你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
Device Security Groups - Create Or Update
使用此方法在指定的 IoT 中心资源上创建或更新设备安全组。
PUT https://management.azure.com/{resourceId}/providers/Microsoft.Security/deviceSecurityGroups/{deviceSecurityGroupName}?api-version=2019-08-01URI 参数
| 名称 | 在 | 必需 | 类型 | 说明 |
|---|---|---|---|---|
|
device
|
path | True |
string |
设备安全组的名称。 请注意,设备安全组的名称不区分大小写。 |
|
resource
|
path | True |
string |
资源的标识符。 |
|
api-version
|
query | True |
string |
操作的 API 版本 |
请求正文
| 名称 | 类型 | 说明 |
|---|---|---|
| properties.allowlistRules |
允许列表自定义警报规则。 |
|
| properties.denylistRules |
拒绝列表自定义警报规则。 |
|
| properties.thresholdRules |
自定义警报阈值规则的列表。 |
|
| properties.timeWindowRules |
自定义警报时间范围规则的列表。 |
响应
| 名称 | 类型 | 说明 |
|---|---|---|
| 200 OK |
安全组已更新。 |
|
| 201 Created |
已创建安全组。 |
|
| Other Status Codes |
描述操作失败的原因的错误响应。 |
安全性
azure_auth
Azure Active Directory OAuth2 Flow
类型:
oauth2
流向:
implicit
授权 URL:
https://login.microsoftonline.com/common/oauth2/authorize
作用域
| 名称 | 说明 |
|---|---|
| user_impersonation | 模拟用户帐户 |
示例
Create or update a device security group for the specified IoT hub resource
示例请求
PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Devices/iotHubs/sampleiothub/providers/Microsoft.Security/deviceSecurityGroups/samplesecuritygroup?api-version=2019-08-01
{
"properties": {
"timeWindowRules": [
{
"ruleType": "ActiveConnectionsNotInAllowedRange",
"isEnabled": true,
"minThreshold": 0,
"maxThreshold": 30,
"timeWindowSize": "PT05M"
}
]
}
}
示例响应
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Devices/iotHubs/sampleiothub/providers/Microsoft.Security/deviceSecurityGroups/samplesecuritygroup",
"name": "samplesecuritygroup",
"type": "Microsoft.Security/deviceSecurityGroups",
"properties": {
"thresholdRules": [],
"timeWindowRules": [
{
"ruleType": "ActiveConnectionsNotInAllowedRange",
"displayName": "Number of active connections is not in allowed range",
"description": "Get an alert when the number of active connections of a device in the time window is not in the allowed range",
"isEnabled": true,
"minThreshold": 0,
"maxThreshold": 30,
"timeWindowSize": "PT05M"
},
{
"ruleType": "AmqpC2DMessagesNotInAllowedRange",
"displayName": "Number of cloud to device messages (AMQP protocol) is not in allowed range",
"description": "Get an alert when the number of cloud to device messages (AMQP protocol) in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "MqttC2DMessagesNotInAllowedRange",
"displayName": "Number of cloud to device messages (MQTT protocol) is not in allowed range",
"description": "Get an alert when the number of cloud to device messages (MQTT protocol) in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "HttpC2DMessagesNotInAllowedRange",
"displayName": "Number of cloud to device messages (HTTP protocol) is not in allowed range",
"description": "Get an alert when the number of cloud to device messages (HTTP protocol) in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "AmqpC2DRejectedMessagesNotInAllowedRange",
"displayName": "Number of rejected cloud to device messages (AMQP protocol) is not in allowed range",
"description": "Get an alert when the number of cloud to device messages (AMQP protocol) that were rejected by the device in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "MqttC2DRejectedMessagesNotInAllowedRange",
"displayName": "Number of rejected cloud to device messages (MQTT protocol) is not in allowed range",
"description": "Get an alert when the number of cloud to device messages (MQTT protocol) that were rejected by the device in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "HttpC2DRejectedMessagesNotInAllowedRange",
"displayName": "Number of rejected cloud to device messages (HTTP protocol) is not in allowed range",
"description": "Get an alert when the number of cloud to device messages (HTTP protocol) that were rejected by the device in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "AmqpD2CMessagesNotInAllowedRange",
"displayName": "Number of device to cloud messages (AMQP protocol) is not in allowed range",
"description": "Get an alert when the number of device to cloud messages (AMQP protocol) in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "MqttD2CMessagesNotInAllowedRange",
"displayName": "Number of device to cloud messages (MQTT protocol) is not in allowed range",
"description": "Get an alert when the number of device to cloud messages (MQTT protocol) in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "HttpD2CMessagesNotInAllowedRange",
"displayName": "Number of device to cloud messages (HTTP protocol) is not in allowed range",
"description": "Get an alert when the number of device to cloud messages (HTTP protocol) in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "DirectMethodInvokesNotInAllowedRange",
"displayName": "Number of direct method invokes is not in allowed range",
"description": "Get an alert when the number of direct method invokes in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "FailedLocalLoginsNotInAllowedRange",
"displayName": "Number of failed local logins is not in allowed range",
"description": "Get an alert when the number of failed local logins on the device in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "FileUploadsNotInAllowedRange",
"displayName": "Number of file uploads is not in allowed range",
"description": "Get an alert when the number of file uploads from the device to the cloud in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "QueuePurgesNotInAllowedRange",
"displayName": "Number of device queue purges is not in allowed range",
"description": "Get an alert when the number of device queue purges in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "TwinUpdatesNotInAllowedRange",
"displayName": "Number of twin updates is not in allowed range",
"description": "Get an alert when the number of twin updates (by the device or the service) in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "UnauthorizedOperationsNotInAllowedRange",
"displayName": "Number of unauthorized operations is not in allowed range",
"description": "Get an alert when the number unauthorized operations in the time window is not in the allowed range. Unauthorized operations are operations that affect the device (or done by it) that fail because of an unauthorized error",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
}
],
"allowlistRules": [
{
"ruleType": "ConnectionToIpNotAllowed",
"displayName": "Outbound connection to an ip that isn't allowed",
"description": "Get an alert when an outbound connection is created between your device and an ip that isn't allowed",
"isEnabled": false,
"allowlistValues": []
},
{
"ruleType": "LocalUserNotAllowed",
"displayName": "Login by a local user that isn't allowed",
"description": "Get an alert when a local user that isn't allowed logins to the device",
"isEnabled": false,
"allowlistValues": []
},
{
"ruleType": "ProcessNotAllowed",
"displayName": "Execution of a process that isn't allowed",
"description": "Get an alert when a process that isn't allowed is executed",
"isEnabled": false,
"allowlistValues": []
}
],
"denylistRules": []
}
}{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Devices/iotHubs/sampleiothub/providers/Microsoft.Security/deviceSecurityGroups/samplesecuritygroup",
"name": "samplesecuritygroup",
"type": "Microsoft.Security/deviceSecurityGroups",
"properties": {
"thresholdRules": [],
"timeWindowRules": [
{
"ruleType": "ActiveConnectionsNotInAllowedRange",
"displayName": "Number of active connections is not in allowed range",
"description": "Get an alert when the number of active connections of a device in the time window is not in the allowed range",
"isEnabled": true,
"minThreshold": 0,
"maxThreshold": 30,
"timeWindowSize": "PT05M"
},
{
"ruleType": "AmqpC2DMessagesNotInAllowedRange",
"displayName": "Number of cloud to device messages (AMQP protocol) is not in allowed range",
"description": "Get an alert when the number of cloud to device messages (AMQP protocol) in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "MqttC2DMessagesNotInAllowedRange",
"displayName": "Number of cloud to device messages (MQTT protocol) is not in allowed range",
"description": "Get an alert when the number of cloud to device messages (MQTT protocol) in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "HttpC2DMessagesNotInAllowedRange",
"displayName": "Number of cloud to device messages (HTTP protocol) is not in allowed range",
"description": "Get an alert when the number of cloud to device messages (HTTP protocol) in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "AmqpC2DRejectedMessagesNotInAllowedRange",
"displayName": "Number of rejected cloud to device messages (AMQP protocol) is not in allowed range",
"description": "Get an alert when the number of cloud to device messages (AMQP protocol) that were rejected by the device in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "MqttC2DRejectedMessagesNotInAllowedRange",
"displayName": "Number of rejected cloud to device messages (MQTT protocol) is not in allowed range",
"description": "Get an alert when the number of cloud to device messages (MQTT protocol) that were rejected by the device in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "HttpC2DRejectedMessagesNotInAllowedRange",
"displayName": "Number of rejected cloud to device messages (HTTP protocol) is not in allowed range",
"description": "Get an alert when the number of cloud to device messages (HTTP protocol) that were rejected by the device in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "AmqpD2CMessagesNotInAllowedRange",
"displayName": "Number of device to cloud messages (AMQP protocol) is not in allowed range",
"description": "Get an alert when the number of device to cloud messages (AMQP protocol) in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "MqttD2CMessagesNotInAllowedRange",
"displayName": "Number of device to cloud messages (MQTT protocol) is not in allowed range",
"description": "Get an alert when the number of device to cloud messages (MQTT protocol) in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "HttpD2CMessagesNotInAllowedRange",
"displayName": "Number of device to cloud messages (HTTP protocol) is not in allowed range",
"description": "Get an alert when the number of device to cloud messages (HTTP protocol) in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "DirectMethodInvokesNotInAllowedRange",
"displayName": "Number of direct method invokes is not in allowed range",
"description": "Get an alert when the number of direct method invokes in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "FailedLocalLoginsNotInAllowedRange",
"displayName": "Number of failed local logins is not in allowed range",
"description": "Get an alert when the number of failed local logins on the device in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "FileUploadsNotInAllowedRange",
"displayName": "Number of file uploads is not in allowed range",
"description": "Get an alert when the number of file uploads from the device to the cloud in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "QueuePurgesNotInAllowedRange",
"displayName": "Number of device queue purges is not in allowed range",
"description": "Get an alert when the number of device queue purges in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "TwinUpdatesNotInAllowedRange",
"displayName": "Number of twin updates is not in allowed range",
"description": "Get an alert when the number of twin updates (by the device or the service) in the time window is not in the allowed range",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
},
{
"ruleType": "UnauthorizedOperationsNotInAllowedRange",
"displayName": "Number of unauthorized operations is not in allowed range",
"description": "Get an alert when the number unauthorized operations in the time window is not in the allowed range. Unauthorized operations are operations that affect the device (or done by it) that fail because of an unauthorized error",
"isEnabled": false,
"minThreshold": 0,
"maxThreshold": 0,
"timeWindowSize": "PT15M"
}
],
"allowlistRules": [
{
"ruleType": "ConnectionToIpNotAllowed",
"displayName": "Outbound connection to an ip that isn't allowed",
"description": "Get an alert when an outbound connection is created between your device and an ip that isn't allowed",
"isEnabled": false,
"allowlistValues": []
},
{
"ruleType": "LocalUserNotAllowed",
"displayName": "Login by a local user that isn't allowed",
"description": "Get an alert when a local user that isn't allowed logins to the device",
"isEnabled": false,
"allowlistValues": []
},
{
"ruleType": "ProcessNotAllowed",
"displayName": "Execution of a process that isn't allowed",
"description": "Get an alert when a process that isn't allowed is executed",
"isEnabled": false,
"allowlistValues": []
}
],
"denylistRules": []
}
}定义
| 名称 | 说明 |
|---|---|
|
Allowlist |
一个自定义警报规则,用于检查是否允许值(取决于自定义警报类型)。 |
|
Cloud |
所有 Azure 资源管理器 API 的常见错误响应,以返回失败操作的错误详细信息。 (这也遵循 OData 错误响应格式)。 |
|
Cloud |
错误详细信息。 |
|
Denylist |
一个自定义警报规则,用于检查值(取决于自定义警报类型)是否被拒绝。 |
|
Device |
设备安全组资源 |
|
Error |
资源管理错误附加信息。 |
|
Threshold |
一个自定义警报规则,用于检查值(取决于自定义警报类型)是否在给定范围内。 |
|
Time |
一个自定义警报规则,用于检查时间窗口中的活动数(取决于自定义警报类型)是否在给定范围内。 |
|
value |
列表中的项的值类型。 |
AllowlistCustomAlertRule
一个自定义警报规则,用于检查是否允许值(取决于自定义警报类型)。
| 名称 | 类型 | 说明 |
|---|---|---|
| allowlistValues |
string[] |
要允许的值。 值的格式取决于规则类型。 |
| description |
string |
自定义警报的说明。 |
| displayName |
string |
自定义警报的显示名称。 |
| isEnabled |
boolean |
自定义警报的状态。 |
| ruleType |
string |
自定义警报规则的类型。 |
| valueType |
列表中的项的值类型。 |
CloudError
所有 Azure 资源管理器 API 的常见错误响应,以返回失败操作的错误详细信息。 (这也遵循 OData 错误响应格式)。
| 名称 | 类型 | 说明 |
|---|---|---|
| error.additionalInfo |
错误附加信息。 |
|
| error.code |
string |
错误代码。 |
| error.details |
错误详细信息。 |
|
| error.message |
string |
错误消息。 |
| error.target |
string |
错误目标。 |
CloudErrorBody
错误详细信息。
| 名称 | 类型 | 说明 |
|---|---|---|
| additionalInfo |
错误附加信息。 |
|
| code |
string |
错误代码。 |
| details |
错误详细信息。 |
|
| message |
string |
错误消息。 |
| target |
string |
错误目标。 |
DenylistCustomAlertRule
一个自定义警报规则,用于检查值(取决于自定义警报类型)是否被拒绝。
| 名称 | 类型 | 说明 |
|---|---|---|
| denylistValues |
string[] |
要拒绝的值。 值的格式取决于规则类型。 |
| description |
string |
自定义警报的说明。 |
| displayName |
string |
自定义警报的显示名称。 |
| isEnabled |
boolean |
自定义警报的状态。 |
| ruleType |
string |
自定义警报规则的类型。 |
| valueType |
列表中的项的值类型。 |
DeviceSecurityGroup
设备安全组资源
| 名称 | 类型 | 说明 |
|---|---|---|
| id |
string |
资源 ID |
| name |
string |
资源名称 |
| properties.allowlistRules |
允许列表自定义警报规则。 |
|
| properties.denylistRules |
拒绝列表自定义警报规则。 |
|
| properties.thresholdRules |
自定义警报阈值规则的列表。 |
|
| properties.timeWindowRules |
自定义警报时间范围规则的列表。 |
|
| type |
string |
资源类型 |
ErrorAdditionalInfo
资源管理错误附加信息。
| 名称 | 类型 | 说明 |
|---|---|---|
| info |
object |
其他信息。 |
| type |
string |
其他信息类型。 |
ThresholdCustomAlertRule
一个自定义警报规则,用于检查值(取决于自定义警报类型)是否在给定范围内。
| 名称 | 类型 | 说明 |
|---|---|---|
| description |
string |
自定义警报的说明。 |
| displayName |
string |
自定义警报的显示名称。 |
| isEnabled |
boolean |
自定义警报的状态。 |
| maxThreshold |
integer |
最大阈值。 |
| minThreshold |
integer |
最小阈值。 |
| ruleType |
string |
自定义警报规则的类型。 |
TimeWindowCustomAlertRule
一个自定义警报规则,用于检查时间窗口中的活动数(取决于自定义警报类型)是否在给定范围内。
| 名称 | 类型 | 说明 |
|---|---|---|
| description |
string |
自定义警报的说明。 |
| displayName |
string |
自定义警报的显示名称。 |
| isEnabled |
boolean |
自定义警报的状态。 |
| maxThreshold |
integer |
最大阈值。 |
| minThreshold |
integer |
最小阈值。 |
| ruleType |
string |
自定义警报规则的类型。 |
| timeWindowSize |
string |
采用 iso8601 格式的时间窗口大小。 |
valueType
列表中的项的值类型。
| 名称 | 类型 | 说明 |
|---|---|---|
| IpCidr |
string |
CIDR 格式的 IP 范围(例如“192.168.0.1/8”)。 |
| String |
string |
任何字符串值。 |