Skip to main content

AWS IoT Device Defender Documentation

AWS IoT Device Defender is a managed service that helps you audit and monitor devices connected to AWS IoT. The service is designed to assess the cloud configuration of your IoT device fleet, provide ongoing monitoring of device activities via rule-based and ML-based Detect capabilities, trigger an alarm when an audit violation or behavior anomaly is identified, and enable you to address issues with mitigation actions.

Audit

AWS IoT Device Defender is designed to audit your device-related resources against AWS IoT security best practices. AWS IoT Device Defender is designed to report configurations that are out of compliance with AWS IoT security best practices.

Rules Detect

AWS IoT Device Defender is designed to detect unusual device behaviors that may be indicative of a compromise by monitoring certain security metrics from the device and AWS IoT Core. You can specify normal device behavior for a group of devices by setting up behaviors (rules) for these metrics. AWS IoT Device Defender is designed to monitor and evaluate each datapoint reported for these metrics against user-defined behavior (rules) and to alert you if an anomaly is detected.

ML Detect

AWS IoT Device Defender is designed to monitor and identify anomalous datapoints for certain cloud-side metrics and certain device-side metrics with machine learning (ML) models and to trigger an alarm if an anomaly is detected. AWS IoT Device Defender helps alleviate the need for you to define accurate behaviors of your devices because it is designed to set such behaviors with ML models using your device data from a designated trailing period of time. The service is also designed to retrain the models each day (as long as it has sufficient amount of data to retrain on) to refresh the expected device behaviors based on the latest designated trailing period of time. ML Detect makes getting started with monitoring easy.

Mitigation actions

AWS IoT Device Defender is designed to enable you to use mitigation actions to perform steps on Audit and Detect alarms.

Metrics Integration

With AWS IoT Device Defender ListMetricValues API, you can visualize device-side, cloud-side and custom metrics from connected devices through an open API and integrate these metrics into f your custom dashboards to get an overview of your deployments.

Additional Information

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.aws.amazon.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.amazon.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.