你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站，请访问 https://docs.azure.cn。

Iot Security Solution Analytics - Get

Service:

Defender for Cloud

API Version:

2019-08-01

使用此方法获取 IoT 安全分析指标。

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default?api-version=2019-08-01

URI 参数

名称	在	必需	类型	说明
resourceGroupName	path	True	string	用户订阅中的资源组的名称。 此名称不区分大小写。 Regex pattern: ^[-\w\._\(\)]+$
solutionName	path	True	string	IoT 安全解决方案的名称。
subscriptionId	path	True	string	Azure 订阅 ID Regex pattern: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$
api-version	query	True	string	操作的 API 版本

响应

名称	类型	说明
200 OK	IoTSecuritySolutionAnalyticsModel	确定
Other Status Codes	CloudError	描述操作失败原因的错误响应。

安全性

azure_auth

Azure Active Directory OAuth2 流

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

名称	说明
user_impersonation	模拟用户帐户

示例

Get Security Solution Analytics

Sample Request

HTTP

GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/iotSecuritySolutions/default/analyticsModels/default?api-version=2019-08-01

Java

/**
 * Samples for IotSecuritySolutionAnalytics Get.
 */
public final class Main {
    /*
     * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/
     * IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics.json
     */
    /**
     * Sample code: Get Security Solution Analytics.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void getSecuritySolutionAnalytics(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.iotSecuritySolutionAnalytics().getWithResponse("MyGroup", "default", com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/b43974e07d3204c4b6f8396627f5430994a7f7c9/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics.json
func ExampleIotSecuritySolutionAnalyticsClient_Get() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewIotSecuritySolutionAnalyticsClient().Get(ctx, "MyGroup", "default", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.IoTSecuritySolutionAnalyticsModel = armsecurity.IoTSecuritySolutionAnalyticsModel{
	// 	Name: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default"),
	// 	Type: to.Ptr("Microsoft.Security/iotSecuritySolutions/analyticsModels"),
	// 	ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default"),
	// 	Properties: &armsecurity.IoTSecuritySolutionAnalyticsModelProperties{
	// 		DevicesMetrics: []*armsecurity.IoTSecuritySolutionAnalyticsModelPropertiesDevicesMetricsItem{
	// 			{
	// 				Date: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-02-01T00:00:00.000Z"); return t}()),
	// 				DevicesMetrics: &armsecurity.IoTSeverityMetrics{
	// 					High: to.Ptr[int64](3),
	// 					Low: to.Ptr[int64](70),
	// 					Medium: to.Ptr[int64](15),
	// 				},
	// 			},
	// 			{
	// 				Date: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-02-02T00:00:00.000Z"); return t}()),
	// 				DevicesMetrics: &armsecurity.IoTSeverityMetrics{
	// 					High: to.Ptr[int64](3),
	// 					Low: to.Ptr[int64](65),
	// 					Medium: to.Ptr[int64](45),
	// 				},
	// 		}},
	// 		Metrics: &armsecurity.IoTSeverityMetrics{
	// 			High: to.Ptr[int64](5),
	// 			Low: to.Ptr[int64](102),
	// 			Medium: to.Ptr[int64](200),
	// 		},
	// 		MostPrevalentDeviceAlerts: []*armsecurity.IoTSecurityDeviceAlert{
	// 			{
	// 				AlertDisplayName: to.Ptr("Custom Alert - number of device to cloud messages in AMQP protocol is not in the allowed range"),
	// 				AlertsCount: to.Ptr[int64](200),
	// 				ReportedSeverity: to.Ptr(armsecurity.ReportedSeverityLow),
	// 			},
	// 			{
	// 				AlertDisplayName: to.Ptr("Custom Alert - execution of a process that is not allowed"),
	// 				AlertsCount: to.Ptr[int64](170),
	// 				ReportedSeverity: to.Ptr(armsecurity.ReportedSeverityMedium),
	// 			},
	// 			{
	// 				AlertDisplayName: to.Ptr("Successful Bruteforce"),
	// 				AlertsCount: to.Ptr[int64](150),
	// 				ReportedSeverity: to.Ptr(armsecurity.ReportedSeverityLow),
	// 		}},
	// 		MostPrevalentDeviceRecommendations: []*armsecurity.IoTSecurityDeviceRecommendation{
	// 			{
	// 				DevicesCount: to.Ptr[int64](200),
	// 				RecommendationDisplayName: to.Ptr("Install the Azure Security of Things Agent"),
	// 				ReportedSeverity: to.Ptr(armsecurity.ReportedSeverityLow),
	// 			},
	// 			{
	// 				DevicesCount: to.Ptr[int64](170),
	// 				RecommendationDisplayName: to.Ptr("High level permissions configured in Edge model twin for Edge module"),
	// 				ReportedSeverity: to.Ptr(armsecurity.ReportedSeverityLow),
	// 			},
	// 			{
	// 				DevicesCount: to.Ptr[int64](150),
	// 				RecommendationDisplayName: to.Ptr("Same Authentication Credentials used by multiple devices"),
	// 				ReportedSeverity: to.Ptr(armsecurity.ReportedSeverityMedium),
	// 		}},
	// 		TopAlertedDevices: []*armsecurity.IoTSecurityAlertedDevice{
	// 			{
	// 				AlertsCount: to.Ptr[int64](200),
	// 				DeviceID: to.Ptr("id1"),
	// 			},
	// 			{
	// 				AlertsCount: to.Ptr[int64](170),
	// 				DeviceID: to.Ptr("id2"),
	// 			},
	// 			{
	// 				AlertsCount: to.Ptr[int64](150),
	// 				DeviceID: to.Ptr("id3"),
	// 		}},
	// 		UnhealthyDeviceCount: to.Ptr[int64](1200),
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Use this method to get IoT Security Analytics metrics.
 *
 * @summary Use this method to get IoT Security Analytics metrics.
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics.json
 */
async function getSecuritySolutionAnalytics() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const resourceGroupName = process.env["SECURITY_RESOURCE_GROUP"] || "MyGroup";
  const solutionName = "default";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const result = await client.iotSecuritySolutionAnalytics.get(resourceGroupName, solutionName);
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics.json
// this example is just showing the usage of "IotSecuritySolutionAnalytics_Get" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this IotSecuritySolutionAnalyticsModelResource created on azure
// for more information of creating IotSecuritySolutionAnalyticsModelResource, please refer to the document of IotSecuritySolutionAnalyticsModelResource
string subscriptionId = "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
string resourceGroupName = "MyGroup";
string solutionName = "default";
ResourceIdentifier iotSecuritySolutionAnalyticsModelResourceId = IotSecuritySolutionAnalyticsModelResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, solutionName);
IotSecuritySolutionAnalyticsModelResource iotSecuritySolutionAnalyticsModel = client.GetIotSecuritySolutionAnalyticsModelResource(iotSecuritySolutionAnalyticsModelResourceId);

// invoke the operation
IotSecuritySolutionAnalyticsModelResource result = await iotSecuritySolutionAnalyticsModel.GetAsync();

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
IotSecuritySolutionAnalyticsModelData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default",
  "name": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default",
  "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels",
  "properties": {
    "metrics": {
      "high": 5,
      "medium": 200,
      "low": 102
    },
    "unhealthyDeviceCount": 1200,
    "devicesMetrics": [
      {
        "date": "2019-02-01T00:00:00Z",
        "devicesMetrics": {
          "high": 3,
          "medium": 15,
          "low": 70
        }
      },
      {
        "date": "2019-02-02T00:00:00Z",
        "devicesMetrics": {
          "high": 3,
          "medium": 45,
          "low": 65
        }
      }
    ],
    "topAlertedDevices": [
      {
        "deviceId": "id1",
        "alertsCount": 200
      },
      {
        "deviceId": "id2",
        "alertsCount": 170
      },
      {
        "deviceId": "id3",
        "alertsCount": 150
      }
    ],
    "mostPrevalentDeviceAlerts": [
      {
        "alertDisplayName": "Custom Alert - number of device to cloud messages in AMQP protocol is not in the allowed range",
        "reportedSeverity": "Low",
        "alertsCount": 200
      },
      {
        "alertDisplayName": "Custom Alert - execution of a process that is not allowed",
        "reportedSeverity": "Medium",
        "alertsCount": 170
      },
      {
        "alertDisplayName": "Successful Bruteforce",
        "reportedSeverity": "Low",
        "alertsCount": 150
      }
    ],
    "mostPrevalentDeviceRecommendations": [
      {
        "recommendationDisplayName": "Install the Azure Security of Things Agent",
        "reportedSeverity": "Low",
        "devicesCount": 200
      },
      {
        "recommendationDisplayName": "High level permissions configured in Edge model twin for Edge module",
        "reportedSeverity": "Low",
        "devicesCount": 170
      },
      {
        "recommendationDisplayName": "Same Authentication Credentials used by multiple devices",
        "reportedSeverity": "Medium",
        "devicesCount": 150
      }
    ]
  }
}

定义

名称	说明
CloudError	对所有 Azure 资源管理器 API 的常见错误响应，可返回失败操作的错误详细信息。 (这也遵循 OData 错误响应格式.) 。
CloudErrorBody	错误详细信息。
DevicesMetrics	按聚合日期列出的设备指标列表。
ErrorAdditionalInfo	资源管理错误附加信息。
IoTSecurityAlertedDevice	有关上次设置天数内每台设备的警报数的统计信息。
IoTSecurityDeviceAlert	有关上次设置天数内每个警报类型的警报数的统计信息
IoTSecurityDeviceRecommendation	有关每个设备、每个建议类型的建议数的统计信息。
IoTSecuritySolutionAnalyticsModel	IoT 安全解决方案的安全分析
IoTSeverityMetrics	IoT 安全解决方案分析严重性指标。
reportedSeverity	已评估警报严重性。

CloudError

对所有 Azure 资源管理器 API 的常见错误响应，可返回失败操作的错误详细信息。 (这也遵循 OData 错误响应格式.) 。

名称	类型	说明
error.additionalInfo	ErrorAdditionalInfo[]	错误附加信息。
error.code	string	错误代码。
error.details	CloudErrorBody[]	错误详细信息。
error.message	string	错误消息。
error.target	string	错误目标。

CloudErrorBody

错误详细信息。

名称	类型	说明
additionalInfo	ErrorAdditionalInfo[]	错误附加信息。
code	string	错误代码。
details	CloudErrorBody[]	错误详细信息。
message	string	错误消息。
target	string	错误目标。

DevicesMetrics

按聚合日期列出的设备指标列表。

名称	类型	说明
date	string	IoT 安全解决方案设备警报指标的聚合（按日期）。
devicesMetrics	IoTSeverityMetrics	按严重性划分的设备警报计数。

ErrorAdditionalInfo

资源管理错误附加信息。

名称	类型	说明
info	object	其他信息。
type	string	其他信息类型。

IoTSecurityAlertedDevice

有关上次设置天数内每台设备的警报数的统计信息。

名称	类型	说明
alertsCount	integer	为此设备引发的警报数。
deviceId	string	设备标识符。

IoTSecurityDeviceAlert

有关上次设置天数内每个警报类型的警报数的统计信息

名称	类型	说明
alertDisplayName	string	警报的显示名称
alertsCount	integer	为此警报类型引发的警报数。
reportedSeverity	reportedSeverity	已评估警报严重性。

IoTSecurityDeviceRecommendation

有关每个设备、每个建议类型的建议数的统计信息。

名称	类型	说明
devicesCount	integer	具有此建议的设备数。
recommendationDisplayName	string	建议的显示名称。
reportedSeverity	reportedSeverity	评估的建议严重性。

IoTSecuritySolutionAnalyticsModel

IoT 安全解决方案的安全分析

名称	类型	说明
id	string	资源 ID
name	string	资源名称
properties.devicesMetrics	DevicesMetrics[]	按聚合日期列出的设备指标列表。
properties.metrics	IoTSeverityMetrics	IoT 安全解决方案的安全分析。
properties.mostPrevalentDeviceAlerts	IoTSecurityDeviceAlert[]	3 个最常用的设备警报的列表。
properties.mostPrevalentDeviceRecommendations	IoTSecurityDeviceRecommendation[]	3 种最常用的设备建议列表。
properties.topAlertedDevices	IoTSecurityAlertedDevice[]	警报最多的 3 个设备的列表。
properties.unhealthyDeviceCount	integer	IoT 安全解决方案中运行不正常的设备数。
type	string	资源类型

IoTSeverityMetrics

IoT 安全解决方案分析严重性指标。

名称	类型	说明
high	integer	高严重性警报/建议的计数。
low	integer	低严重性警报/建议计数。
medium	integer	中等严重性警报/建议的计数。

reportedSeverity

已评估警报严重性。

名称	类型	说明
High	string
Informational	string
Low	string
Medium	string