AWS IoT
Audit | Detect | Alert | Mitigate
- Device Defender AWS IoT Device Defender is a fully managed service that helps you secure your fleet of IoT devices.
- Certificates - attached to AWS IoT thing/device. Device certificates that are used by devices and clients to connect to AWS IoT.
Audit
- Results
- Schedules You schedule the frequency of the audit and what checks are to be performed during each scan. For this lab and test IoT device, I have selected the recurrence of Monthly and covering medium, high, and critical checks I wish to have run.
Action Tasks
Based on audits performed, there may be various audit action tasks.Finding Suppressions
Allow you to turn off findings related to a resource for a defined period of time until the resource is fixed, or indefinitely due to some exception.
Alarms
When a device behavior anomaly is detected.Security Profiles:
Security Profiles define how your devices should behave and specify an alert mechanism for anomalies. Security Profiles are attached to one or more things.
For this example, I am going to create a new ML anomaly detection profile.
- Mitigation Actions
Automation, automation, automation!!
Below is an example where we can create a rule or action to be taken to help mitigate the issue(s) found during an audit or some other ongoing detection/monitoring.
(AWS IoT | Device Defender | Detect | Security Profiles [ThingName] )
Alarms (Active / History)
Defender Metrics
- Behavior and ML Training
Top comments (0)