Microsoft.Security deviceSecurityGroups 2019-08-01
Bicep resource definition
The deviceSecurityGroups resource type is an extension resource, which means you can apply it to another resource.
Use the scope
property on this resource to set the scope for this resource. See Set scope on extension resources in Bicep.
The deviceSecurityGroups resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/deviceSecurityGroups resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Security/deviceSecurityGroups@2019-08-01' = {
name: 'string'
scope: resourceSymbolicName
properties: {
allowlistRules: [
{
allowlistValues: [
'string'
]
isEnabled: bool
ruleType: 'string'
// For remaining properties, see AllowlistCustomAlertRule objects
}
]
denylistRules: [
{
denylistValues: [
'string'
]
isEnabled: bool
ruleType: 'string'
}
]
thresholdRules: [
{
isEnabled: bool
maxThreshold: int
minThreshold: int
ruleType: 'string'
// For remaining properties, see ThresholdCustomAlertRule objects
}
]
timeWindowRules: [
{
isEnabled: bool
maxThreshold: int
minThreshold: int
timeWindowSize: 'string'
ruleType: 'string'
// For remaining properties, see TimeWindowCustomAlertRule objects
}
]
}
}
AllowlistCustomAlertRule objects
Set the ruleType property to specify the type of object.
For ConnectionFromIpNotAllowed, use:
ruleType: 'ConnectionFromIpNotAllowed'
For ConnectionToIpNotAllowed, use:
ruleType: 'ConnectionToIpNotAllowed'
For LocalUserNotAllowed, use:
ruleType: 'LocalUserNotAllowed'
For ProcessNotAllowed, use:
ruleType: 'ProcessNotAllowed'
ThresholdCustomAlertRule objects
Set the ruleType property to specify the type of object.
For ActiveConnectionsNotInAllowedRange, use:
ruleType: 'ActiveConnectionsNotInAllowedRange'
timeWindowSize: 'string'
For AmqpC2DMessagesNotInAllowedRange, use:
ruleType: 'AmqpC2DMessagesNotInAllowedRange'
timeWindowSize: 'string'
For AmqpC2DRejectedMessagesNotInAllowedRange, use:
ruleType: 'AmqpC2DRejectedMessagesNotInAllowedRange'
timeWindowSize: 'string'
For AmqpD2CMessagesNotInAllowedRange, use:
ruleType: 'AmqpD2CMessagesNotInAllowedRange'
timeWindowSize: 'string'
For DirectMethodInvokesNotInAllowedRange, use:
ruleType: 'DirectMethodInvokesNotInAllowedRange'
timeWindowSize: 'string'
For FailedLocalLoginsNotInAllowedRange, use:
ruleType: 'FailedLocalLoginsNotInAllowedRange'
timeWindowSize: 'string'
For FileUploadsNotInAllowedRange, use:
ruleType: 'FileUploadsNotInAllowedRange'
timeWindowSize: 'string'
For HttpC2DMessagesNotInAllowedRange, use:
ruleType: 'HttpC2DMessagesNotInAllowedRange'
timeWindowSize: 'string'
For HttpC2DRejectedMessagesNotInAllowedRange, use:
ruleType: 'HttpC2DRejectedMessagesNotInAllowedRange'
timeWindowSize: 'string'
For HttpD2CMessagesNotInAllowedRange, use:
ruleType: 'HttpD2CMessagesNotInAllowedRange'
timeWindowSize: 'string'
For MqttC2DMessagesNotInAllowedRange, use:
ruleType: 'MqttC2DMessagesNotInAllowedRange'
timeWindowSize: 'string'
For MqttC2DRejectedMessagesNotInAllowedRange, use:
ruleType: 'MqttC2DRejectedMessagesNotInAllowedRange'
timeWindowSize: 'string'
For MqttD2CMessagesNotInAllowedRange, use:
ruleType: 'MqttD2CMessagesNotInAllowedRange'
timeWindowSize: 'string'
For QueuePurgesNotInAllowedRange, use:
ruleType: 'QueuePurgesNotInAllowedRange'
timeWindowSize: 'string'
For TwinUpdatesNotInAllowedRange, use:
ruleType: 'TwinUpdatesNotInAllowedRange'
timeWindowSize: 'string'
For UnauthorizedOperationsNotInAllowedRange, use:
ruleType: 'UnauthorizedOperationsNotInAllowedRange'
timeWindowSize: 'string'
TimeWindowCustomAlertRule objects
Set the ruleType property to specify the type of object.
For ActiveConnectionsNotInAllowedRange, use:
ruleType: 'ActiveConnectionsNotInAllowedRange'
For AmqpC2DMessagesNotInAllowedRange, use:
ruleType: 'AmqpC2DMessagesNotInAllowedRange'
For AmqpC2DRejectedMessagesNotInAllowedRange, use:
ruleType: 'AmqpC2DRejectedMessagesNotInAllowedRange'
For AmqpD2CMessagesNotInAllowedRange, use:
ruleType: 'AmqpD2CMessagesNotInAllowedRange'
For DirectMethodInvokesNotInAllowedRange, use:
ruleType: 'DirectMethodInvokesNotInAllowedRange'
For FailedLocalLoginsNotInAllowedRange, use:
ruleType: 'FailedLocalLoginsNotInAllowedRange'
For FileUploadsNotInAllowedRange, use:
ruleType: 'FileUploadsNotInAllowedRange'
For HttpC2DMessagesNotInAllowedRange, use:
ruleType: 'HttpC2DMessagesNotInAllowedRange'
For HttpC2DRejectedMessagesNotInAllowedRange, use:
ruleType: 'HttpC2DRejectedMessagesNotInAllowedRange'
For HttpD2CMessagesNotInAllowedRange, use:
ruleType: 'HttpD2CMessagesNotInAllowedRange'
For MqttC2DMessagesNotInAllowedRange, use:
ruleType: 'MqttC2DMessagesNotInAllowedRange'
For MqttC2DRejectedMessagesNotInAllowedRange, use:
ruleType: 'MqttC2DRejectedMessagesNotInAllowedRange'
For MqttD2CMessagesNotInAllowedRange, use:
ruleType: 'MqttD2CMessagesNotInAllowedRange'
For QueuePurgesNotInAllowedRange, use:
ruleType: 'QueuePurgesNotInAllowedRange'
For TwinUpdatesNotInAllowedRange, use:
ruleType: 'TwinUpdatesNotInAllowedRange'
For UnauthorizedOperationsNotInAllowedRange, use:
ruleType: 'UnauthorizedOperationsNotInAllowedRange'
Property values
deviceSecurityGroups
Name | Description | Value |
---|---|---|
name | The resource name | string (required) Character limit: 1-260 Valid characters: Alphanumerics, underscores, and hyphens. |
scope | Use when creating an extension resource at a scope that is different than the deployment scope. | Target resource For Bicep, set this property to the symbolic name of the resource to apply the extension resource. |
properties | Device Security group data | DeviceSecurityGroupProperties |
DeviceSecurityGroupProperties
Name | Description | Value |
---|---|---|
allowlistRules | The allow-list custom alert rules. | AllowlistCustomAlertRule[] |
denylistRules | The deny-list custom alert rules. | DenylistCustomAlertRule[] |
thresholdRules | The list of custom alert threshold rules. | ThresholdCustomAlertRule[] |
timeWindowRules | The list of custom alert time-window rules. | TimeWindowCustomAlertRule[] |
AllowlistCustomAlertRule
Name | Description | Value |
---|---|---|
allowlistValues | The values to allow. The format of the values depends on the rule type. | string[] (required) |
isEnabled | Status of the custom alert. | bool (required) |
ruleType | Set the object type | ConnectionFromIpNotAllowed ConnectionToIpNotAllowed LocalUserNotAllowed ProcessNotAllowed (required) |
ConnectionFromIpNotAllowed
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'ConnectionFromIpNotAllowed' (required) |
ConnectionToIpNotAllowed
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'ConnectionToIpNotAllowed' (required) |
LocalUserNotAllowed
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'LocalUserNotAllowed' (required) |
ProcessNotAllowed
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'ProcessNotAllowed' (required) |
DenylistCustomAlertRule
Name | Description | Value |
---|---|---|
denylistValues | The values to deny. The format of the values depends on the rule type. | string[] (required) |
isEnabled | Status of the custom alert. | bool (required) |
ruleType | The type of the custom alert rule. | string (required) |
ThresholdCustomAlertRule
Name | Description | Value |
---|---|---|
isEnabled | Status of the custom alert. | bool (required) |
maxThreshold | The maximum threshold. | int (required) |
minThreshold | The minimum threshold. | int (required) |
ruleType | Set the object type | ActiveConnectionsNotInAllowedRange AmqpC2DMessagesNotInAllowedRange AmqpC2DRejectedMessagesNotInAllowedRange AmqpD2CMessagesNotInAllowedRange DirectMethodInvokesNotInAllowedRange FailedLocalLoginsNotInAllowedRange FileUploadsNotInAllowedRange HttpC2DMessagesNotInAllowedRange HttpC2DRejectedMessagesNotInAllowedRange HttpD2CMessagesNotInAllowedRange MqttC2DMessagesNotInAllowedRange MqttC2DRejectedMessagesNotInAllowedRange MqttD2CMessagesNotInAllowedRange QueuePurgesNotInAllowedRange TwinUpdatesNotInAllowedRange UnauthorizedOperationsNotInAllowedRange (required) |
ActiveConnectionsNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'ActiveConnectionsNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
AmqpC2DMessagesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'AmqpC2DMessagesNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
AmqpC2DRejectedMessagesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'AmqpC2DRejectedMessagesNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
AmqpD2CMessagesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'AmqpD2CMessagesNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
DirectMethodInvokesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'DirectMethodInvokesNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
FailedLocalLoginsNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'FailedLocalLoginsNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
FileUploadsNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'FileUploadsNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
HttpC2DMessagesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'HttpC2DMessagesNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
HttpC2DRejectedMessagesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'HttpC2DRejectedMessagesNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
HttpD2CMessagesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'HttpD2CMessagesNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
MqttC2DMessagesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'MqttC2DMessagesNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
MqttC2DRejectedMessagesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'MqttC2DRejectedMessagesNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
MqttD2CMessagesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'MqttD2CMessagesNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
QueuePurgesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'QueuePurgesNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
TwinUpdatesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'TwinUpdatesNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
UnauthorizedOperationsNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'UnauthorizedOperationsNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
TimeWindowCustomAlertRule
Name | Description | Value |
---|---|---|
isEnabled | Status of the custom alert. | bool (required) |
maxThreshold | The maximum threshold. | int (required) |
minThreshold | The minimum threshold. | int (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
ruleType | Set the object type | ActiveConnectionsNotInAllowedRange AmqpC2DMessagesNotInAllowedRange AmqpC2DRejectedMessagesNotInAllowedRange AmqpD2CMessagesNotInAllowedRange DirectMethodInvokesNotInAllowedRange FailedLocalLoginsNotInAllowedRange FileUploadsNotInAllowedRange HttpC2DMessagesNotInAllowedRange HttpC2DRejectedMessagesNotInAllowedRange HttpD2CMessagesNotInAllowedRange MqttC2DMessagesNotInAllowedRange MqttC2DRejectedMessagesNotInAllowedRange MqttD2CMessagesNotInAllowedRange QueuePurgesNotInAllowedRange TwinUpdatesNotInAllowedRange UnauthorizedOperationsNotInAllowedRange (required) |
ARM template resource definition
The deviceSecurityGroups resource type is an extension resource, which means you can apply it to another resource.
Use the scope
property on this resource to set the scope for this resource. See Set scope on extension resources in ARM templates.
The deviceSecurityGroups resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/deviceSecurityGroups resource, add the following JSON to your template.
{
"type": "Microsoft.Security/deviceSecurityGroups",
"apiVersion": "2019-08-01",
"name": "string",
"scope": "string",
"properties": {
"allowlistRules": [
{
"allowlistValues": [ "string" ],
"isEnabled": "bool",
"ruleType": "string"
// For remaining properties, see AllowlistCustomAlertRule objects
}
],
"denylistRules": [
{
"denylistValues": [ "string" ],
"isEnabled": "bool",
"ruleType": "string"
}
],
"thresholdRules": [
{
"isEnabled": "bool",
"maxThreshold": "int",
"minThreshold": "int",
"ruleType": "string"
// For remaining properties, see ThresholdCustomAlertRule objects
}
],
"timeWindowRules": [
{
"isEnabled": "bool",
"maxThreshold": "int",
"minThreshold": "int",
"timeWindowSize": "string",
"ruleType": "string"
// For remaining properties, see TimeWindowCustomAlertRule objects
}
]
}
}
AllowlistCustomAlertRule objects
Set the ruleType property to specify the type of object.
For ConnectionFromIpNotAllowed, use:
"ruleType": "ConnectionFromIpNotAllowed"
For ConnectionToIpNotAllowed, use:
"ruleType": "ConnectionToIpNotAllowed"
For LocalUserNotAllowed, use:
"ruleType": "LocalUserNotAllowed"
For ProcessNotAllowed, use:
"ruleType": "ProcessNotAllowed"
ThresholdCustomAlertRule objects
Set the ruleType property to specify the type of object.
For ActiveConnectionsNotInAllowedRange, use:
"ruleType": "ActiveConnectionsNotInAllowedRange",
"timeWindowSize": "string"
For AmqpC2DMessagesNotInAllowedRange, use:
"ruleType": "AmqpC2DMessagesNotInAllowedRange",
"timeWindowSize": "string"
For AmqpC2DRejectedMessagesNotInAllowedRange, use:
"ruleType": "AmqpC2DRejectedMessagesNotInAllowedRange",
"timeWindowSize": "string"
For AmqpD2CMessagesNotInAllowedRange, use:
"ruleType": "AmqpD2CMessagesNotInAllowedRange",
"timeWindowSize": "string"
For DirectMethodInvokesNotInAllowedRange, use:
"ruleType": "DirectMethodInvokesNotInAllowedRange",
"timeWindowSize": "string"
For FailedLocalLoginsNotInAllowedRange, use:
"ruleType": "FailedLocalLoginsNotInAllowedRange",
"timeWindowSize": "string"
For FileUploadsNotInAllowedRange, use:
"ruleType": "FileUploadsNotInAllowedRange",
"timeWindowSize": "string"
For HttpC2DMessagesNotInAllowedRange, use:
"ruleType": "HttpC2DMessagesNotInAllowedRange",
"timeWindowSize": "string"
For HttpC2DRejectedMessagesNotInAllowedRange, use:
"ruleType": "HttpC2DRejectedMessagesNotInAllowedRange",
"timeWindowSize": "string"
For HttpD2CMessagesNotInAllowedRange, use:
"ruleType": "HttpD2CMessagesNotInAllowedRange",
"timeWindowSize": "string"
For MqttC2DMessagesNotInAllowedRange, use:
"ruleType": "MqttC2DMessagesNotInAllowedRange",
"timeWindowSize": "string"
For MqttC2DRejectedMessagesNotInAllowedRange, use:
"ruleType": "MqttC2DRejectedMessagesNotInAllowedRange",
"timeWindowSize": "string"
For MqttD2CMessagesNotInAllowedRange, use:
"ruleType": "MqttD2CMessagesNotInAllowedRange",
"timeWindowSize": "string"
For QueuePurgesNotInAllowedRange, use:
"ruleType": "QueuePurgesNotInAllowedRange",
"timeWindowSize": "string"
For TwinUpdatesNotInAllowedRange, use:
"ruleType": "TwinUpdatesNotInAllowedRange",
"timeWindowSize": "string"
For UnauthorizedOperationsNotInAllowedRange, use:
"ruleType": "UnauthorizedOperationsNotInAllowedRange",
"timeWindowSize": "string"
TimeWindowCustomAlertRule objects
Set the ruleType property to specify the type of object.
For ActiveConnectionsNotInAllowedRange, use:
"ruleType": "ActiveConnectionsNotInAllowedRange"
For AmqpC2DMessagesNotInAllowedRange, use:
"ruleType": "AmqpC2DMessagesNotInAllowedRange"
For AmqpC2DRejectedMessagesNotInAllowedRange, use:
"ruleType": "AmqpC2DRejectedMessagesNotInAllowedRange"
For AmqpD2CMessagesNotInAllowedRange, use:
"ruleType": "AmqpD2CMessagesNotInAllowedRange"
For DirectMethodInvokesNotInAllowedRange, use:
"ruleType": "DirectMethodInvokesNotInAllowedRange"
For FailedLocalLoginsNotInAllowedRange, use:
"ruleType": "FailedLocalLoginsNotInAllowedRange"
For FileUploadsNotInAllowedRange, use:
"ruleType": "FileUploadsNotInAllowedRange"
For HttpC2DMessagesNotInAllowedRange, use:
"ruleType": "HttpC2DMessagesNotInAllowedRange"
For HttpC2DRejectedMessagesNotInAllowedRange, use:
"ruleType": "HttpC2DRejectedMessagesNotInAllowedRange"
For HttpD2CMessagesNotInAllowedRange, use:
"ruleType": "HttpD2CMessagesNotInAllowedRange"
For MqttC2DMessagesNotInAllowedRange, use:
"ruleType": "MqttC2DMessagesNotInAllowedRange"
For MqttC2DRejectedMessagesNotInAllowedRange, use:
"ruleType": "MqttC2DRejectedMessagesNotInAllowedRange"
For MqttD2CMessagesNotInAllowedRange, use:
"ruleType": "MqttD2CMessagesNotInAllowedRange"
For QueuePurgesNotInAllowedRange, use:
"ruleType": "QueuePurgesNotInAllowedRange"
For TwinUpdatesNotInAllowedRange, use:
"ruleType": "TwinUpdatesNotInAllowedRange"
For UnauthorizedOperationsNotInAllowedRange, use:
"ruleType": "UnauthorizedOperationsNotInAllowedRange"
Property values
deviceSecurityGroups
Name | Description | Value |
---|---|---|
type | The resource type | 'Microsoft.Security/deviceSecurityGroups' |
apiVersion | The resource api version | '2019-08-01' |
name | The resource name | string (required) Character limit: 1-260 Valid characters: Alphanumerics, underscores, and hyphens. |
scope | Use when creating an extension resource at a scope that is different than the deployment scope. | Target resource For JSON, set the value to the full name of the resource to apply the extension resource to. |
properties | Device Security group data | DeviceSecurityGroupProperties |
DeviceSecurityGroupProperties
Name | Description | Value |
---|---|---|
allowlistRules | The allow-list custom alert rules. | AllowlistCustomAlertRule[] |
denylistRules | The deny-list custom alert rules. | DenylistCustomAlertRule[] |
thresholdRules | The list of custom alert threshold rules. | ThresholdCustomAlertRule[] |
timeWindowRules | The list of custom alert time-window rules. | TimeWindowCustomAlertRule[] |
AllowlistCustomAlertRule
Name | Description | Value |
---|---|---|
allowlistValues | The values to allow. The format of the values depends on the rule type. | string[] (required) |
isEnabled | Status of the custom alert. | bool (required) |
ruleType | Set the object type | ConnectionFromIpNotAllowed ConnectionToIpNotAllowed LocalUserNotAllowed ProcessNotAllowed (required) |
ConnectionFromIpNotAllowed
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'ConnectionFromIpNotAllowed' (required) |
ConnectionToIpNotAllowed
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'ConnectionToIpNotAllowed' (required) |
LocalUserNotAllowed
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'LocalUserNotAllowed' (required) |
ProcessNotAllowed
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'ProcessNotAllowed' (required) |
DenylistCustomAlertRule
Name | Description | Value |
---|---|---|
denylistValues | The values to deny. The format of the values depends on the rule type. | string[] (required) |
isEnabled | Status of the custom alert. | bool (required) |
ruleType | The type of the custom alert rule. | string (required) |
ThresholdCustomAlertRule
Name | Description | Value |
---|---|---|
isEnabled | Status of the custom alert. | bool (required) |
maxThreshold | The maximum threshold. | int (required) |
minThreshold | The minimum threshold. | int (required) |
ruleType | Set the object type | ActiveConnectionsNotInAllowedRange AmqpC2DMessagesNotInAllowedRange AmqpC2DRejectedMessagesNotInAllowedRange AmqpD2CMessagesNotInAllowedRange DirectMethodInvokesNotInAllowedRange FailedLocalLoginsNotInAllowedRange FileUploadsNotInAllowedRange HttpC2DMessagesNotInAllowedRange HttpC2DRejectedMessagesNotInAllowedRange HttpD2CMessagesNotInAllowedRange MqttC2DMessagesNotInAllowedRange MqttC2DRejectedMessagesNotInAllowedRange MqttD2CMessagesNotInAllowedRange QueuePurgesNotInAllowedRange TwinUpdatesNotInAllowedRange UnauthorizedOperationsNotInAllowedRange (required) |
ActiveConnectionsNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'ActiveConnectionsNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
AmqpC2DMessagesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'AmqpC2DMessagesNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
AmqpC2DRejectedMessagesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'AmqpC2DRejectedMessagesNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
AmqpD2CMessagesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'AmqpD2CMessagesNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
DirectMethodInvokesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'DirectMethodInvokesNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
FailedLocalLoginsNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'FailedLocalLoginsNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
FileUploadsNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'FileUploadsNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
HttpC2DMessagesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'HttpC2DMessagesNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
HttpC2DRejectedMessagesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'HttpC2DRejectedMessagesNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
HttpD2CMessagesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'HttpD2CMessagesNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
MqttC2DMessagesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'MqttC2DMessagesNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
MqttC2DRejectedMessagesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'MqttC2DRejectedMessagesNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
MqttD2CMessagesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'MqttD2CMessagesNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
QueuePurgesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'QueuePurgesNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
TwinUpdatesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'TwinUpdatesNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
UnauthorizedOperationsNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | 'UnauthorizedOperationsNotInAllowedRange' (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
TimeWindowCustomAlertRule
Name | Description | Value |
---|---|---|
isEnabled | Status of the custom alert. | bool (required) |
maxThreshold | The maximum threshold. | int (required) |
minThreshold | The minimum threshold. | int (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
ruleType | Set the object type | ActiveConnectionsNotInAllowedRange AmqpC2DMessagesNotInAllowedRange AmqpC2DRejectedMessagesNotInAllowedRange AmqpD2CMessagesNotInAllowedRange DirectMethodInvokesNotInAllowedRange FailedLocalLoginsNotInAllowedRange FileUploadsNotInAllowedRange HttpC2DMessagesNotInAllowedRange HttpC2DRejectedMessagesNotInAllowedRange HttpD2CMessagesNotInAllowedRange MqttC2DMessagesNotInAllowedRange MqttC2DRejectedMessagesNotInAllowedRange MqttD2CMessagesNotInAllowedRange QueuePurgesNotInAllowedRange TwinUpdatesNotInAllowedRange UnauthorizedOperationsNotInAllowedRange (required) |
Terraform (AzAPI provider) resource definition
The deviceSecurityGroups resource type is an extension resource, which means you can apply it to another resource.
Use the parent_id
property on this resource to set the scope for this resource.
The deviceSecurityGroups resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/deviceSecurityGroups resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Security/deviceSecurityGroups@2019-08-01"
name = "string"
parent_id = "string"
body = jsonencode({
properties = {
allowlistRules = [
{
allowlistValues = [
"string"
]
isEnabled = bool
ruleType = "string"
// For remaining properties, see AllowlistCustomAlertRule objects
}
]
denylistRules = [
{
denylistValues = [
"string"
]
isEnabled = bool
ruleType = "string"
}
]
thresholdRules = [
{
isEnabled = bool
maxThreshold = int
minThreshold = int
ruleType = "string"
// For remaining properties, see ThresholdCustomAlertRule objects
}
]
timeWindowRules = [
{
isEnabled = bool
maxThreshold = int
minThreshold = int
timeWindowSize = "string"
ruleType = "string"
// For remaining properties, see TimeWindowCustomAlertRule objects
}
]
}
})
}
AllowlistCustomAlertRule objects
Set the ruleType property to specify the type of object.
For ConnectionFromIpNotAllowed, use:
ruleType = "ConnectionFromIpNotAllowed"
For ConnectionToIpNotAllowed, use:
ruleType = "ConnectionToIpNotAllowed"
For LocalUserNotAllowed, use:
ruleType = "LocalUserNotAllowed"
For ProcessNotAllowed, use:
ruleType = "ProcessNotAllowed"
ThresholdCustomAlertRule objects
Set the ruleType property to specify the type of object.
For ActiveConnectionsNotInAllowedRange, use:
ruleType = "ActiveConnectionsNotInAllowedRange"
timeWindowSize = "string"
For AmqpC2DMessagesNotInAllowedRange, use:
ruleType = "AmqpC2DMessagesNotInAllowedRange"
timeWindowSize = "string"
For AmqpC2DRejectedMessagesNotInAllowedRange, use:
ruleType = "AmqpC2DRejectedMessagesNotInAllowedRange"
timeWindowSize = "string"
For AmqpD2CMessagesNotInAllowedRange, use:
ruleType = "AmqpD2CMessagesNotInAllowedRange"
timeWindowSize = "string"
For DirectMethodInvokesNotInAllowedRange, use:
ruleType = "DirectMethodInvokesNotInAllowedRange"
timeWindowSize = "string"
For FailedLocalLoginsNotInAllowedRange, use:
ruleType = "FailedLocalLoginsNotInAllowedRange"
timeWindowSize = "string"
For FileUploadsNotInAllowedRange, use:
ruleType = "FileUploadsNotInAllowedRange"
timeWindowSize = "string"
For HttpC2DMessagesNotInAllowedRange, use:
ruleType = "HttpC2DMessagesNotInAllowedRange"
timeWindowSize = "string"
For HttpC2DRejectedMessagesNotInAllowedRange, use:
ruleType = "HttpC2DRejectedMessagesNotInAllowedRange"
timeWindowSize = "string"
For HttpD2CMessagesNotInAllowedRange, use:
ruleType = "HttpD2CMessagesNotInAllowedRange"
timeWindowSize = "string"
For MqttC2DMessagesNotInAllowedRange, use:
ruleType = "MqttC2DMessagesNotInAllowedRange"
timeWindowSize = "string"
For MqttC2DRejectedMessagesNotInAllowedRange, use:
ruleType = "MqttC2DRejectedMessagesNotInAllowedRange"
timeWindowSize = "string"
For MqttD2CMessagesNotInAllowedRange, use:
ruleType = "MqttD2CMessagesNotInAllowedRange"
timeWindowSize = "string"
For QueuePurgesNotInAllowedRange, use:
ruleType = "QueuePurgesNotInAllowedRange"
timeWindowSize = "string"
For TwinUpdatesNotInAllowedRange, use:
ruleType = "TwinUpdatesNotInAllowedRange"
timeWindowSize = "string"
For UnauthorizedOperationsNotInAllowedRange, use:
ruleType = "UnauthorizedOperationsNotInAllowedRange"
timeWindowSize = "string"
TimeWindowCustomAlertRule objects
Set the ruleType property to specify the type of object.
For ActiveConnectionsNotInAllowedRange, use:
ruleType = "ActiveConnectionsNotInAllowedRange"
For AmqpC2DMessagesNotInAllowedRange, use:
ruleType = "AmqpC2DMessagesNotInAllowedRange"
For AmqpC2DRejectedMessagesNotInAllowedRange, use:
ruleType = "AmqpC2DRejectedMessagesNotInAllowedRange"
For AmqpD2CMessagesNotInAllowedRange, use:
ruleType = "AmqpD2CMessagesNotInAllowedRange"
For DirectMethodInvokesNotInAllowedRange, use:
ruleType = "DirectMethodInvokesNotInAllowedRange"
For FailedLocalLoginsNotInAllowedRange, use:
ruleType = "FailedLocalLoginsNotInAllowedRange"
For FileUploadsNotInAllowedRange, use:
ruleType = "FileUploadsNotInAllowedRange"
For HttpC2DMessagesNotInAllowedRange, use:
ruleType = "HttpC2DMessagesNotInAllowedRange"
For HttpC2DRejectedMessagesNotInAllowedRange, use:
ruleType = "HttpC2DRejectedMessagesNotInAllowedRange"
For HttpD2CMessagesNotInAllowedRange, use:
ruleType = "HttpD2CMessagesNotInAllowedRange"
For MqttC2DMessagesNotInAllowedRange, use:
ruleType = "MqttC2DMessagesNotInAllowedRange"
For MqttC2DRejectedMessagesNotInAllowedRange, use:
ruleType = "MqttC2DRejectedMessagesNotInAllowedRange"
For MqttD2CMessagesNotInAllowedRange, use:
ruleType = "MqttD2CMessagesNotInAllowedRange"
For QueuePurgesNotInAllowedRange, use:
ruleType = "QueuePurgesNotInAllowedRange"
For TwinUpdatesNotInAllowedRange, use:
ruleType = "TwinUpdatesNotInAllowedRange"
For UnauthorizedOperationsNotInAllowedRange, use:
ruleType = "UnauthorizedOperationsNotInAllowedRange"
Property values
deviceSecurityGroups
Name | Description | Value |
---|---|---|
type | The resource type | "Microsoft.Security/deviceSecurityGroups@2019-08-01" |
name | The resource name | string (required) Character limit: 1-260 Valid characters: Alphanumerics, underscores, and hyphens. |
parent_id | The ID of the resource to apply this extension resource to. | string (required) |
properties | Device Security group data | DeviceSecurityGroupProperties |
DeviceSecurityGroupProperties
Name | Description | Value |
---|---|---|
allowlistRules | The allow-list custom alert rules. | AllowlistCustomAlertRule[] |
denylistRules | The deny-list custom alert rules. | DenylistCustomAlertRule[] |
thresholdRules | The list of custom alert threshold rules. | ThresholdCustomAlertRule[] |
timeWindowRules | The list of custom alert time-window rules. | TimeWindowCustomAlertRule[] |
AllowlistCustomAlertRule
Name | Description | Value |
---|---|---|
allowlistValues | The values to allow. The format of the values depends on the rule type. | string[] (required) |
isEnabled | Status of the custom alert. | bool (required) |
ruleType | Set the object type | ConnectionFromIpNotAllowed ConnectionToIpNotAllowed LocalUserNotAllowed ProcessNotAllowed (required) |
ConnectionFromIpNotAllowed
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | "ConnectionFromIpNotAllowed" (required) |
ConnectionToIpNotAllowed
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | "ConnectionToIpNotAllowed" (required) |
LocalUserNotAllowed
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | "LocalUserNotAllowed" (required) |
ProcessNotAllowed
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | "ProcessNotAllowed" (required) |
DenylistCustomAlertRule
Name | Description | Value |
---|---|---|
denylistValues | The values to deny. The format of the values depends on the rule type. | string[] (required) |
isEnabled | Status of the custom alert. | bool (required) |
ruleType | The type of the custom alert rule. | string (required) |
ThresholdCustomAlertRule
Name | Description | Value |
---|---|---|
isEnabled | Status of the custom alert. | bool (required) |
maxThreshold | The maximum threshold. | int (required) |
minThreshold | The minimum threshold. | int (required) |
ruleType | Set the object type | ActiveConnectionsNotInAllowedRange AmqpC2DMessagesNotInAllowedRange AmqpC2DRejectedMessagesNotInAllowedRange AmqpD2CMessagesNotInAllowedRange DirectMethodInvokesNotInAllowedRange FailedLocalLoginsNotInAllowedRange FileUploadsNotInAllowedRange HttpC2DMessagesNotInAllowedRange HttpC2DRejectedMessagesNotInAllowedRange HttpD2CMessagesNotInAllowedRange MqttC2DMessagesNotInAllowedRange MqttC2DRejectedMessagesNotInAllowedRange MqttD2CMessagesNotInAllowedRange QueuePurgesNotInAllowedRange TwinUpdatesNotInAllowedRange UnauthorizedOperationsNotInAllowedRange (required) |
ActiveConnectionsNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | "ActiveConnectionsNotInAllowedRange" (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
AmqpC2DMessagesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | "AmqpC2DMessagesNotInAllowedRange" (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
AmqpC2DRejectedMessagesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | "AmqpC2DRejectedMessagesNotInAllowedRange" (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
AmqpD2CMessagesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | "AmqpD2CMessagesNotInAllowedRange" (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
DirectMethodInvokesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | "DirectMethodInvokesNotInAllowedRange" (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
FailedLocalLoginsNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | "FailedLocalLoginsNotInAllowedRange" (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
FileUploadsNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | "FileUploadsNotInAllowedRange" (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
HttpC2DMessagesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | "HttpC2DMessagesNotInAllowedRange" (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
HttpC2DRejectedMessagesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | "HttpC2DRejectedMessagesNotInAllowedRange" (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
HttpD2CMessagesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | "HttpD2CMessagesNotInAllowedRange" (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
MqttC2DMessagesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | "MqttC2DMessagesNotInAllowedRange" (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
MqttC2DRejectedMessagesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | "MqttC2DRejectedMessagesNotInAllowedRange" (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
MqttD2CMessagesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | "MqttD2CMessagesNotInAllowedRange" (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
QueuePurgesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | "QueuePurgesNotInAllowedRange" (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
TwinUpdatesNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | "TwinUpdatesNotInAllowedRange" (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
UnauthorizedOperationsNotInAllowedRange
Name | Description | Value |
---|---|---|
ruleType | The type of the custom alert rule. | "UnauthorizedOperationsNotInAllowedRange" (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
TimeWindowCustomAlertRule
Name | Description | Value |
---|---|---|
isEnabled | Status of the custom alert. | bool (required) |
maxThreshold | The maximum threshold. | int (required) |
minThreshold | The minimum threshold. | int (required) |
timeWindowSize | The time window size in iso8601 format. | string (required) |
ruleType | Set the object type | ActiveConnectionsNotInAllowedRange AmqpC2DMessagesNotInAllowedRange AmqpC2DRejectedMessagesNotInAllowedRange AmqpD2CMessagesNotInAllowedRange DirectMethodInvokesNotInAllowedRange FailedLocalLoginsNotInAllowedRange FileUploadsNotInAllowedRange HttpC2DMessagesNotInAllowedRange HttpC2DRejectedMessagesNotInAllowedRange HttpD2CMessagesNotInAllowedRange MqttC2DMessagesNotInAllowedRange MqttC2DRejectedMessagesNotInAllowedRange MqttD2CMessagesNotInAllowedRange QueuePurgesNotInAllowedRange TwinUpdatesNotInAllowedRange UnauthorizedOperationsNotInAllowedRange (required) |