Audit | Detect | Alert | Mitigate
- Device Defender AWS IoT Device Defender is a fully managed service that helps you secure your fleet of IoT devices.
- Certificates - attached to AWS IoT thing/device. Device certificates that are used by devices and clients to connect to AWS IoT.
- Schedules You schedule the frequency of the audit and what checks are to be performed during each scan. For this lab and test IoT device, I have selected the recurrence of Monthly and covering medium, high, and critical checks I wish to have run.
Based on audits performed, there may be various audit action tasks.
Allow you to turn off findings related to a resource for a defined period of time until the resource is fixed, or indefinitely due to some exception.
When a device behavior anomaly is detected.
Security Profiles define how your devices should behave and specify an alert mechanism for anomalies. Security Profiles are attached to one or more things.
For this example, I am going to create a new ML anomaly detection profile.
- Mitigation Actions
Automation, automation, automation!!
Below is an example where we can create a rule or action to be taken to help mitigate the issue(s) found during an audit or some other ongoing detection/monitoring.
(AWS IoT | Device Defender | Detect | Security Profiles [ThingName] )
Alarms (Active / History)
- Behavior and ML Training
Top comments (0)