Azure IoT Custom Security Alerts

I love that IoT Hub makes it easy to add custom alerts. You can also manage these alerts for groups of devices, instead of attempting to create them one at a time. These alerts allow you to build specific rules for these groups of devices that best fit the use case of the device.

The following the recommended method for setting these up in the portal. I’m still searching for a way to do this with Azure CLI, but when I find it I’ll post an update.

Because you as the developer will know your devices best and understand what sort of alerts you need to create for your device parameters, Azure Security Center provides a way for you to develop device behavior policies and alerts.

What are security groups?

Security groups are a logical way to maintain devices by tags. You choose how those devices are categorized. It could be by hardware type, region, or whatever best fits your particular domain needs.

This is tagged in the device twin settings under the tags property of “SecurityGroup,” and comes with a value of “Default”

After creating a group, you can assign custom alerts.

How do you customize an alert?

  1. On your IoT Hub Security section, open the Settings
  2. Click custom alerts
  3. If you haven’t, create a device security group
  4. Click on the new security group
  5. Click Create custom alert rule
  6. Select a rule from the list

You can find a list of customizable security alerts here:

Customizable security alerts – Azure Security Center for IoT

Set your parameters for the rule.

For example, I selected the custom alert for “Login by a local user that isn’t allowed,” and added an email for paul@raspberrypitestdevice.com.

Save the new rule. Continue this process for each group and each rule.

4 Comments

    1. Hmm, it’s been a while, but I did get this working in a lab. I do remember that it could take up to 15 or 20 minutes for the message to come through. I assume you’re getting telemetry data?

      Like

    2. James, I’ve fired up a new hub and pointed a device to it. I’ve created a very basic MQTT too many messages within a timespan rule. I’ll let it run for a while and report my results. If it works, I’ll send you all my system details.

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s