Create custom alerts
Using custom security groups and alerts, takes full advantage of the end-to-end security information and categorical device knowledge to ensure better security across your IoT solution.
Why use custom alerts?
You know your IoT devices best.
For customers who fully understand their expected device behavior, Defender for IoT allows you to translate this understanding into a device behavior policy and alert on any deviation from expected, normal behavior.
Security groups
Security groups enable you to define logical groups of devices, and manage their security state in a centralized way.
These groups can represent devices with specific hardware, devices deployed in a certain location, or any other group suitable to your specific needs.
Security groups are defined by a device twin tag property named SecurityGroup. By default, each IoT solution on IoT Hub has one security group named default. Change the value of the SecurityGroup property to change the security group of a device.
For example:
{
"deviceId": "VM-Contoso12",
"etag": "AAAAAAAAAAM=",
"deviceEtag": "ODA1BzA5QjM2",
"status": "enabled",
"statusUpdateTime": "0001-01-01T00:00:00",
"connectionState": "Disconnected",
"lastActivityTime": "0001-01-01T00:00:00",
"cloudToDeviceMessageCount": 0,
"authenticationType": "sas",
"x509Thumbprint": {
"primaryThumbprint": null,
"secondaryThumbprint": null
},
"version": 4,
"tags": {
"SecurityGroup": "default"
},
Use security groups to group your devices into logical categories. After creating the groups, assign them to the custom alerts of your choice, for the most effective end-to-end IoT security solution.
Customize an alert
Open your IoT Hub and select Settings from the Security menu.
Select on Custom alerts.
Choose a security group you wish to apply the customization to.
Select Add a custom alert.
Select a custom alert from the dropdown list.
Edit the required properties, select OK.
Make sure to select SAVE. Without saving the new alert, the alert is deleted the next time you close IoT Hub.
Alerts available for customization
Defender for IoT offers a large number of alerts, which can be customized according to your specific needs. Review the customizable alert table for alert severity, data source, description, and our suggested remediation steps if and when each alert is received.
Next steps
Advance to the next article to learn how to deploy a security agent...
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for