ListActiveViolations - AWS IoT

ListActiveViolations

Lists the active violations for a given Device Defender security profile.

Requires permission to access the ListActiveViolations action.

Request Syntax

GET /active-violations?behaviorCriteriaType=behaviorCriteriaType&listSuppressedAlerts=listSuppressedAlerts&maxResults=maxResults&nextToken=nextToken&securityProfileName=securityProfileName&thingName=thingName&verificationState=verificationState HTTP/1.1

URI Request Parameters

The request uses the following URI parameters.

behaviorCriteriaType

The criteria for a behavior.

Valid Values: STATIC | STATISTICAL | MACHINE_LEARNING

listSuppressedAlerts

A list of all suppressed alerts.

maxResults

The maximum number of results to return at one time.

Valid Range: Minimum value of 1. Maximum value of 250.

nextToken

The token for the next set of results.

securityProfileName

The name of the Device Defender security profile for which violations are listed.

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [a-zA-Z0-9:_-]+

thingName

The name of the thing whose active violations are listed.

Length Constraints: Minimum length of 1. Maximum length of 128.

verificationState

The verification state of the violation (detect alarm).

Valid Values: FALSE_POSITIVE | BENIGN_POSITIVE | TRUE_POSITIVE | UNKNOWN

Request Body

The request does not have a request body.

Response Syntax

HTTP/1.1 200 Content-type: application/json { "activeViolations": [ { "behavior": { "criteria": { "comparisonOperator": "string", "consecutiveDatapointsToAlarm": number, "consecutiveDatapointsToClear": number, "durationSeconds": number, "mlDetectionConfig": { "confidenceLevel": "string" }, "statisticalThreshold": { "statistic": "string" }, "value": { "cidrs": [ "string" ], "count": number, "number": number, "numbers": [ number ], "ports": [ number ], "strings": [ "string" ] } }, "exportMetric": boolean, "metric": "string", "metricDimension": { "dimensionName": "string", "operator": "string" }, "name": "string", "suppressAlerts": boolean }, "lastViolationTime": number, "lastViolationValue": { "cidrs": [ "string" ], "count": number, "number": number, "numbers": [ number ], "ports": [ number ], "strings": [ "string" ] }, "securityProfileName": "string", "thingName": "string", "verificationState": "string", "verificationStateDescription": "string", "violationEventAdditionalInfo": { "confidenceLevel": "string" }, "violationId": "string", "violationStartTime": number } ], "nextToken": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

activeViolations

The list of active violations.

Type: Array of ActiveViolation objects

nextToken

A token that can be used to retrieve the next set of results, or null if there are no additional results.

Type: String

Errors

InternalFailureException

An unexpected error has occurred.

HTTP Status Code: 500

InvalidRequestException

The request is not valid.

HTTP Status Code: 400

ResourceNotFoundException

The specified resource does not exist.

HTTP Status Code: 404

ThrottlingException

The rate exceeds the limit.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: