IoT.Client.
list_detect_mitigation_actions_tasks
(**kwargs)¶List of Device Defender ML Detect mitigation actions tasks.
Requires permission to access the ListDetectMitigationActionsTasks action.
See also: AWS API Documentation
Request Syntax
response = client.list_detect_mitigation_actions_tasks(
maxResults=123,
nextToken='string',
startTime=datetime(2015, 1, 1),
endTime=datetime(2015, 1, 1)
)
[REQUIRED]
A filter to limit results to those found after the specified time. You must specify either the startTime and endTime or the taskId, but not both.
[REQUIRED]
The end of the time period for which ML Detect mitigation actions tasks are returned.
dict
Response Syntax
{
'tasks': [
{
'taskId': 'string',
'taskStatus': 'IN_PROGRESS'|'SUCCESSFUL'|'FAILED'|'CANCELED',
'taskStartTime': datetime(2015, 1, 1),
'taskEndTime': datetime(2015, 1, 1),
'target': {
'violationIds': [
'string',
],
'securityProfileName': 'string',
'behaviorName': 'string'
},
'violationEventOccurrenceRange': {
'startTime': datetime(2015, 1, 1),
'endTime': datetime(2015, 1, 1)
},
'onlyActiveViolationsIncluded': True|False,
'suppressedAlertsIncluded': True|False,
'actionsDefinition': [
{
'name': 'string',
'id': 'string',
'roleArn': 'string',
'actionParams': {
'updateDeviceCertificateParams': {
'action': 'DEACTIVATE'
},
'updateCACertificateParams': {
'action': 'DEACTIVATE'
},
'addThingsToThingGroupParams': {
'thingGroupNames': [
'string',
],
'overrideDynamicGroups': True|False
},
'replaceDefaultPolicyVersionParams': {
'templateName': 'BLANK_POLICY'
},
'enableIoTLoggingParams': {
'roleArnForLogging': 'string',
'logLevel': 'DEBUG'|'INFO'|'ERROR'|'WARN'|'DISABLED'
},
'publishFindingToSnsParams': {
'topicArn': 'string'
}
}
},
],
'taskStatistics': {
'actionsExecuted': 123,
'actionsSkipped': 123,
'actionsFailed': 123
}
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
tasks (list) --
The collection of ML Detect mitigation tasks that matched the filter criteria.
(dict) --
The summary of the mitigation action tasks.
taskId (string) --
The unique identifier of the task.
taskStatus (string) --
The status of the task.
taskStartTime (datetime) --
The date the task started.
taskEndTime (datetime) --
The date the task ended.
target (dict) --
Specifies the ML Detect findings to which the mitigation actions are applied.
violationIds (list) --
The unique identifiers of the violations.
securityProfileName (string) --
The name of the security profile.
behaviorName (string) --
The name of the behavior.
violationEventOccurrenceRange (dict) --
Specifies the time period of which violation events occurred between.
startTime (datetime) --
The start date and time of a time period in which violation events occurred.
endTime (datetime) --
The end date and time of a time period in which violation events occurred.
onlyActiveViolationsIncluded (boolean) --
Includes only active violations.
suppressedAlertsIncluded (boolean) --
Includes suppressed alerts.
actionsDefinition (list) --
The definition of the actions.
(dict) --
Describes which changes should be applied as part of a mitigation action.
name (string) --
A user-friendly name for the mitigation action.
id (string) --
A unique identifier for the mitigation action.
roleArn (string) --
The IAM role ARN used to apply this mitigation action.
actionParams (dict) --
The set of parameters for this mitigation action. The parameters vary, depending on the kind of action you apply.
updateDeviceCertificateParams (dict) --
Parameters to define a mitigation action that changes the state of the device certificate to inactive.
action (string) --
The action that you want to apply to the device certificate. The only supported value is DEACTIVATE
.
updateCACertificateParams (dict) --
Parameters to define a mitigation action that changes the state of the CA certificate to inactive.
action (string) --
The action that you want to apply to the CA certificate. The only supported value is DEACTIVATE
.
addThingsToThingGroupParams (dict) --
Parameters to define a mitigation action that moves devices associated with a certificate to one or more specified thing groups, typically for quarantine.
thingGroupNames (list) --
The list of groups to which you want to add the things that triggered the mitigation action. You can add a thing to a maximum of 10 groups, but you can't add a thing to more than one group in the same hierarchy.
overrideDynamicGroups (boolean) --
Specifies if this mitigation action can move the things that triggered the mitigation action even if they are part of one or more dynamic thing groups.
replaceDefaultPolicyVersionParams (dict) --
Parameters to define a mitigation action that adds a blank policy to restrict permissions.
templateName (string) --
The name of the template to be applied. The only supported value is BLANK_POLICY
.
enableIoTLoggingParams (dict) --
Parameters to define a mitigation action that enables Amazon Web Services IoT Core logging at a specified level of detail.
roleArnForLogging (string) --
The Amazon Resource Name (ARN) of the IAM role used for logging.
logLevel (string) --
Specifies the type of information to be logged.
publishFindingToSnsParams (dict) --
Parameters to define a mitigation action that publishes findings to Amazon Simple Notification Service (Amazon SNS. You can implement your own custom actions in response to the Amazon SNS messages.
topicArn (string) --
The ARN of the topic to which you want to publish the findings.
taskStatistics (dict) --
The statistics of a mitigation action task.
actionsExecuted (integer) --
The actions that were performed.
actionsSkipped (integer) --
The actions that were skipped.
actionsFailed (integer) --
The actions that failed.
nextToken (string) --
A token that can be used to retrieve the next set of results, or null
if there are no additional results.
Exceptions
IoT.Client.exceptions.InvalidRequestException
IoT.Client.exceptions.ThrottlingException
IoT.Client.exceptions.InternalFailureException