CreateSecurityProfile
Creates a Device Defender security profile.
Requires permission to access the CreateSecurityProfile action.
Request Syntax
POST /security-profiles/securityProfileName HTTP/1.1
Content-type: application/json
{
"additionalMetricsToRetain": [ "string" ],
"additionalMetricsToRetainV2": [
{
"exportMetric": boolean,
"metric": "string",
"metricDimension": {
"dimensionName": "string",
"operator": "string"
}
}
],
"alertTargets": {
"string" : {
"alertTargetArn": "string",
"roleArn": "string"
}
},
"behaviors": [
{
"criteria": {
"comparisonOperator": "string",
"consecutiveDatapointsToAlarm": number,
"consecutiveDatapointsToClear": number,
"durationSeconds": number,
"mlDetectionConfig": {
"confidenceLevel": "string"
},
"statisticalThreshold": {
"statistic": "string"
},
"value": {
"cidrs": [ "string" ],
"count": number,
"number": number,
"numbers": [ number ],
"ports": [ number ],
"strings": [ "string" ]
}
},
"exportMetric": boolean,
"metric": "string",
"metricDimension": {
"dimensionName": "string",
"operator": "string"
},
"name": "string",
"suppressAlerts": boolean
}
],
"metricsExportConfig": {
"mqttTopic": "string",
"roleArn": "string"
},
"securityProfileDescription": "string",
"tags": [
{
"Key": "string",
"Value": "string"
}
]
}URI Request Parameters
The request uses the following URI parameters.
- securityProfileName
-
The name you are giving to the security profile.
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern:
[a-zA-Z0-9:_-]+Required: Yes
Request Body
The request accepts the following data in JSON format.
- additionalMetricsToRetain
-
This parameter has been deprecated.
Please use CreateSecurityProfile:additionalMetricsToRetainV2 instead.
A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the profile's
behaviors, but it is also retained for any metric specified here. Can be used with custom metrics; cannot be used with dimensions.Type: Array of strings
Required: No
- additionalMetricsToRetainV2
-
A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the profile's
behaviors, but it is also retained for any metric specified here. Can be used with custom metrics; cannot be used with dimensions.Type: Array of MetricToRetain objects
Required: No
- alertTargets
-
Specifies the destinations to which alerts are sent. (Alerts are always sent to the console.) Alerts are generated when a device (thing) violates a behavior.
Type: String to AlertTarget object map
Valid Keys:
SNSRequired: No
- behaviors
-
Specifies the behaviors that, when violated by a device (thing), cause an alert.
Type: Array of Behavior objects
Array Members: Maximum number of 100 items.
Required: No
- metricsExportConfig
-
Specifies the MQTT topic and role ARN required for metric export.
Type: MetricsExportConfig object
Required: No
- securityProfileDescription
-
A description of the security profile.
Type: String
Length Constraints: Maximum length of 1000.
Pattern:
[\p{Graph}\x20]*Required: No
-
Metadata that can be used to manage the security profile.
Type: Array of Tag objects
Required: No
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"securityProfileArn": "string",
"securityProfileName": "string"
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- securityProfileArn
-
The ARN of the security profile.
Type: String
- securityProfileName
-
The name you gave to the security profile.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern:
[a-zA-Z0-9:_-]+
Errors
- InternalFailureException
-
An unexpected error has occurred.
HTTP Status Code: 500
- InvalidRequestException
-
The request is not valid.
HTTP Status Code: 400
- ResourceAlreadyExistsException
-
The resource already exists.
HTTP Status Code: 409
- ThrottlingException
-
The rate exceeds the limit.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
