A security profile defines anomalous behaviors for a group of devices (a thing group) or for all devices in the account. It specifies which actions to take when an anomaly is detected. In this step, you create a security profile for the device you created in the previous step.
-
Goto the IoT Core Console, click on the Intro option under Defend menu in the left and then click on the Create your first security profile button.
-
On the next screen, type in dojosecurityprofile as the security profile name. Type in messagecountbehaviour as the name of the behavior. Select Message Received as the metric. Select Absolute value as the check type. Select Greater than as the operator. Type 3 for the value. Keep rest of the configuration to the default and click on the Next button.
-
In the configuration above, you are checking for the device behavior where the device sends more than 3 messages within 5 mins. In this behavior occurs even once, the device defender will consider it as an anomaly and will raise alert through the email notification (using SNS Topic and Subscription).
-
On the next screen, you select dojodevicetopic as the SNS Topic and select dojoiotrole as the Role. Click on the Next button.
-
On the next screen, check the option All things and then click on the Next button. Here you can associate policy to all things or specific set of things.
-
Finally on the Confirm screen, click on the Save and then Continue button.
-
The security profile is created. Let’s create a device client which sends more than 3 messages within 5 mins to check if the device defender raises alerts and sends email about it.