Posted on 4 Comments

Azure IoT Custom Security Alerts

I love that IoT Hub makes it easy to add custom alerts. You can also manage these alerts for groups of devices, instead of attempting to create them one at a time. These alerts allow you to build specific rules for these groups of devices that best fit the use case of the device.

The following the recommended method for setting these up in the portal. I’m still searching for a way to do this with Azure CLI, but when I find it I’ll post an update.

Because you as the developer will know your devices best and understand what sort of alerts you need to create for your device parameters, Azure Security Center provides a way for you to develop device behavior policies and alerts.

What are security groups?

Security groups are a logical way to maintain devices by tags. You choose how those devices are categorized. It could be by hardware type, region, or whatever best fits your particular domain needs.

This is tagged in the device twin settings under the tags property of “SecurityGroup,” and comes with a value of “Default”

After creating a group, you can assign custom alerts.

How do you customize an alert?

  1. On your IoT Hub Security section, open the Settings
  2. Click custom alerts
  3. If you haven’t, create a device security group
  4. Click on the new security group
  5. Click Create custom alert rule
  6. Select a rule from the list

You can find a list of customizable security alerts here:

Customizable security alerts – Azure Security Center for IoT

Set your parameters for the rule.

For example, I selected the custom alert for “Login by a local user that isn’t allowed,” and added an email for paul@raspberrypitestdevice.com.

Save the new rule. Continue this process for each group and each rule.