ListActiveViolations
Lists the active violations for a given Device Defender security profile.
Requires permission to access the ListActiveViolations action.
Request Syntax
GET /active-violations?behaviorCriteriaType=behaviorCriteriaType&listSuppressedAlerts=listSuppressedAlerts&maxResults=maxResults&nextToken=nextToken&securityProfileName=securityProfileName&thingName=thingName&verificationState=verificationState HTTP/1.1
URI Request Parameters
The request uses the following URI parameters.
- behaviorCriteriaType
-
The criteria for a behavior.
Valid Values:
STATIC | STATISTICAL | MACHINE_LEARNING - listSuppressedAlerts
-
A list of all suppressed alerts.
- maxResults
-
The maximum number of results to return at one time.
Valid Range: Minimum value of 1. Maximum value of 250.
- nextToken
-
The token for the next set of results.
- securityProfileName
-
The name of the Device Defender security profile for which violations are listed.
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern:
[a-zA-Z0-9:_-]+ - thingName
-
The name of the thing whose active violations are listed.
Length Constraints: Minimum length of 1. Maximum length of 128.
- verificationState
-
The verification state of the violation (detect alarm).
Valid Values:
FALSE_POSITIVE | BENIGN_POSITIVE | TRUE_POSITIVE | UNKNOWN
Request Body
The request does not have a request body.
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"activeViolations": [
{
"behavior": {
"criteria": {
"comparisonOperator": "string",
"consecutiveDatapointsToAlarm": number,
"consecutiveDatapointsToClear": number,
"durationSeconds": number,
"mlDetectionConfig": {
"confidenceLevel": "string"
},
"statisticalThreshold": {
"statistic": "string"
},
"value": {
"cidrs": [ "string" ],
"count": number,
"number": number,
"numbers": [ number ],
"ports": [ number ],
"strings": [ "string" ]
}
},
"exportMetric": boolean,
"metric": "string",
"metricDimension": {
"dimensionName": "string",
"operator": "string"
},
"name": "string",
"suppressAlerts": boolean
},
"lastViolationTime": number,
"lastViolationValue": {
"cidrs": [ "string" ],
"count": number,
"number": number,
"numbers": [ number ],
"ports": [ number ],
"strings": [ "string" ]
},
"securityProfileName": "string",
"thingName": "string",
"verificationState": "string",
"verificationStateDescription": "string",
"violationEventAdditionalInfo": {
"confidenceLevel": "string"
},
"violationId": "string",
"violationStartTime": number
}
],
"nextToken": "string"
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- activeViolations
-
The list of active violations.
Type: Array of ActiveViolation objects
- nextToken
-
A token that can be used to retrieve the next set of results, or
nullif there are no additional results.Type: String
Errors
- InternalFailureException
-
An unexpected error has occurred.
- message
-
The message for the exception.
HTTP Status Code: 500
- InvalidRequestException
-
The request is not valid.
- message
-
The message for the exception.
HTTP Status Code: 400
- ResourceNotFoundException
-
The specified resource does not exist.
- message
-
The message for the exception.
HTTP Status Code: 404
- ThrottlingException
-
The rate exceeds the limit.
- message
-
The message for the exception.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
