# ListViolationEvents
<a name="API_ListViolationEvents"></a>

Lists the Device Defender security profile violations discovered during the given time period. You can use filters to limit the results to those alerts issued for a particular security profile, behavior, or thing (device).

Requires permission to access the [ListViolationEvents](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions) action.

## Request Syntax
<a name="API_ListViolationEvents_RequestSyntax"></a>

```
GET /violation-events?behaviorCriteriaType=behaviorCriteriaType&endTime=endTime&listSuppressedAlerts=listSuppressedAlerts&maxResults=maxResults&nextToken=nextToken&securityProfileName=securityProfileName&startTime=startTime&thingName=thingName&verificationState=verificationState HTTP/1.1
```

## URI Request Parameters
<a name="API_ListViolationEvents_RequestParameters"></a>

The request uses the following URI parameters.

 ** [behaviorCriteriaType](#API_ListViolationEvents_RequestSyntax) **   <a name="iot-ListViolationEvents-request-uri-behaviorCriteriaType"></a>
 The criteria for a behavior.   
Valid Values: `STATIC | STATISTICAL | MACHINE_LEARNING` 

 ** [endTime](#API_ListViolationEvents_RequestSyntax) **   <a name="iot-ListViolationEvents-request-uri-endTime"></a>
The end time for the alerts to be listed.  
Required: Yes

 ** [listSuppressedAlerts](#API_ListViolationEvents_RequestSyntax) **   <a name="iot-ListViolationEvents-request-uri-listSuppressedAlerts"></a>
 A list of all suppressed alerts. 

 ** [maxResults](#API_ListViolationEvents_RequestSyntax) **   <a name="iot-ListViolationEvents-request-uri-maxResults"></a>
The maximum number of results to return at one time.  
Valid Range: Minimum value of 1. Maximum value of 250.

 ** [nextToken](#API_ListViolationEvents_RequestSyntax) **   <a name="iot-ListViolationEvents-request-uri-nextToken"></a>
The token for the next set of results.

 ** [securityProfileName](#API_ListViolationEvents_RequestSyntax) **   <a name="iot-ListViolationEvents-request-uri-securityProfileName"></a>
A filter to limit results to those alerts generated by the specified security profile.  
Length Constraints: Minimum length of 1. Maximum length of 128.  
Pattern: `[a-zA-Z0-9:_-]+` 

 ** [startTime](#API_ListViolationEvents_RequestSyntax) **   <a name="iot-ListViolationEvents-request-uri-startTime"></a>
The start time for the alerts to be listed.  
Required: Yes

 ** [thingName](#API_ListViolationEvents_RequestSyntax) **   <a name="iot-ListViolationEvents-request-uri-thingName"></a>
A filter to limit results to those alerts caused by the specified thing.  
Length Constraints: Minimum length of 1. Maximum length of 128.

 ** [verificationState](#API_ListViolationEvents_RequestSyntax) **   <a name="iot-ListViolationEvents-request-uri-verificationState"></a>
The verification state of the violation (detect alarm).  
Valid Values: `FALSE_POSITIVE | BENIGN_POSITIVE | TRUE_POSITIVE | UNKNOWN` 

## Request Body
<a name="API_ListViolationEvents_RequestBody"></a>

The request does not have a request body.

## Response Syntax
<a name="API_ListViolationEvents_ResponseSyntax"></a>

```
HTTP/1.1 200
Content-type: application/json

{
   "nextToken": "string",
   "violationEvents": [ 
      { 
         "behavior": { 
            "criteria": { 
               "comparisonOperator": "string",
               "consecutiveDatapointsToAlarm": number,
               "consecutiveDatapointsToClear": number,
               "durationSeconds": number,
               "mlDetectionConfig": { 
                  "confidenceLevel": "string"
               },
               "statisticalThreshold": { 
                  "statistic": "string"
               },
               "value": { 
                  "cidrs": [ "string" ],
                  "count": number,
                  "number": number,
                  "numbers": [ number ],
                  "ports": [ number ],
                  "strings": [ "string" ]
               }
            },
            "exportMetric": boolean,
            "metric": "string",
            "metricDimension": { 
               "dimensionName": "string",
               "operator": "string"
            },
            "name": "string",
            "suppressAlerts": boolean
         },
         "metricValue": { 
            "cidrs": [ "string" ],
            "count": number,
            "number": number,
            "numbers": [ number ],
            "ports": [ number ],
            "strings": [ "string" ]
         },
         "securityProfileName": "string",
         "thingName": "string",
         "verificationState": "string",
         "verificationStateDescription": "string",
         "violationEventAdditionalInfo": { 
            "confidenceLevel": "string"
         },
         "violationEventTime": number,
         "violationEventType": "string",
         "violationId": "string"
      }
   ]
}
```

## Response Elements
<a name="API_ListViolationEvents_ResponseElements"></a>

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [nextToken](#API_ListViolationEvents_ResponseSyntax) **   <a name="iot-ListViolationEvents-response-nextToken"></a>
A token that can be used to retrieve the next set of results, or `null` if there are no additional results.  
Type: String

 ** [violationEvents](#API_ListViolationEvents_ResponseSyntax) **   <a name="iot-ListViolationEvents-response-violationEvents"></a>
The security profile violation alerts issued for this account during the given time period, potentially filtered by security profile, behavior violated, or thing (device) violating.  
Type: Array of [ViolationEvent](API_ViolationEvent.md) objects

## Errors
<a name="API_ListViolationEvents_Errors"></a>

 ** InternalFailureException **   
An unexpected error has occurred.    
 ** message **   
The message for the exception.
HTTP Status Code: 500

 ** InvalidRequestException **   
The request is not valid.    
 ** message **   
The message for the exception.
HTTP Status Code: 400

 ** ThrottlingException **   
The rate exceeds the limit.    
 ** message **   
The message for the exception.
HTTP Status Code: 400

## See Also
<a name="API_ListViolationEvents_SeeAlso"></a>

For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/iot-2015-05-28/ListViolationEvents) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/iot-2015-05-28/ListViolationEvents) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/iot-2015-05-28/ListViolationEvents) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/iot-2015-05-28/ListViolationEvents) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/iot-2015-05-28/ListViolationEvents) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/iot-2015-05-28/ListViolationEvents) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/iot-2015-05-28/ListViolationEvents) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/iot-2015-05-28/ListViolationEvents) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/iot-2015-05-28/ListViolationEvents) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/iot-2015-05-28/ListViolationEvents)