Integration: AWS IoT Device Defender Violation Event
You need to set up an Amazon SNS topic for this integration!
AWS IoT Device Defender is a security service that allows you to audit the configuration of your devices, monitor connected devices to detect abnormal behavior and mitigate security risks
Preparing an IAM Role
Before Device Defender can publish messages to SNS, you must create an IAM role as described in the AWS Documentation. Replace
arn:aws:sns:region:account-id:your-topic-name with the SNS topic ARN you created earlier.
Creating a Security Profile
A security profile defines a set of expected behaviors for devices in your account and specifies the actions to take when an anomaly is detected. Let’s create one:
- Open the AWS IoT Console.
- Navigate to Security Profiles and create a Rule-based anomaly Detect profile.
- Set a Name and define the condition that is regarded as abnormal. E.g., if you expect a sensor to report data every 5 minutes (or 12 times per hour), receiving data only 10 times per hour might be an issue if it happens two times in a row.
- Configure the SNS topic you created earlier and select the IAM Role you created in preparation above.
- Attach the security profile to things to monitor.
- Last but not least, confirm your settings and save.
As soon as a thing violates a security profile, you should receive an alert in Slack or Microsoft Teams:
Chatbot for AWS Monitoring
Configure monitoring for Amazon Web Services: CloudWatch, EC2, RDS, EB, Lambda, and more. Receive and manage alerts via Slack. Solve incidents as a team.