external help file | Module Name | online version | schema |
---|---|---|---|
Microsoft.Azure.PowerShell.Cmdlets.Security.dll-Help.xml |
Az.Security |
2.0.0 |
Get IoT security analytics
Get-AzIotSecurityAnalytics -ResourceGroupName <String> -SolutionName <String> [-Default]
[-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
The Get-AzIotSecurityAnalytics cmdlet returns a set of security analytics of a specific iot security solution
Get-AzIotSecurityAnalytics -ResourceGroupName "MyResourceGroup" -SolutionName "MySolution" -Default
Id: "/subscriptions/XXXXXXXX-XXXX-XXXXX-XXXX-XXXXXXXXXXXX/resourceGroups/MyResourceGroup/providers/Microsoft.Security/iotSecuritySolutions/MySolution/analyticsModels/default"
Name: "default"
Type: "Microsoft.Security/IoTSecuritySolutionAnalyticsModel"
Metrics: {
High": 5
Medium: 200
Low: 102
}
UnhealthyDeviceCount: 1200
DevicesMetrics: [
{
Date: "2019-02-01T00:00:00Z"
DevicesMetrics: {
High: 3
Medium: 15
Low: 70
}
}
{
Date: "2019-02-02T00:00:00Z"
DevicesMetrics: {
High: 3
Medium: 45
Low: 65
}
}
]
TopAlertedDevices: [
{
DeviceId: "id1"
AlertsCount: 200
}
{
DeviceId": "id2"
AlertsCount": 170
}
{
DeviceId": "id3"
AlertsCount": 150
}
]
MostPrevalentDeviceAlerts: [
{
AlertDisplayName: "Custom Alert - number of device to cloud messages in AMQP protocol is not in the allowed range"
ReportedSeverity: "Low"
AlertsCount: 200
}
{
AlertDisplayName: "Custom Alert - execution of a process that is not allowed"
ReportedSeverity: "Medium"
AlertsCount: 170
}
{
AlertDisplayName": "Successful Bruteforce"
ReportedSeverity": "Low"
AlertsCount": 150
}
]
MostPrevalentDeviceRecommendations: [
{
RecommendationDisplayName: "Install the Azure Security of Things Agent"
ReportedSeverity: "Low"
DevicesCount: 200
}
{
RecommendationDisplayName: "High level permissions configured in Edge model twin for Edge module"
ReportedSeverity: "Low"
DevicesCount: 170
}
{
RrecommendationDisplayName: "Same Authentication Credentials used by multiple devices"
ReportedSeverity: "Medium"
DevicesCount: 150
}
]
}
}
Get the deafult IoT Security Analytics for Security Solution "MySolution" in reasource group "MyResourceGroup"
If present, get the default analytics set, otherwise, get the list of all analytics sets.
Type: System.Management.Automation.SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
The credentials, account, tenant, and subscription used for communication with Azure.
Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
Parameter Sets: (All)
Aliases: AzContext, AzureRmContext, AzureCredential
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Resource group name.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Solution name
Type: System.String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.