< Back

Integration: AWS IoT Device Defender Violation Event

AWS IoT Device Defender is a security service that allows you to audit the configuration of your devices, monitor connected devices to detect abnormal behavior and mitigate security risks

Preparing an IAM Role

Before Device Defender can publish messages to SNS, you must create an IAM role as described in the AWS Documentation. Replace arn:aws:sns:region:account-id:your-topic-name with the SNS topic ARN.

Creating a Security Profile

A security profile defines a set of expected behaviors for devices in your account and specifies the actions to take when an anomaly is detected. Let’s create one:

  1. Open the AWS IoT Console.
  2. Navigate to Security Profiles and create a Rule-based anomaly Detect profile.
    Step 1: Navigate to Security Profiles
  3. Set a Name and define the condition that is regarded as abnormal. E.g., if you expect a sensor to report data every 5 minutes (or 12 times per hour), receiving data only 10 times per hour might be an issue if it happens two times in a row.
    Step 2: Define anomaly
  4. Configure the SNS topic you created and select the IAM Role you created in preparation above.
    Step 3: Configure SNS topic
  5. Attach the security profile to things to monitor.
    Step 4: Select things to monitor
  6. Last but not least, confirm your settings and save.
    Step 5: Confirm and save

Sample Alert

As soon as a thing violates a security profile, you should receive an alert in Slack or Microsoft Teams:

AWS IoT Device Defender Violation Event

More help needed? Or want to share feedback?

If you experience any issues, let us know.

E-mail icon
E-Mail
marbot teaser

Chatbot for AWS Monitoring

Configure monitoring for Amazon Web Services: CloudWatch, EC2, RDS, EB, Lambda, and more. Receive and manage alerts via Slack. Solve incidents as a team.

Slack
Add to Slack
Microsoft Teams
Add to Teams