Iot Alert Types - List
List IoT alert types
GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/iotAlertTypes?api-version=2019-08-01URI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
resource
|
path | True |
string |
The name of the resource group within the user's subscription. The name is case insensitive. Regex pattern: |
|
solution
|
path | True |
string |
The name of the IoT Security solution. |
|
subscription
|
path | True |
string |
Azure subscription ID Regex pattern: |
|
api-version
|
query | True |
string |
API version for the operation |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
OK |
|
| Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name | Description |
|---|---|
| user_impersonation | impersonate your user account |
Examples
Get IoT Alert Types
Sample Request
GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Security/iotSecuritySolutions/mySolution/iotAlertTypes?api-version=2019-08-01
Sample Response
{
"value": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Security/iotSecuritySolutions/mySolution/iotAlertTypes",
"name": "IoT_PrivilegedContainer",
"type": "Microsoft.Security/iotSecuritySolutions/iotAlertTypes",
"properties": {
"alertDisplayName": "Privileged container detected",
"severity": "Medium",
"description": "Machine logs indicate that a privileged Docker container is running. A privileged container has full access to host resources. If compromised, a malicious actor can use the privileged container to gain access to the host machine.",
"providerName": "IoTSecurity",
"remediationSteps": [
"If the container doesn't need to run in privileged mode, remove the privileges from the container."
],
"intent": "Exploitation,Execution",
"vendorName": "Microsoft",
"productName": "Azure Security Center for IoT",
"productComponentName": "IoT Hub"
}
}
]
}Definitions
| Name | Description |
|---|---|
|
alert |
Kill chain related intent behind the alert. Could contain multiple enum values (separated by commas) |
|
alert |
The severity of the alert |
|
Cloud |
Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.). |
|
Cloud |
The error detail. |
|
Error |
The resource management error additional info. |
|
Iot |
IoT alert type. |
|
Iot |
List of alert types |
alertIntent
Kill chain related intent behind the alert. Could contain multiple enum values (separated by commas)
| Name | Type | Description |
|---|---|---|
| Collection |
string |
|
| CommandAndControl |
string |
|
| CredentialAccess |
string |
|
| DefenseEvasion |
string |
|
| Discovery |
string |
|
| Execution |
string |
|
| Exfiltration |
string |
|
| Exploitation |
string |
|
| Impact |
string |
|
| InitialAccess |
string |
|
| LateralMovement |
string |
|
| Persistence |
string |
|
| PreAttack |
string |
|
| PrivilegeEscalation |
string |
|
| Probing |
string |
|
| Unknown |
string |
alertSeverity
The severity of the alert
| Name | Type | Description |
|---|---|---|
| High |
string |
|
| Informational |
string |
|
| Low |
string |
|
| Medium |
string |
CloudError
Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).
| Name | Type | Description |
|---|---|---|
| error.additionalInfo |
The error additional info. |
|
| error.code |
string |
The error code. |
| error.details |
The error details. |
|
| error.message |
string |
The error message. |
| error.target |
string |
The error target. |
CloudErrorBody
The error detail.
| Name | Type | Description |
|---|---|---|
| additionalInfo |
The error additional info. |
|
| code |
string |
The error code. |
| details |
The error details. |
|
| message |
string |
The error message. |
| target |
string |
The error target. |
ErrorAdditionalInfo
The resource management error additional info.
| Name | Type | Description |
|---|---|---|
| info |
object |
The additional info. |
| type |
string |
The additional info type. |
IotAlertType
IoT alert type.
| Name | Type | Description |
|---|---|---|
| id |
string |
Resource Id |
| name |
string |
Resource name |
| properties.alertDisplayName |
string |
The display name of the alert |
| properties.description |
string |
Description of the suspected vulnerability and meaning. |
| properties.intent |
Kill chain related intent behind the alert. Could contain multiple enum values (separated by commas) |
|
| properties.productComponentName |
string |
The name of a component inside the product which generated the alert |
| properties.productName |
string |
The name of the product which published this alert |
| properties.providerName |
string |
The name of the alert provider or internal partner |
| properties.remediationSteps |
string[] |
Manual action items to take to remediate the alert |
| properties.severity |
The severity of the alert |
|
| properties.vendorName |
string |
The name of the vendor that raise the alert |
| type |
string |
Resource type |
IotAlertTypeList
List of alert types
| Name | Type | Description |
|---|---|---|
| value |
List data |