ListActiveViolations
Note
The AWS IoT Device Defender detect feature will no longer be available to new customers starting August 31, 2026. If you would like to use the detect feature, sign up prior to August 31, 2026. To learn about alternatives to AWS IoT Device Defender detect, see AWS IoT Device Defender detect feature availability change. There is no change to AWS IoT Device Defender audit availability.
Lists the active violations for a given Device Defender security profile.
Requires permission to access the ListActiveViolations action.
Request Syntax
GET /active-violations?behaviorCriteriaType=behaviorCriteriaType&listSuppressedAlerts=listSuppressedAlerts&maxResults=maxResults&nextToken=nextToken&securityProfileName=securityProfileName&thingName=thingName&verificationState=verificationState HTTP/1.1
URI Request Parameters
The request uses the following URI parameters.
- behaviorCriteriaType
-
The criteria for a behavior.
Valid Values:
STATIC | STATISTICAL | MACHINE_LEARNING - listSuppressedAlerts
-
A list of all suppressed alerts.
- maxResults
-
The maximum number of results to return at one time.
Valid Range: Minimum value of 1. Maximum value of 250.
- nextToken
-
The token for the next set of results.
- securityProfileName
-
The name of the Device Defender security profile for which violations are listed.
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern:
[a-zA-Z0-9:_-]+ - thingName
-
The name of the thing whose active violations are listed.
Length Constraints: Minimum length of 1. Maximum length of 128.
- verificationState
-
The verification state of the violation (detect alarm).
Valid Values:
FALSE_POSITIVE | BENIGN_POSITIVE | TRUE_POSITIVE | UNKNOWN
Request Body
The request does not have a request body.
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"activeViolations": [
{
"behavior": {
"criteria": {
"comparisonOperator": "string",
"consecutiveDatapointsToAlarm": number,
"consecutiveDatapointsToClear": number,
"durationSeconds": number,
"mlDetectionConfig": {
"confidenceLevel": "string"
},
"statisticalThreshold": {
"statistic": "string"
},
"value": {
"cidrs": [ "string" ],
"count": number,
"number": number,
"numbers": [ number ],
"ports": [ number ],
"strings": [ "string" ]
}
},
"exportMetric": boolean,
"metric": "string",
"metricDimension": {
"dimensionName": "string",
"operator": "string"
},
"name": "string",
"suppressAlerts": boolean
},
"lastViolationTime": number,
"lastViolationValue": {
"cidrs": [ "string" ],
"count": number,
"number": number,
"numbers": [ number ],
"ports": [ number ],
"strings": [ "string" ]
},
"securityProfileName": "string",
"thingName": "string",
"verificationState": "string",
"verificationStateDescription": "string",
"violationEventAdditionalInfo": {
"confidenceLevel": "string"
},
"violationId": "string",
"violationStartTime": number
}
],
"nextToken": "string"
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- activeViolations
-
The list of active violations.
Type: Array of ActiveViolation objects
- nextToken
-
A token that can be used to retrieve the next set of results, or
nullif there are no additional results.Type: String
Errors
- InternalFailureException
-
An unexpected error has occurred.
- message
-
The message for the exception.
HTTP Status Code: 500
- InvalidRequestException
-
The request is not valid.
- message
-
The message for the exception.
HTTP Status Code: 400
- ResourceNotFoundException
-
The specified resource does not exist.
- message
-
The message for the exception.
HTTP Status Code: 404
- ThrottlingException
-
The rate exceeds the limit.
- message
-
The message for the exception.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: