Iot Security Solution Analytics - Get

服務:

Defender for Cloud

API 版本:

2019-08-01

使用此方法可取得IoT安全性分析計量。

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default?api-version=2019-08-01

URI 參數

名稱	位於	必要	類型	Description
resourceGroupName	path	True	string	用戶訂用帳戶內的資源組名。 名稱不區分大小寫。 Regex 模式: ^[-\w\._\(\)]+$
solutionName	path	True	string	IoT 安全性解決方案的名稱。
subscriptionId	path	True	string	Azure 訂用帳戶標識碼 Regex 模式: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$
api-version	query	True	string	作業的 API 版本

回應

名稱	類型	Description
200 OK	IoTSecuritySolutionAnalyticsModel	還行
Other Status Codes	CloudError	描述作業失敗原因的錯誤回應。

安全性

azure_auth

Azure Active Directory OAuth2 Flow

類型: oauth2
Flow: implicit
授權 URL: https://login.microsoftonline.com/common/oauth2/authorize

範圍

名稱	Description
user_impersonation	模擬您的用戶帳戶

範例

Get Security Solution Analytics

範例要求

HTTP

GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/iotSecuritySolutions/default/analyticsModels/default?api-version=2019-08-01

Java

/**
 * Samples for IotSecuritySolutionAnalytics Get.
 */
public final class Main {
    /*
     * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/
     * IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics.json
     */
    /**
     * Sample code: Get Security Solution Analytics.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void getSecuritySolutionAnalytics(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.iotSecuritySolutionAnalytics().getWithResponse("MyGroup", "default", com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics.json
func ExampleIotSecuritySolutionAnalyticsClient_Get() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewIotSecuritySolutionAnalyticsClient().Get(ctx, "MyGroup", "default", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.IoTSecuritySolutionAnalyticsModel = armsecurity.IoTSecuritySolutionAnalyticsModel{
	// 	Name: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default"),
	// 	Type: to.Ptr("Microsoft.Security/iotSecuritySolutions/analyticsModels"),
	// 	ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default"),
	// 	Properties: &armsecurity.IoTSecuritySolutionAnalyticsModelProperties{
	// 		DevicesMetrics: []*armsecurity.IoTSecuritySolutionAnalyticsModelPropertiesDevicesMetricsItem{
	// 			{
	// 				Date: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-02-01T00:00:00.000Z"); return t}()),
	// 				DevicesMetrics: &armsecurity.IoTSeverityMetrics{
	// 					High: to.Ptr[int64](3),
	// 					Low: to.Ptr[int64](70),
	// 					Medium: to.Ptr[int64](15),
	// 				},
	// 			},
	// 			{
	// 				Date: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-02-02T00:00:00.000Z"); return t}()),
	// 				DevicesMetrics: &armsecurity.IoTSeverityMetrics{
	// 					High: to.Ptr[int64](3),
	// 					Low: to.Ptr[int64](65),
	// 					Medium: to.Ptr[int64](45),
	// 				},
	// 		}},
	// 		Metrics: &armsecurity.IoTSeverityMetrics{
	// 			High: to.Ptr[int64](5),
	// 			Low: to.Ptr[int64](102),
	// 			Medium: to.Ptr[int64](200),
	// 		},
	// 		MostPrevalentDeviceAlerts: []*armsecurity.IoTSecurityDeviceAlert{
	// 			{
	// 				AlertDisplayName: to.Ptr("Custom Alert - number of device to cloud messages in AMQP protocol is not in the allowed range"),
	// 				AlertsCount: to.Ptr[int64](200),
	// 				ReportedSeverity: to.Ptr(armsecurity.ReportedSeverityLow),
	// 			},
	// 			{
	// 				AlertDisplayName: to.Ptr("Custom Alert - execution of a process that is not allowed"),
	// 				AlertsCount: to.Ptr[int64](170),
	// 				ReportedSeverity: to.Ptr(armsecurity.ReportedSeverityMedium),
	// 			},
	// 			{
	// 				AlertDisplayName: to.Ptr("Successful Bruteforce"),
	// 				AlertsCount: to.Ptr[int64](150),
	// 				ReportedSeverity: to.Ptr(armsecurity.ReportedSeverityLow),
	// 		}},
	// 		MostPrevalentDeviceRecommendations: []*armsecurity.IoTSecurityDeviceRecommendation{
	// 			{
	// 				DevicesCount: to.Ptr[int64](200),
	// 				RecommendationDisplayName: to.Ptr("Install the Azure Security of Things Agent"),
	// 				ReportedSeverity: to.Ptr(armsecurity.ReportedSeverityLow),
	// 			},
	// 			{
	// 				DevicesCount: to.Ptr[int64](170),
	// 				RecommendationDisplayName: to.Ptr("High level permissions configured in Edge model twin for Edge module"),
	// 				ReportedSeverity: to.Ptr(armsecurity.ReportedSeverityLow),
	// 			},
	// 			{
	// 				DevicesCount: to.Ptr[int64](150),
	// 				RecommendationDisplayName: to.Ptr("Same Authentication Credentials used by multiple devices"),
	// 				ReportedSeverity: to.Ptr(armsecurity.ReportedSeverityMedium),
	// 		}},
	// 		TopAlertedDevices: []*armsecurity.IoTSecurityAlertedDevice{
	// 			{
	// 				AlertsCount: to.Ptr[int64](200),
	// 				DeviceID: to.Ptr("id1"),
	// 			},
	// 			{
	// 				AlertsCount: to.Ptr[int64](170),
	// 				DeviceID: to.Ptr("id2"),
	// 			},
	// 			{
	// 				AlertsCount: to.Ptr[int64](150),
	// 				DeviceID: to.Ptr("id3"),
	// 		}},
	// 		UnhealthyDeviceCount: to.Ptr[int64](1200),
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Use this method to get IoT Security Analytics metrics.
 *
 * @summary Use this method to get IoT Security Analytics metrics.
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics.json
 */
async function getSecuritySolutionAnalytics() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const resourceGroupName = process.env["SECURITY_RESOURCE_GROUP"] || "MyGroup";
  const solutionName = "default";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const result = await client.iotSecuritySolutionAnalytics.get(resourceGroupName, solutionName);
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics.json
// this example is just showing the usage of "IotSecuritySolutionAnalytics_Get" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this IotSecuritySolutionAnalyticsModelResource created on azure
// for more information of creating IotSecuritySolutionAnalyticsModelResource, please refer to the document of IotSecuritySolutionAnalyticsModelResource
string subscriptionId = "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
string resourceGroupName = "MyGroup";
string solutionName = "default";
ResourceIdentifier iotSecuritySolutionAnalyticsModelResourceId = IotSecuritySolutionAnalyticsModelResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, solutionName);
IotSecuritySolutionAnalyticsModelResource iotSecuritySolutionAnalyticsModel = client.GetIotSecuritySolutionAnalyticsModelResource(iotSecuritySolutionAnalyticsModelResourceId);

// invoke the operation
IotSecuritySolutionAnalyticsModelResource result = await iotSecuritySolutionAnalyticsModel.GetAsync();

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
IotSecuritySolutionAnalyticsModelData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

範例回覆

狀態碼:

200

{
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default",
  "name": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default",
  "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels",
  "properties": {
    "metrics": {
      "high": 5,
      "medium": 200,
      "low": 102
    },
    "unhealthyDeviceCount": 1200,
    "devicesMetrics": [
      {
        "date": "2019-02-01T00:00:00Z",
        "devicesMetrics": {
          "high": 3,
          "medium": 15,
          "low": 70
        }
      },
      {
        "date": "2019-02-02T00:00:00Z",
        "devicesMetrics": {
          "high": 3,
          "medium": 45,
          "low": 65
        }
      }
    ],
    "topAlertedDevices": [
      {
        "deviceId": "id1",
        "alertsCount": 200
      },
      {
        "deviceId": "id2",
        "alertsCount": 170
      },
      {
        "deviceId": "id3",
        "alertsCount": 150
      }
    ],
    "mostPrevalentDeviceAlerts": [
      {
        "alertDisplayName": "Custom Alert - number of device to cloud messages in AMQP protocol is not in the allowed range",
        "reportedSeverity": "Low",
        "alertsCount": 200
      },
      {
        "alertDisplayName": "Custom Alert - execution of a process that is not allowed",
        "reportedSeverity": "Medium",
        "alertsCount": 170
      },
      {
        "alertDisplayName": "Successful Bruteforce",
        "reportedSeverity": "Low",
        "alertsCount": 150
      }
    ],
    "mostPrevalentDeviceRecommendations": [
      {
        "recommendationDisplayName": "Install the Azure Security of Things Agent",
        "reportedSeverity": "Low",
        "devicesCount": 200
      },
      {
        "recommendationDisplayName": "High level permissions configured in Edge model twin for Edge module",
        "reportedSeverity": "Low",
        "devicesCount": 170
      },
      {
        "recommendationDisplayName": "Same Authentication Credentials used by multiple devices",
        "reportedSeverity": "Medium",
        "devicesCount": 150
      }
    ]
  }
}

定義

名稱	Description
CloudError	所有 Azure Resource Manager API 的常見錯誤回應，以傳回失敗作業的錯誤詳細數據。 （這也遵循 OData 錯誤回應格式。）。
CloudErrorBody	錯誤詳細數據。
DevicesMetrics	依匯總日期的裝置計量清單。
ErrorAdditionalInfo	資源管理錯誤其他資訊。
IoTSecurityAlertedDevice	關於過去一組天數內每個裝置警示數目的統計數據。
IoTSecurityDeviceAlert	過去一組天數內每個警示類型警示數目的統計數據
IoTSecurityDeviceRecommendation	每個裝置的建議數目、每個建議類型的統計數據。
IoTSecuritySolutionAnalyticsModel	IoT 安全性解決方案的安全性分析
IoTSeverityMetrics	IoT 安全性解決方案分析嚴重性計量。
reportedSeverity	評估的警示嚴重性。

CloudError

所有 Azure Resource Manager API 的常見錯誤回應，以傳回失敗作業的錯誤詳細數據。 （這也遵循 OData 錯誤回應格式。）。

名稱	類型	Description
error.additionalInfo	ErrorAdditionalInfo[]	錯誤其他資訊。
error.code	string	錯誤碼。
error.details	CloudErrorBody[]	錯誤詳細數據。
error.message	string	錯誤訊息。
error.target	string	錯誤目標。

CloudErrorBody

錯誤詳細數據。

名稱	類型	Description
additionalInfo	ErrorAdditionalInfo[]	錯誤其他資訊。
code	string	錯誤碼。
details	CloudErrorBody[]	錯誤詳細數據。
message	string	錯誤訊息。
target	string	錯誤目標。

DevicesMetrics

依匯總日期的裝置計量清單。

名稱	類型	Description
date	string	依日期匯總IoT安全性解決方案裝置警示計量。
devicesMetrics	IoTSeverityMetrics	依嚴重性排序的裝置警示計數。

ErrorAdditionalInfo

資源管理錯誤其他資訊。

名稱	類型	Description
info	object	其他資訊。
type	string	其他信息類型。

IoTSecurityAlertedDevice

關於過去一組天數內每個裝置警示數目的統計數據。

名稱	類型	Description
alertsCount	integer	此裝置引發的警示數目。
deviceId	string	裝置標識碼。

IoTSecurityDeviceAlert

過去一組天數內每個警示類型警示數目的統計數據

名稱	類型	Description
alertDisplayName	string	警示的顯示名稱
alertsCount	integer	針對此警示類型引發的警示數目。
reportedSeverity	reportedSeverity	評估的警示嚴重性。

IoTSecurityDeviceRecommendation

每個裝置的建議數目、每個建議類型的統計數據。

名稱	類型	Description
devicesCount	integer	此建議的裝置數目。
recommendationDisplayName	string	建議的顯示名稱。
reportedSeverity	reportedSeverity	評估的建議嚴重性。

IoTSecuritySolutionAnalyticsModel

IoT 安全性解決方案的安全性分析

名稱	類型	Description
id	string	資源標識碼
name	string	資源名稱
properties.devicesMetrics	DevicesMetrics[]	依匯總日期的裝置計量清單。
properties.metrics	IoTSeverityMetrics	IoT 安全性解決方案的安全性分析。
properties.mostPrevalentDeviceAlerts	IoTSecurityDeviceAlert[]	3 個最普遍裝置警示的清單。
properties.mostPrevalentDeviceRecommendations	IoTSecurityDeviceRecommendation[]	3 個最普遍裝置建議的清單。
properties.topAlertedDevices	IoTSecurityAlertedDevice[]	具有最多警示的 3 部裝置清單。
properties.unhealthyDeviceCount	integer	IoT 安全性解決方案內狀況不良的裝置數目。
type	string	資源類型

IoTSeverityMetrics

IoT 安全性解決方案分析嚴重性計量。

名稱	類型	Description
high	integer	高嚴重性警示/建議的計數。
low	integer	低嚴重性警示/建議的計數。
medium	integer	中等嚴重性警示/建議的計數。

reportedSeverity

評估的警示嚴重性。

名稱	類型	Description
High	string
Informational	string
Low	string
Medium	string