Iot Security Solution Analytics - List

Use this method to get IoT security Analytics metrics in an array.

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels?api-version=2019-08-01

URI Parameters

Name In Required Type Description
resourceGroupName
path True
  • string

The name of the resource group within the user's subscription. The name is case insensitive.

Regex pattern: ^[-\w\._\(\)]+$

solutionName
path True
  • string

The name of the IoT Security solution.

subscriptionId
path True
  • string

Azure subscription ID

Regex pattern: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$

api-version
query True
  • string

API version for the operation

Responses

Name Type Description
200 OK

OK

Other Status Codes

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

Get Security Solution Analytics

Sample Request

GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/iotSecuritySolutions/default/analyticsModels?api-version=2019-08-01

Sample Response

{
  "value": [
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default",
      "name": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default",
      "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels",
      "properties": {
        "metrics": {
          "high": 5,
          "medium": 200,
          "low": 102
        },
        "unhealthyDeviceCount": 1200,
        "devicesMetrics": [
          {
            "date": "2019-02-01T00:00:00Z",
            "devicesMetrics": {
              "high": 3,
              "medium": 15,
              "low": 70
            }
          },
          {
            "date": "2019-02-02T00:00:00Z",
            "devicesMetrics": {
              "high": 3,
              "medium": 45,
              "low": 65
            }
          }
        ],
        "topAlertedDevices": [
          {
            "deviceId": "id1",
            "alertsCount": 200
          },
          {
            "deviceId": "id2",
            "alertsCount": 170
          },
          {
            "deviceId": "id3",
            "alertsCount": 150
          }
        ],
        "mostPrevalentDeviceAlerts": [
          {
            "alertDisplayName": "Custom Alert - number of device to cloud messages in AMQP protocol is not in the allowed range",
            "reportedSeverity": "Low",
            "alertsCount": 200
          },
          {
            "alertDisplayName": "Custom Alert - execution of a process that is not allowed",
            "reportedSeverity": "Medium",
            "alertsCount": 170
          },
          {
            "alertDisplayName": "Successful Bruteforce",
            "reportedSeverity": "Low",
            "alertsCount": 150
          }
        ],
        "mostPrevalentDeviceRecommendations": [
          {
            "recommendationDisplayName": "Install the Azure Security of Things Agent",
            "reportedSeverity": "Low",
            "devicesCount": 200
          },
          {
            "recommendationDisplayName": "High level permissions configured in Edge model twin for Edge module",
            "reportedSeverity": "Low",
            "devicesCount": 170
          },
          {
            "recommendationDisplayName": "Same Authentication Credentials used by multiple devices",
            "reportedSeverity": "Medium",
            "devicesCount": 150
          }
        ]
      }
    }
  ]
}

Definitions

CloudError

Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).

CloudErrorBody

The error detail.

DevicesMetrics

List of device metrics by the aggregation date.

ErrorAdditionalInfo

The resource management error additional info.

IoTSecurityAlertedDevice

Statistical information about the number of alerts per device during last set number of days.

IoTSecurityDeviceAlert

Statistical information about the number of alerts per alert type during last set number of days

IoTSecurityDeviceRecommendation

Statistical information about the number of recommendations per device, per recommendation type.

IoTSecuritySolutionAnalyticsModel

Security analytics of your IoT Security solution

IoTSecuritySolutionAnalyticsModelList

List of Security analytics of your IoT Security solution

IoTSeverityMetrics

IoT Security solution analytics severity metrics.

reportedSeverity

Assessed Alert severity.

CloudError

Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).

Name Type Description
error.additionalInfo

The error additional info.

error.code
  • string

The error code.

error.details

The error details.

error.message
  • string

The error message.

error.target
  • string

The error target.

CloudErrorBody

The error detail.

Name Type Description
additionalInfo

The error additional info.

code
  • string

The error code.

details

The error details.

message
  • string

The error message.

target
  • string

The error target.

DevicesMetrics

List of device metrics by the aggregation date.

Name Type Description
date
  • string

Aggregation of IoT Security solution device alert metrics by date.

devicesMetrics

Device alert count by severity.

ErrorAdditionalInfo

The resource management error additional info.

Name Type Description
info
  • object

The additional info.

type
  • string

The additional info type.

IoTSecurityAlertedDevice

Statistical information about the number of alerts per device during last set number of days.

Name Type Description
alertsCount
  • integer

Number of alerts raised for this device.

deviceId
  • string

Device identifier.

IoTSecurityDeviceAlert

Statistical information about the number of alerts per alert type during last set number of days

Name Type Description
alertDisplayName
  • string

Display name of the alert

alertsCount
  • integer

Number of alerts raised for this alert type.

reportedSeverity

Assessed Alert severity.

IoTSecurityDeviceRecommendation

Statistical information about the number of recommendations per device, per recommendation type.

Name Type Description
devicesCount
  • integer

Number of devices with this recommendation.

recommendationDisplayName
  • string

Display name of the recommendation.

reportedSeverity

Assessed recommendation severity.

IoTSecuritySolutionAnalyticsModel

Security analytics of your IoT Security solution

Name Type Description
id
  • string

Resource Id

name
  • string

Resource name

properties.devicesMetrics

List of device metrics by the aggregation date.

properties.metrics

Security analytics of your IoT Security solution.

properties.mostPrevalentDeviceAlerts

List of the 3 most prevalent device alerts.

properties.mostPrevalentDeviceRecommendations

List of the 3 most prevalent device recommendations.

properties.topAlertedDevices

List of the 3 devices with the most alerts.

properties.unhealthyDeviceCount
  • integer

Number of unhealthy devices within your IoT Security solution.

type
  • string

Resource type

IoTSecuritySolutionAnalyticsModelList

List of Security analytics of your IoT Security solution

Name Type Description
nextLink
  • string

When there is too much alert data for one page, use this URI to fetch the next page.

value

List of Security analytics of your IoT Security solution

IoTSeverityMetrics

IoT Security solution analytics severity metrics.

Name Type Description
high
  • integer

Count of high severity alerts/recommendations.

low
  • integer

Count of low severity alerts/recommendations.

medium
  • integer

Count of medium severity alerts/recommendations.

reportedSeverity

Assessed Alert severity.

Name Type Description
High
  • string
Informational
  • string
Low
  • string
Medium
  • string