list_detect_mitigation_actions_tasks

IoT.Client.list_detect_mitigation_actions_tasks(**kwargs)

List of Device Defender ML Detect mitigation actions tasks.

Requires permission to access the ListDetectMitigationActionsTasks action.

See also: AWS API Documentation

Request Syntax

response = client.list_detect_mitigation_actions_tasks(
    maxResults=123,
    nextToken='string',
    startTime=datetime(2015, 1, 1),
    endTime=datetime(2015, 1, 1)
)
Parameters
  • maxResults (integer) -- The maximum number of results to return at one time. The default is 25.
  • nextToken (string) -- The token for the next set of results.
  • startTime (datetime) --

    [REQUIRED]

    A filter to limit results to those found after the specified time. You must specify either the startTime and endTime or the taskId, but not both.

  • endTime (datetime) --

    [REQUIRED]

    The end of the time period for which ML Detect mitigation actions tasks are returned.

Return type

dict

Returns

Response Syntax

{
    'tasks': [
        {
            'taskId': 'string',
            'taskStatus': 'IN_PROGRESS'|'SUCCESSFUL'|'FAILED'|'CANCELED',
            'taskStartTime': datetime(2015, 1, 1),
            'taskEndTime': datetime(2015, 1, 1),
            'target': {
                'violationIds': [
                    'string',
                ],
                'securityProfileName': 'string',
                'behaviorName': 'string'
            },
            'violationEventOccurrenceRange': {
                'startTime': datetime(2015, 1, 1),
                'endTime': datetime(2015, 1, 1)
            },
            'onlyActiveViolationsIncluded': True|False,
            'suppressedAlertsIncluded': True|False,
            'actionsDefinition': [
                {
                    'name': 'string',
                    'id': 'string',
                    'roleArn': 'string',
                    'actionParams': {
                        'updateDeviceCertificateParams': {
                            'action': 'DEACTIVATE'
                        },
                        'updateCACertificateParams': {
                            'action': 'DEACTIVATE'
                        },
                        'addThingsToThingGroupParams': {
                            'thingGroupNames': [
                                'string',
                            ],
                            'overrideDynamicGroups': True|False
                        },
                        'replaceDefaultPolicyVersionParams': {
                            'templateName': 'BLANK_POLICY'
                        },
                        'enableIoTLoggingParams': {
                            'roleArnForLogging': 'string',
                            'logLevel': 'DEBUG'|'INFO'|'ERROR'|'WARN'|'DISABLED'
                        },
                        'publishFindingToSnsParams': {
                            'topicArn': 'string'
                        }
                    }
                },
            ],
            'taskStatistics': {
                'actionsExecuted': 123,
                'actionsSkipped': 123,
                'actionsFailed': 123
            }
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • tasks (list) --

      The collection of ML Detect mitigation tasks that matched the filter criteria.

      • (dict) --

        The summary of the mitigation action tasks.

        • taskId (string) --

          The unique identifier of the task.

        • taskStatus (string) --

          The status of the task.

        • taskStartTime (datetime) --

          The date the task started.

        • taskEndTime (datetime) --

          The date the task ended.

        • target (dict) --

          Specifies the ML Detect findings to which the mitigation actions are applied.

          • violationIds (list) --

            The unique identifiers of the violations.

            • (string) --
          • securityProfileName (string) --

            The name of the security profile.

          • behaviorName (string) --

            The name of the behavior.

        • violationEventOccurrenceRange (dict) --

          Specifies the time period of which violation events occurred between.

          • startTime (datetime) --

            The start date and time of a time period in which violation events occurred.

          • endTime (datetime) --

            The end date and time of a time period in which violation events occurred.

        • onlyActiveViolationsIncluded (boolean) --

          Includes only active violations.

        • suppressedAlertsIncluded (boolean) --

          Includes suppressed alerts.

        • actionsDefinition (list) --

          The definition of the actions.

          • (dict) --

            Describes which changes should be applied as part of a mitigation action.

            • name (string) --

              A user-friendly name for the mitigation action.

            • id (string) --

              A unique identifier for the mitigation action.

            • roleArn (string) --

              The IAM role ARN used to apply this mitigation action.

            • actionParams (dict) --

              The set of parameters for this mitigation action. The parameters vary, depending on the kind of action you apply.

              • updateDeviceCertificateParams (dict) --

                Parameters to define a mitigation action that changes the state of the device certificate to inactive.

                • action (string) --

                  The action that you want to apply to the device certificate. The only supported value is DEACTIVATE .

              • updateCACertificateParams (dict) --

                Parameters to define a mitigation action that changes the state of the CA certificate to inactive.

                • action (string) --

                  The action that you want to apply to the CA certificate. The only supported value is DEACTIVATE .

              • addThingsToThingGroupParams (dict) --

                Parameters to define a mitigation action that moves devices associated with a certificate to one or more specified thing groups, typically for quarantine.

                • thingGroupNames (list) --

                  The list of groups to which you want to add the things that triggered the mitigation action. You can add a thing to a maximum of 10 groups, but you can't add a thing to more than one group in the same hierarchy.

                  • (string) --
                • overrideDynamicGroups (boolean) --

                  Specifies if this mitigation action can move the things that triggered the mitigation action even if they are part of one or more dynamic thing groups.

              • replaceDefaultPolicyVersionParams (dict) --

                Parameters to define a mitigation action that adds a blank policy to restrict permissions.

                • templateName (string) --

                  The name of the template to be applied. The only supported value is BLANK_POLICY .

              • enableIoTLoggingParams (dict) --

                Parameters to define a mitigation action that enables Amazon Web Services IoT Core logging at a specified level of detail.

                • roleArnForLogging (string) --

                  The Amazon Resource Name (ARN) of the IAM role used for logging.

                • logLevel (string) --

                  Specifies the type of information to be logged.

              • publishFindingToSnsParams (dict) --

                Parameters to define a mitigation action that publishes findings to Amazon Simple Notification Service (Amazon SNS. You can implement your own custom actions in response to the Amazon SNS messages.

                • topicArn (string) --

                  The ARN of the topic to which you want to publish the findings.

        • taskStatistics (dict) --

          The statistics of a mitigation action task.

          • actionsExecuted (integer) --

            The actions that were performed.

          • actionsSkipped (integer) --

            The actions that were skipped.

          • actionsFailed (integer) --

            The actions that failed.

    • nextToken (string) --

      A token that can be used to retrieve the next set of results, or null if there are no additional results.

Exceptions

  • IoT.Client.exceptions.InvalidRequestException
  • IoT.Client.exceptions.ThrottlingException
  • IoT.Client.exceptions.InternalFailureException