StartDetectMitigationActionsTask
Note
The AWS IoT Device Defender detect feature will no longer be available to new customers starting August 31, 2026. If you would like to use the detect feature, sign up prior to August 31, 2026. To learn about alternatives to AWS IoT Device Defender detect, see AWS IoT Device Defender detect feature availability change. There is no change to AWS IoT Device Defender audit availability.
Starts a Device Defender ML Detect mitigation actions task.
Requires permission to access the StartDetectMitigationActionsTask action.
Request Syntax
PUT /detect/mitigationactions/tasks/taskId HTTP/1.1
Content-type: application/json
{
"actions": [ "string" ],
"clientRequestToken": "string",
"includeOnlyActiveViolations": boolean,
"includeSuppressedAlerts": boolean,
"target": {
"behaviorName": "string",
"securityProfileName": "string",
"violationIds": [ "string" ]
},
"violationEventOccurrenceRange": {
"endTime": number,
"startTime": number
}
}
URI Request Parameters
The request uses the following URI parameters.
- taskId
-
The unique identifier of the task.
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern:
[a-zA-Z0-9_-]+Required: Yes
Request Body
The request accepts the following data in JSON format.
- actions
-
The actions to be performed when a device has unexpected behavior.
Type: Array of strings
Array Members: Minimum number of 1 item. Maximum number of 5 items.
Length Constraints: Maximum length of 128.
Pattern:
[a-zA-Z0-9_-]+Required: Yes
- clientRequestToken
-
Each mitigation action task must have a unique client request token. If you try to create a new task with the same token as a task that already exists, an exception occurs. If you omit this value, AWS SDKs will automatically generate a unique client request.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern:
^[a-zA-Z0-9-_]+$Required: Yes
- includeOnlyActiveViolations
-
Specifies to list only active violations.
Type: Boolean
Required: No
- includeSuppressedAlerts
-
Specifies to include suppressed alerts.
Type: Boolean
Required: No
- target
-
Specifies the ML Detect findings to which the mitigation actions are applied.
Type: DetectMitigationActionsTaskTarget object
Required: Yes
- violationEventOccurrenceRange
-
Specifies the time period of which violation events occurred between.
Type: ViolationEventOccurrenceRange object
Required: No
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"taskId": "string"
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- taskId
-
The unique identifier of the task.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern:
[a-zA-Z0-9_-]+
Errors
- InternalFailureException
-
An unexpected error has occurred.
- message
-
The message for the exception.
HTTP Status Code: 500
- InvalidRequestException
-
The request is not valid.
- message
-
The message for the exception.
HTTP Status Code: 400
- LimitExceededException
-
A limit has been exceeded.
- message
-
The message for the exception.
HTTP Status Code: 410
- TaskAlreadyExistsException
-
This exception occurs if you attempt to start a task with the same task-id as an existing task but with a different clientRequestToken.
HTTP Status Code: 400
- ThrottlingException
-
The rate exceeds the limit.
- message
-
The message for the exception.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: