,
"allowlistValues": []
},
{
"ruleType": "ProcessNotAllowed",
"displayName": "Execution of a process that isn't allowed",
"description": "Get an alert when a process that isn't allowed is executed",
"isEnabled": false,
"allowlistValues": []
}
],
"denylistRules": []
}
}
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Devices/iotHubs/sampleiothub/providers/Microsoft.Security/deviceSecurityGroups/samplesecuritygroup",
"name": "samplesecuritygroup",
"type": "Microsoft.Security/deviceSecurityGroups",
"properties": {
"thresholdRules": [],
"timeWindowRules": [
{
"ruleType": "ActiveConnectionsNotInAllowedRange",
"displayName": "Number of active connections is not in allowed range",
"description": "Get an alert when the number of active connections of a device in the time window is not in the allowed range",
"isEnabled": true,
"minThreshold": 0,
"maxThreshold": 30,
"timeWindowSize": "PT05M"
},
{
"ruleType": "AmqpC2DMessagesNotInAllowedRange",
"displayName": "Number of cloud to device messages (AMQP protocol) is not in allowed range",
"description": "Get an alert when the number of cloud to device messages (AMQP protocol) in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "MqttC2DMessagesNotInAllowedRange",
"displayName": "Number of cloud to device messages (MQTT protocol) is not in allowed range",
"description": "Get an alert when the number of cloud to device messages (MQTT protocol) in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "HttpC2DMessagesNotInAllowedRange",
"displayName": "Number of cloud to device messages (HTTP protocol) is not in allowed range",
"description": "Get an alert when the number of cloud to device messages (HTTP protocol) in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "AmqpC2DRejectedMessagesNotInAllowedRange",
"displayName": "Number of rejected cloud to device messages (AMQP protocol) is not in allowed range",
"description": "Get an alert when the number of cloud to device messages (AMQP protocol) that were rejected by the device in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "MqttC2DRejectedMessagesNotInAllowedRange",
"displayName": "Number of rejected cloud to device messages (MQTT protocol) is not in allowed range",
"description": "Get an alert when the number of cloud to device messages (MQTT protocol) that were rejected by the device in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "HttpC2DRejectedMessagesNotInAllowedRange",
"displayName": "Number of rejected cloud to device messages (HTTP protocol) is not in allowed range",
"description": "Get an alert when the number of cloud to device messages (HTTP protocol) that were rejected by the device in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "AmqpD2CMessagesNotInAllowedRange",
"displayName": "Number of device to cloud messages (AMQP protocol) is not in allowed range",
"description": "Get an alert when the number of device to cloud messages (AMQP protocol) in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "MqttD2CMessagesNotInAllowedRange",
"displayName": "Number of device to cloud messages (MQTT protocol) is not in allowed range",
"description": "Get an alert when the number of device to cloud messages (MQTT protocol) in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "HttpD2CMessagesNotInAllowedRange",
"displayName": "Number of device to cloud messages (HTTP protocol) is not in allowed range",
"description": "Get an alert when the number of device to cloud messages (HTTP protocol) in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "DirectMethodInvokesNotInAllowedRange",
"displayName": "Number of direct method invokes is not in allowed range",
"description": "Get an alert when the number of direct method invokes in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "FailedLocalLoginsNotInAllowedRange",
"displayName": "Number of failed local logins is not in allowed range",
"description": "Get an alert when the number of failed local logins on the device in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "FileUploadsNotInAllowedRange",
"displayName": "Number of file uploads is not in allowed range",
"description": "Get an alert when the number of file uploads from the device to the cloud in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "QueuePurgesNotInAllowedRange",
"displayName": "Number of device queue purges is not in allowed range",
"description": "Get an alert when the number of device queue purges in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "TwinUpdatesNotInAllowedRange",
"displayName": "Number of twin updates is not in allowed range",
"description": "Get an alert when the number of twin updates (by the device or the service) in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "UnauthorizedOperationsNotInAllowedRange",
"displayName": "Number of unauthorized operations is not in allowed range",
"description": "Get an alert when the number unauthorized operations in the time window is not in the allowed range. Unauthorized operations are operations that affect the device (or done by it) that fail because of an unauthorized error",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
}
],
"allowlistRules": [
{
"ruleType": "ConnectionToIpNotAllowed",
"displayName": "Outbound connection to an ip that isn't allowed",
"description": "Get an alert when an outbound connection is created between your device and an ip that isn't allowed",
"isEnabled": false,
"allowlistValues": []
},
{
"ruleType": "LocalUserNotAllowed",
"displayName": "Login by a local user that isn't allowed",
"description": "Get an alert when a local user that isn't allowed logins to the device",
"isEnabled": false,
"allowlistValues": []
},
{
"ruleType": "ProcessNotAllowed",
"displayName": "Execution of a process that isn't allowed",
"description": "Get an alert when a process that isn't allowed is executed",
"isEnabled": false,
"allowlistValues": []
}
],
"denylistRules": []
}
}
Definitioner
Name | Description |
---|---|
Allowlist |
En anpassad aviseringsregel som kontrollerar om ett värde (beror på den anpassade aviseringstypen) tillåts. |
Cloud |
Vanligt felsvar för alla Azure Resource Manager-API:er för att returnera felinformation för misslyckade åtgärder. (Detta följer även formatet för OData-felsvar.). |
Cloud |
Felinformationen. |
Denylist |
En anpassad aviseringsregel som kontrollerar om ett värde (beror på den anpassade aviseringstypen) nekas. |
Device |
Resursen för enhetssäkerhetsgruppen |
Error |
Ytterligare information om resurshanteringsfelet. |
Threshold |
En anpassad aviseringsregel som kontrollerar om ett värde (beror på den anpassade aviseringstypen) ligger inom det angivna intervallet. |
Time |
En anpassad aviseringsregel som kontrollerar om antalet aktiviteter (beror på den anpassade aviseringstypen) i ett tidsfönster ligger inom det angivna intervallet. |
value |
Värdetypen för objekten i listan. |
AllowlistCustomAlertRule
En anpassad aviseringsregel som kontrollerar om ett värde (beror på den anpassade aviseringstypen) tillåts.
Name | Typ | Description |
---|---|---|
allowlistValues |
string[] |
De värden som ska tillåtas. Formatet på värdena beror på regeltypen. |
description |
string |
Beskrivningen av den anpassade aviseringen. |
displayName |
string |
Visningsnamnet för den anpassade aviseringen. |
isEnabled |
boolean |
Status för den anpassade aviseringen. |
ruleType |
string |
Typen av anpassad aviseringsregel. |
valueType |
Värdetypen för objekten i listan. |
CloudError
Vanligt felsvar för alla Azure Resource Manager-API:er för att returnera felinformation för misslyckade åtgärder. (Detta följer även formatet för OData-felsvar.).
Name | Typ | Description |
---|---|---|
error.additionalInfo |
Ytterligare information om felet. |
|
error.code |
string |
Felkoden. |
error.details |
Felinformationen. |
|
error.message |
string |
Felmeddelandet. |
error.target |
string |
Felmålet. |
CloudErrorBody
Felinformationen.
Name | Typ | Description |
---|---|---|
additionalInfo |
Ytterligare information om felet. |
|
code |
string |
Felkoden. |
details |
Felinformationen. |
|
message |
string |
Felmeddelandet. |
target |
string |
Felmålet. |
DenylistCustomAlertRule
En anpassad aviseringsregel som kontrollerar om ett värde (beror på den anpassade aviseringstypen) nekas.
Name | Typ | Description |
---|---|---|
denylistValues |
string[] |
De värden som ska nekas. Formatet på värdena beror på regeltypen. |
description |
string |
Beskrivningen av den anpassade aviseringen. |
displayName |
string |
Visningsnamnet för den anpassade aviseringen. |
isEnabled |
boolean |
Status för den anpassade aviseringen. |
ruleType |
string |
Typen av anpassad aviseringsregel. |
valueType |
Värdetypen för objekten i listan. |
DeviceSecurityGroup
Resursen för enhetssäkerhetsgruppen
Name | Typ | Description |
---|---|---|
id |
string |
Resurs-ID |
name |
string |
Resursnamn |
properties.allowlistRules |
Anpassade aviseringsregler för tillåtna listor. |
|
properties.denylistRules |
De anpassade aviseringsreglerna för neka-listan. |
|
properties.thresholdRules |
Listan över regler för anpassade aviseringströskelregler. |
|
properties.timeWindowRules |
Listan över regler för anpassad aviseringstid. |
|
type |
string |
Resurstyp |
ErrorAdditionalInfo
Ytterligare information om resurshanteringsfelet.
Name | Typ | Description |
---|---|---|
info |
object |
Ytterligare information. |
type |
string |
Ytterligare informationstyp. |
ThresholdCustomAlertRule
En anpassad aviseringsregel som kontrollerar om ett värde (beror på den anpassade aviseringstypen) ligger inom det angivna intervallet.
Name | Typ | Description |
---|---|---|
description |
string |
Beskrivningen av den anpassade aviseringen. |
displayName |
string |
Visningsnamnet för den anpassade aviseringen. |
isEnabled |
boolean |
Status för den anpassade aviseringen. |
maxThreshold |
integer |
Det maximala tröskelvärdet. |
minThreshold |
integer |
Minimitröskelvärdet. |
ruleType |
string |
Typen av anpassad aviseringsregel. |
TimeWindowCustomAlertRule
En anpassad aviseringsregel som kontrollerar om antalet aktiviteter (beror på den anpassade aviseringstypen) i ett tidsfönster ligger inom det angivna intervallet.
Name | Typ | Description |
---|---|---|
description |
string |
Beskrivningen av den anpassade aviseringen. |
displayName |
string |
Visningsnamnet för den anpassade aviseringen. |
isEnabled |
boolean |
Status för den anpassade aviseringen. |
maxThreshold |
integer |
Det maximala tröskelvärdet. |
minThreshold |
integer |
Minimitröskelvärdet. |
ruleType |
string |
Typen av anpassad aviseringsregel. |
timeWindowSize |
string |
Tidsfönstrets storlek i iso8601-format. |
valueType
Värdetypen för objekten i listan.
Name | Typ | Description |
---|---|---|
IpCidr |
string |
Ett IP-intervall i CIDR-format (t.ex. "192.168.0.1/8"). |
String |
string |
Valfritt strängvärde. |