Azure Native v1.102.0, May 2 23

azure-native.security.IotSecuritySolution

Explore with Pulumi AI

IoT Security solution configuration and resource information. API Version: 2019-08-01.

Example Usage

Create or update a IoT security solution

using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var iotSecuritySolution = new AzureNative.Security.IotSecuritySolution("iotSecuritySolution", new()
    {
        DisabledDataSources = new[] {},
        DisplayName = "Solution Default",
        Export = new[] {},
        IotHubs = new[]
        {
            "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub",
        },
        Location = "East Us",
        RecommendationsConfiguration = new[]
        {
            new AzureNative.Security.Inputs.RecommendationConfigurationPropertiesArgs
            {
                RecommendationType = "IoT_OpenPorts",
                Status = "Disabled",
            },
            new AzureNative.Security.Inputs.RecommendationConfigurationPropertiesArgs
            {
                RecommendationType = "IoT_SharedCredentials",
                Status = "Disabled",
            },
        },
        ResourceGroupName = "MyGroup",
        SolutionName = "default",
        Status = "Enabled",
        Tags = null,
        UnmaskedIpLoggingStatus = "Enabled",
        UserDefinedResources = new AzureNative.Security.Inputs.UserDefinedResourcesPropertiesArgs
        {
            Query = "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"",
            QuerySubscriptions = new[]
            {
                "075423e9-7d33-4166-8bdf-3920b04e3735",
            },
        },
        Workspace = "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1",
    });

});

package main

import (
	security "github.com/pulumi/pulumi-azure-native/sdk/go/azure/security"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := security.NewIotSecuritySolution(ctx, "iotSecuritySolution", &security.IotSecuritySolutionArgs{
			DisabledDataSources: pulumi.StringArray{},
			DisplayName:         pulumi.String("Solution Default"),
			Export:              pulumi.StringArray{},
			IotHubs: pulumi.StringArray{
				pulumi.String("/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"),
			},
			Location: pulumi.String("East Us"),
			RecommendationsConfiguration: []security.RecommendationConfigurationPropertiesArgs{
				{
					RecommendationType: pulumi.String("IoT_OpenPorts"),
					Status:             pulumi.String("Disabled"),
				},
				{
					RecommendationType: pulumi.String("IoT_SharedCredentials"),
					Status:             pulumi.String("Disabled"),
				},
			},
			ResourceGroupName:       pulumi.String("MyGroup"),
			SolutionName:            pulumi.String("default"),
			Status:                  pulumi.String("Enabled"),
			Tags:                    nil,
			UnmaskedIpLoggingStatus: pulumi.String("Enabled"),
			UserDefinedResources: security.UserDefinedResourcesPropertiesResponse{
				Query: pulumi.String("where type != \"microsoft.devices/iothubs\" | where name contains \"iot\""),
				QuerySubscriptions: pulumi.StringArray{
					pulumi.String("075423e9-7d33-4166-8bdf-3920b04e3735"),
				},
			},
			Workspace: pulumi.String("/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.security.IotSecuritySolution;
import com.pulumi.azurenative.security.IotSecuritySolutionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var iotSecuritySolution = new IotSecuritySolution("iotSecuritySolution", IotSecuritySolutionArgs.builder()        
            .disabledDataSources()
            .displayName("Solution Default")
            .export()
            .iotHubs("/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub")
            .location("East Us")
            .recommendationsConfiguration(            
                Map.ofEntries(
                    Map.entry("recommendationType", "IoT_OpenPorts"),
                    Map.entry("status", "Disabled")
                ),
                Map.ofEntries(
                    Map.entry("recommendationType", "IoT_SharedCredentials"),
                    Map.entry("status", "Disabled")
                ))
            .resourceGroupName("MyGroup")
            .solutionName("default")
            .status("Enabled")
            .tags()
            .unmaskedIpLoggingStatus("Enabled")
            .userDefinedResources(Map.ofEntries(
                Map.entry("query", "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\""),
                Map.entry("querySubscriptions", "075423e9-7d33-4166-8bdf-3920b04e3735")
            ))
            .workspace("/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1")
            .build());

    }
}

import pulumi
import pulumi_azure_native as azure_native

iot_security_solution = azure_native.security.IotSecuritySolution("iotSecuritySolution",
    disabled_data_sources=[],
    display_name="Solution Default",
    export=[],
    iot_hubs=["/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"],
    location="East Us",
    recommendations_configuration=[
        {
            "recommendationType": "IoT_OpenPorts",
            "status": "Disabled",
        },
        {
            "recommendationType": "IoT_SharedCredentials",
            "status": "Disabled",
        },
    ],
    resource_group_name="MyGroup",
    solution_name="default",
    status="Enabled",
    tags={},
    unmasked_ip_logging_status="Enabled",
    user_defined_resources=azure_native.security.UserDefinedResourcesPropertiesResponseArgs(
        query="where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"",
        query_subscriptions=["075423e9-7d33-4166-8bdf-3920b04e3735"],
    ),
    workspace="/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1")

import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const iotSecuritySolution = new azure_native.security.IotSecuritySolution("iotSecuritySolution", {
    disabledDataSources: [],
    displayName: "Solution Default",
    "export": [],
    iotHubs: ["/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"],
    location: "East Us",
    recommendationsConfiguration: [
        {
            recommendationType: "IoT_OpenPorts",
            status: "Disabled",
        },
        {
            recommendationType: "IoT_SharedCredentials",
            status: "Disabled",
        },
    ],
    resourceGroupName: "MyGroup",
    solutionName: "default",
    status: "Enabled",
    tags: {},
    unmaskedIpLoggingStatus: "Enabled",
    userDefinedResources: {
        query: "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"",
        querySubscriptions: ["075423e9-7d33-4166-8bdf-3920b04e3735"],
    },
    workspace: "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1",
});

resources:
  iotSecuritySolution:
    type: azure-native:security:IotSecuritySolution
    properties:
      disabledDataSources: []
      displayName: Solution Default
      export: []
      iotHubs:
        - /subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub
      location: East Us
      recommendationsConfiguration:
        - recommendationType: IoT_OpenPorts
          status: Disabled
        - recommendationType: IoT_SharedCredentials
          status: Disabled
      resourceGroupName: MyGroup
      solutionName: default
      status: Enabled
      tags: {}
      unmaskedIpLoggingStatus: Enabled
      userDefinedResources:
        query: where type != "microsoft.devices/iothubs" | where name contains "iot"
        querySubscriptions:
          - 075423e9-7d33-4166-8bdf-3920b04e3735
      workspace: /subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1

Create IotSecuritySolution Resource

new IotSecuritySolution(name: string, args: IotSecuritySolutionArgs, opts?: CustomResourceOptions);

@overload
def IotSecuritySolution(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        additional_workspaces: Optional[Sequence[AdditionalWorkspacesPropertiesArgs]] = None,
                        disabled_data_sources: Optional[Sequence[Union[str, DataSource]]] = None,
                        display_name: Optional[str] = None,
                        export: Optional[Sequence[Union[str, ExportData]]] = None,
                        iot_hubs: Optional[Sequence[str]] = None,
                        location: Optional[str] = None,
                        recommendations_configuration: Optional[Sequence[RecommendationConfigurationPropertiesArgs]] = None,
                        resource_group_name: Optional[str] = None,
                        solution_name: Optional[str] = None,
                        status: Optional[Union[str, SecuritySolutionStatus]] = None,
                        tags: Optional[Mapping[str, str]] = None,
                        unmasked_ip_logging_status: Optional[Union[str, UnmaskedIpLoggingStatus]] = None,
                        user_defined_resources: Optional[UserDefinedResourcesPropertiesArgs] = None,
                        workspace: Optional[str] = None)
@overload
def IotSecuritySolution(resource_name: str,
                        args: IotSecuritySolutionArgs,
                        opts: Optional[ResourceOptions] = None)

func NewIotSecuritySolution(ctx *Context, name string, args IotSecuritySolutionArgs, opts ...ResourceOption) (*IotSecuritySolution, error)

public IotSecuritySolution(string name, IotSecuritySolutionArgs args, CustomResourceOptions? opts = null)

public IotSecuritySolution(String name, IotSecuritySolutionArgs args)
public IotSecuritySolution(String name, IotSecuritySolutionArgs args, CustomResourceOptions options)

type: azure-native:security:IotSecuritySolution
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args IotSecuritySolutionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args IotSecuritySolutionArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args IotSecuritySolutionArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args IotSecuritySolutionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args IotSecuritySolutionArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

IotSecuritySolution Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The IotSecuritySolution resource accepts the following input properties:

DisplayName string: Resource display name.
IotHubs List<string>: IoT Hub resource IDs
ResourceGroupName string: The name of the resource group within the user's subscription. The name is case insensitive.
AdditionalWorkspaces List<Pulumi.AzureNative.Security.Inputs.AdditionalWorkspacesPropertiesArgs>: List of additional workspaces
DisabledDataSources List<Union<string, Pulumi.AzureNative.Security.DataSource>>: Disabled data sources. Disabling these data sources compromises the system.
Export List<Union<string, Pulumi.AzureNative.Security.ExportData>>: List of additional options for exporting to workspace data.
Location string: The resource location.
RecommendationsConfiguration List<Pulumi.AzureNative.Security.Inputs.RecommendationConfigurationPropertiesArgs>: List of the configuration status for each recommendation type.
SolutionName string: The name of the IoT Security solution.
Status string | Pulumi.AzureNative.Security.SecuritySolutionStatus: Status of the IoT Security solution.
Tags Dictionary<string, string>: Resource tags
UnmaskedIpLoggingStatus string | Pulumi.AzureNative.Security.UnmaskedIpLoggingStatus: Unmasked IP address logging status
UserDefinedResources Pulumi.AzureNative.Security.Inputs.UserDefinedResourcesPropertiesArgs: Properties of the IoT Security solution's user defined resources.
Workspace string: Workspace resource ID

DisplayName string: Resource display name.
IotHubs []string: IoT Hub resource IDs
ResourceGroupName string: The name of the resource group within the user's subscription. The name is case insensitive.
AdditionalWorkspaces []AdditionalWorkspacesPropertiesArgs: List of additional workspaces
DisabledDataSources []string: Disabled data sources. Disabling these data sources compromises the system.
Export []string: List of additional options for exporting to workspace data.
Location string: The resource location.
RecommendationsConfiguration []RecommendationConfigurationPropertiesArgs: List of the configuration status for each recommendation type.
SolutionName string: The name of the IoT Security solution.
Status string | SecuritySolutionStatus: Status of the IoT Security solution.
Tags map[string]string: Resource tags
UnmaskedIpLoggingStatus string | UnmaskedIpLoggingStatus: Unmasked IP address logging status
UserDefinedResources UserDefinedResourcesPropertiesArgs: Properties of the IoT Security solution's user defined resources.
Workspace string: Workspace resource ID

displayName String: Resource display name.
iotHubs List<String>: IoT Hub resource IDs
resourceGroupName String: The name of the resource group within the user's subscription. The name is case insensitive.
additionalWorkspaces List<AdditionalWorkspacesPropertiesArgs>: List of additional workspaces
disabledDataSources List<Either<String,DataSource>>: Disabled data sources. Disabling these data sources compromises the system.
export List<Either<String,ExportData>>: List of additional options for exporting to workspace data.
location String: The resource location.
recommendationsConfiguration List<RecommendationConfigurationPropertiesArgs>: List of the configuration status for each recommendation type.
solutionName String: The name of the IoT Security solution.
status String | SecuritySolutionStatus: Status of the IoT Security solution.
tags Map<String,String>: Resource tags
unmaskedIpLoggingStatus String | UnmaskedIpLoggingStatus: Unmasked IP address logging status
userDefinedResources UserDefinedResourcesPropertiesArgs: Properties of the IoT Security solution's user defined resources.
workspace String: Workspace resource ID

displayName string: Resource display name.
iotHubs string[]: IoT Hub resource IDs
resourceGroupName string: The name of the resource group within the user's subscription. The name is case insensitive.
additionalWorkspaces AdditionalWorkspacesPropertiesArgs[]: List of additional workspaces
disabledDataSources (string | DataSource)[]: Disabled data sources. Disabling these data sources compromises the system.
export (string | ExportData)[]: List of additional options for exporting to workspace data.
location string: The resource location.
recommendationsConfiguration RecommendationConfigurationPropertiesArgs[]: List of the configuration status for each recommendation type.
solutionName string: The name of the IoT Security solution.
status string | SecuritySolutionStatus: Status of the IoT Security solution.
tags {[key: string]: string}: Resource tags
unmaskedIpLoggingStatus string | UnmaskedIpLoggingStatus: Unmasked IP address logging status
userDefinedResources UserDefinedResourcesPropertiesArgs: Properties of the IoT Security solution's user defined resources.
workspace string: Workspace resource ID

display_name str: Resource display name.
iot_hubs Sequence[str]: IoT Hub resource IDs
resource_group_name str: The name of the resource group within the user's subscription. The name is case insensitive.
additional_workspaces Sequence[AdditionalWorkspacesPropertiesArgs]: List of additional workspaces
disabled_data_sources Sequence[Union[str, DataSource]]: Disabled data sources. Disabling these data sources compromises the system.
export Sequence[Union[str, ExportData]]: List of additional options for exporting to workspace data.
location str: The resource location.
recommendations_configuration Sequence[RecommendationConfigurationPropertiesArgs]: List of the configuration status for each recommendation type.
solution_name str: The name of the IoT Security solution.
status str | SecuritySolutionStatus: Status of the IoT Security solution.
tags Mapping[str, str]: Resource tags
unmasked_ip_logging_status str | UnmaskedIpLoggingStatus: Unmasked IP address logging status
user_defined_resources UserDefinedResourcesPropertiesArgs: Properties of the IoT Security solution's user defined resources.
workspace str: Workspace resource ID

displayName String: Resource display name.
iotHubs List<String>: IoT Hub resource IDs
resourceGroupName String: The name of the resource group within the user's subscription. The name is case insensitive.
additionalWorkspaces List<Property Map>: List of additional workspaces
disabledDataSources List<String | "TwinData">: Disabled data sources. Disabling these data sources compromises the system.
export List<String | "RawEvents">: List of additional options for exporting to workspace data.
location String: The resource location.
recommendationsConfiguration List<Property Map>: List of the configuration status for each recommendation type.
solutionName String: The name of the IoT Security solution.
status String | "Enabled" | "Disabled": Status of the IoT Security solution.
tags Map<String>: Resource tags
unmaskedIpLoggingStatus String | "Disabled" | "Enabled": Unmasked IP address logging status
userDefinedResources Property Map: Properties of the IoT Security solution's user defined resources.
workspace String: Workspace resource ID

Outputs

All input properties are implicitly available as output properties. Additionally, the IotSecuritySolution resource produces the following output properties:

AutoDiscoveredResources List<string>: List of resources that were automatically discovered as relevant to the security solution.
Id string: The provider-assigned unique ID for this managed resource.
Name string: Resource name
SystemData Pulumi.AzureNative.Security.Outputs.SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
Type string: Resource type

AutoDiscoveredResources []string: List of resources that were automatically discovered as relevant to the security solution.
Id string: The provider-assigned unique ID for this managed resource.
Name string: Resource name
SystemData SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
Type string: Resource type

autoDiscoveredResources List<String>: List of resources that were automatically discovered as relevant to the security solution.
id String: The provider-assigned unique ID for this managed resource.
name String: Resource name
systemData SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
type String: Resource type

autoDiscoveredResources string[]: List of resources that were automatically discovered as relevant to the security solution.
id string: The provider-assigned unique ID for this managed resource.
name string: Resource name
systemData SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
type string: Resource type

auto_discovered_resources Sequence[str]: List of resources that were automatically discovered as relevant to the security solution.
id str: The provider-assigned unique ID for this managed resource.
name str: Resource name
system_data SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
type str: Resource type

autoDiscoveredResources List<String>: List of resources that were automatically discovered as relevant to the security solution.
id String: The provider-assigned unique ID for this managed resource.
name String: Resource name
systemData Property Map: Azure Resource Manager metadata containing createdBy and modifiedBy information.
type String: Resource type

Supporting Types

AdditionalWorkspaceDataType

Alerts: Alerts
RawEvents: RawEvents

AdditionalWorkspaceDataTypeAlerts: Alerts
AdditionalWorkspaceDataTypeRawEvents: RawEvents

Alerts: Alerts
RawEvents: RawEvents

Alerts: Alerts
RawEvents: RawEvents

ALERTS: Alerts
RAW_EVENTS: RawEvents

"Alerts": Alerts
"RawEvents": RawEvents

AdditionalWorkspaceType

Sentinel: Sentinel

AdditionalWorkspaceTypeSentinel: Sentinel

Sentinel: Sentinel

Sentinel: Sentinel

SENTINEL: Sentinel

"Sentinel": Sentinel

AdditionalWorkspacesProperties

DataTypes List<Union<string, Pulumi.AzureNative.Security.AdditionalWorkspaceDataType>>: List of data types sent to workspace
Type string | Pulumi.AzureNative.Security.AdditionalWorkspaceType: Workspace type.
Workspace string: Workspace resource id

DataTypes []string: List of data types sent to workspace
Type string | AdditionalWorkspaceType: Workspace type.
Workspace string: Workspace resource id

dataTypes List<Either<String,AdditionalWorkspaceDataType>>: List of data types sent to workspace
type String | AdditionalWorkspaceType: Workspace type.
workspace String: Workspace resource id

dataTypes (string | AdditionalWorkspaceDataType)[]: List of data types sent to workspace
type string | AdditionalWorkspaceType: Workspace type.
workspace string: Workspace resource id

data_types Sequence[Union[str, AdditionalWorkspaceDataType]]: List of data types sent to workspace
type str | AdditionalWorkspaceType: Workspace type.
workspace str: Workspace resource id

dataTypes List<String | "Alerts" | "RawEvents">: List of data types sent to workspace
type String | "Sentinel": Workspace type.
workspace String: Workspace resource id

AdditionalWorkspacesPropertiesResponse

DataTypes List<string>: List of data types sent to workspace
Type string: Workspace type.
Workspace string: Workspace resource id

DataTypes []string: List of data types sent to workspace
Type string: Workspace type.
Workspace string: Workspace resource id

dataTypes List<String>: List of data types sent to workspace
type String: Workspace type.
workspace String: Workspace resource id

dataTypes string[]: List of data types sent to workspace
type string: Workspace type.
workspace string: Workspace resource id

data_types Sequence[str]: List of data types sent to workspace
type str: Workspace type.
workspace str: Workspace resource id

dataTypes List<String>: List of data types sent to workspace
type String: Workspace type.
workspace String: Workspace resource id

DataSource

TwinData: TwinData
Devices twin data

DataSourceTwinData: TwinData
Devices twin data

TwinData: TwinData
Devices twin data

TwinData: TwinData
Devices twin data

TWIN_DATA: TwinData
Devices twin data

"TwinData": TwinData
Devices twin data

ExportData

RawEvents: RawEvents
Agent raw events

ExportDataRawEvents: RawEvents
Agent raw events

RawEvents: RawEvents
Agent raw events

RawEvents: RawEvents
Agent raw events

RAW_EVENTS: RawEvents
Agent raw events

"RawEvents": RawEvents
Agent raw events

RecommendationConfigStatus

Disabled: Disabled
Enabled: Enabled

RecommendationConfigStatusDisabled: Disabled
RecommendationConfigStatusEnabled: Enabled

Disabled: Disabled
Enabled: Enabled

Disabled: Disabled
Enabled: Enabled

DISABLED: Disabled
ENABLED: Enabled

"Disabled": Disabled
"Enabled": Enabled

RecommendationConfigurationProperties

RecommendationType string | Pulumi.AzureNative.Security.RecommendationType: The type of IoT Security recommendation.
Status string | Pulumi.AzureNative.Security.RecommendationConfigStatus: Recommendation status. When the recommendation status is disabled recommendations are not generated.

RecommendationType string | RecommendationType: The type of IoT Security recommendation.
Status string | RecommendationConfigStatus: Recommendation status. When the recommendation status is disabled recommendations are not generated.

recommendationType String | RecommendationType: The type of IoT Security recommendation.
status String | RecommendationConfigStatus: Recommendation status. When the recommendation status is disabled recommendations are not generated.

recommendationType string | RecommendationType: The type of IoT Security recommendation.
status string | RecommendationConfigStatus: Recommendation status. When the recommendation status is disabled recommendations are not generated.

recommendation_type str | RecommendationType: The type of IoT Security recommendation.
status str | RecommendationConfigStatus: Recommendation status. When the recommendation status is disabled recommendations are not generated.

recommendationType String | "IoT_ACRAuthentication" | "IoT_AgentSendsUnutilizedMessages" | "IoT_Baseline" | "IoT_EdgeHubMemOptimize" | "IoT_EdgeLoggingOptions" | "IoT_InconsistentModuleSettings" | "IoT_InstallAgent" | "IoT_IPFilter_DenyAll" | "IoT_IPFilter_PermissiveRule" | "IoT_OpenPorts" | "IoT_PermissiveFirewallPolicy" | "IoT_PermissiveInputFirewallRules" | "IoT_PermissiveOutputFirewallRules" | "IoT_PrivilegedDockerOptions" | "IoT_SharedCredentials" | "IoT_VulnerableTLSCipherSuite": The type of IoT Security recommendation.
status String | "Disabled" | "Enabled": Recommendation status. When the recommendation status is disabled recommendations are not generated.

RecommendationConfigurationPropertiesResponse

Name string
RecommendationType string: The type of IoT Security recommendation.
Status string: Recommendation status. When the recommendation status is disabled recommendations are not generated.

Name string
RecommendationType string: The type of IoT Security recommendation.
Status string: Recommendation status. When the recommendation status is disabled recommendations are not generated.

name String
recommendationType String: The type of IoT Security recommendation.
status String: Recommendation status. When the recommendation status is disabled recommendations are not generated.

name string
recommendationType string: The type of IoT Security recommendation.
status string: Recommendation status. When the recommendation status is disabled recommendations are not generated.

name str
recommendation_type str: The type of IoT Security recommendation.
status str: Recommendation status. When the recommendation status is disabled recommendations are not generated.

name String
recommendationType String: The type of IoT Security recommendation.
status String: Recommendation status. When the recommendation status is disabled recommendations are not generated.

RecommendationType

IoT_ACRAuthentication: IoT_ACRAuthentication
Authentication schema used for pull an edge module from an ACR repository does not use Service Principal Authentication.
IoT_AgentSendsUnutilizedMessages: IoT_AgentSendsUnutilizedMessages
IoT agent message size capacity is currently underutilized, causing an increase in the number of sent messages. Adjust message intervals for better utilization.
IoT_Baseline: IoT_Baseline
Identified security related system configuration issues.
IoT_EdgeHubMemOptimize: IoT_EdgeHubMemOptimize
You can optimize Edge Hub memory usage by turning off protocol heads for any protocols not used by Edge modules in your solution.
IoT_EdgeLoggingOptions: IoT_EdgeLoggingOptions
Logging is disabled for this edge module.
IoT_InconsistentModuleSettings: IoT_InconsistentModuleSettings
A minority within a device security group has inconsistent Edge Module settings with the rest of their group.
IoT_InstallAgent: IoT_InstallAgent
Install the Azure Security of Things Agent.
IoT_IPFilter_DenyAll: IoT_IPFilter_DenyAll
IP Filter Configuration should have rules defined for allowed traffic and should deny all other traffic by default.
IoT_IPFilter_PermissiveRule: IoT_IPFilter_PermissiveRule
An Allow IP Filter rules source IP range is too large. Overly permissive rules might expose your IoT hub to malicious intenders.
IoT_OpenPorts: IoT_OpenPorts
A listening endpoint was found on the device.
IoT_PermissiveFirewallPolicy: IoT_PermissiveFirewallPolicy
An Allowed firewall policy was found (INPUT/OUTPUT). The policy should Deny all traffic by default and define rules to allow necessary communication to/from the device.
IoT_PermissiveInputFirewallRules: IoT_PermissiveInputFirewallRules
A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or Ports.
IoT_PermissiveOutputFirewallRules: IoT_PermissiveOutputFirewallRules
A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or Ports.
IoT_PrivilegedDockerOptions: IoT_PrivilegedDockerOptions
Edge module is configured to run in privileged mode, with extensive Linux capabilities or with host-level network access (send/receive data to host machine).
IoT_SharedCredentials: IoT_SharedCredentials
Same authentication credentials to the IoT Hub used by multiple devices. This could indicate an illegitimate device impersonating a legitimate device. It also exposes the risk of device impersonation by an attacker.
IoT_VulnerableTLSCipherSuite: IoT_VulnerableTLSCipherSuite
Insecure TLS configurations detected. Immediate upgrade recommended.

RecommendationType_IoT_ACRAuthentication: IoT_ACRAuthentication
Authentication schema used for pull an edge module from an ACR repository does not use Service Principal Authentication.
RecommendationType_IoT_AgentSendsUnutilizedMessages: IoT_AgentSendsUnutilizedMessages
IoT agent message size capacity is currently underutilized, causing an increase in the number of sent messages. Adjust message intervals for better utilization.
RecommendationType_IoT_Baseline: IoT_Baseline
Identified security related system configuration issues.
RecommendationType_IoT_EdgeHubMemOptimize: IoT_EdgeHubMemOptimize
You can optimize Edge Hub memory usage by turning off protocol heads for any protocols not used by Edge modules in your solution.
RecommendationType_IoT_EdgeLoggingOptions: IoT_EdgeLoggingOptions
Logging is disabled for this edge module.
RecommendationType_IoT_InconsistentModuleSettings: IoT_InconsistentModuleSettings
A minority within a device security group has inconsistent Edge Module settings with the rest of their group.
RecommendationType_IoT_InstallAgent: IoT_InstallAgent
Install the Azure Security of Things Agent.
RecommendationType_IoT_IPFilter_DenyAll: IoT_IPFilter_DenyAll
IP Filter Configuration should have rules defined for allowed traffic and should deny all other traffic by default.
RecommendationType_IoT_IPFilter_PermissiveRule: IoT_IPFilter_PermissiveRule
An Allow IP Filter rules source IP range is too large. Overly permissive rules might expose your IoT hub to malicious intenders.
RecommendationType_IoT_OpenPorts: IoT_OpenPorts
A listening endpoint was found on the device.
RecommendationType_IoT_PermissiveFirewallPolicy: IoT_PermissiveFirewallPolicy
An Allowed firewall policy was found (INPUT/OUTPUT). The policy should Deny all traffic by default and define rules to allow necessary communication to/from the device.
RecommendationType_IoT_PermissiveInputFirewallRules: IoT_PermissiveInputFirewallRules
A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or Ports.
RecommendationType_IoT_PermissiveOutputFirewallRules: IoT_PermissiveOutputFirewallRules
A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or Ports.
RecommendationType_IoT_PrivilegedDockerOptions: IoT_PrivilegedDockerOptions
Edge module is configured to run in privileged mode, with extensive Linux capabilities or with host-level network access (send/receive data to host machine).
RecommendationType_IoT_SharedCredentials: IoT_SharedCredentials
Same authentication credentials to the IoT Hub used by multiple devices. This could indicate an illegitimate device impersonating a legitimate device. It also exposes the risk of device impersonation by an attacker.
RecommendationType_IoT_VulnerableTLSCipherSuite: IoT_VulnerableTLSCipherSuite
Insecure TLS configurations detected. Immediate upgrade recommended.

IoT_ACRAuthentication: IoT_ACRAuthentication
Authentication schema used for pull an edge module from an ACR repository does not use Service Principal Authentication.
IoT_AgentSendsUnutilizedMessages: IoT_AgentSendsUnutilizedMessages
IoT agent message size capacity is currently underutilized, causing an increase in the number of sent messages. Adjust message intervals for better utilization.
IoT_Baseline: IoT_Baseline
Identified security related system configuration issues.
IoT_EdgeHubMemOptimize: IoT_EdgeHubMemOptimize
You can optimize Edge Hub memory usage by turning off protocol heads for any protocols not used by Edge modules in your solution.
IoT_EdgeLoggingOptions: IoT_EdgeLoggingOptions
Logging is disabled for this edge module.
IoT_InconsistentModuleSettings: IoT_InconsistentModuleSettings
A minority within a device security group has inconsistent Edge Module settings with the rest of their group.
IoT_InstallAgent: IoT_InstallAgent
Install the Azure Security of Things Agent.
IoT_IPFilter_DenyAll: IoT_IPFilter_DenyAll
IP Filter Configuration should have rules defined for allowed traffic and should deny all other traffic by default.
IoT_IPFilter_PermissiveRule: IoT_IPFilter_PermissiveRule
An Allow IP Filter rules source IP range is too large. Overly permissive rules might expose your IoT hub to malicious intenders.
IoT_OpenPorts: IoT_OpenPorts
A listening endpoint was found on the device.
IoT_PermissiveFirewallPolicy: IoT_PermissiveFirewallPolicy
An Allowed firewall policy was found (INPUT/OUTPUT). The policy should Deny all traffic by default and define rules to allow necessary communication to/from the device.
IoT_PermissiveInputFirewallRules: IoT_PermissiveInputFirewallRules
A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or Ports.
IoT_PermissiveOutputFirewallRules: IoT_PermissiveOutputFirewallRules
A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or Ports.
IoT_PrivilegedDockerOptions: IoT_PrivilegedDockerOptions
Edge module is configured to run in privileged mode, with extensive Linux capabilities or with host-level network access (send/receive data to host machine).
IoT_SharedCredentials: IoT_SharedCredentials
Same authentication credentials to the IoT Hub used by multiple devices. This could indicate an illegitimate device impersonating a legitimate device. It also exposes the risk of device impersonation by an attacker.
IoT_VulnerableTLSCipherSuite: IoT_VulnerableTLSCipherSuite
Insecure TLS configurations detected. Immediate upgrade recommended.

IoT_ACRAuthentication: IoT_ACRAuthentication
Authentication schema used for pull an edge module from an ACR repository does not use Service Principal Authentication.
IoT_AgentSendsUnutilizedMessages: IoT_AgentSendsUnutilizedMessages
IoT agent message size capacity is currently underutilized, causing an increase in the number of sent messages. Adjust message intervals for better utilization.
IoT_Baseline: IoT_Baseline
Identified security related system configuration issues.
IoT_EdgeHubMemOptimize: IoT_EdgeHubMemOptimize
You can optimize Edge Hub memory usage by turning off protocol heads for any protocols not used by Edge modules in your solution.
IoT_EdgeLoggingOptions: IoT_EdgeLoggingOptions
Logging is disabled for this edge module.
IoT_InconsistentModuleSettings: IoT_InconsistentModuleSettings
A minority within a device security group has inconsistent Edge Module settings with the rest of their group.
IoT_InstallAgent: IoT_InstallAgent
Install the Azure Security of Things Agent.
IoT_IPFilter_DenyAll: IoT_IPFilter_DenyAll
IP Filter Configuration should have rules defined for allowed traffic and should deny all other traffic by default.
IoT_IPFilter_PermissiveRule: IoT_IPFilter_PermissiveRule
An Allow IP Filter rules source IP range is too large. Overly permissive rules might expose your IoT hub to malicious intenders.
IoT_OpenPorts: IoT_OpenPorts
A listening endpoint was found on the device.
IoT_PermissiveFirewallPolicy: IoT_PermissiveFirewallPolicy
An Allowed firewall policy was found (INPUT/OUTPUT). The policy should Deny all traffic by default and define rules to allow necessary communication to/from the device.
IoT_PermissiveInputFirewallRules: IoT_PermissiveInputFirewallRules
A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or Ports.
IoT_PermissiveOutputFirewallRules: IoT_PermissiveOutputFirewallRules
A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or Ports.
IoT_PrivilegedDockerOptions: IoT_PrivilegedDockerOptions
Edge module is configured to run in privileged mode, with extensive Linux capabilities or with host-level network access (send/receive data to host machine).
IoT_SharedCredentials: IoT_SharedCredentials
Same authentication credentials to the IoT Hub used by multiple devices. This could indicate an illegitimate device impersonating a legitimate device. It also exposes the risk of device impersonation by an attacker.
IoT_VulnerableTLSCipherSuite: IoT_VulnerableTLSCipherSuite
Insecure TLS configurations detected. Immediate upgrade recommended.

IO_T_ACR_AUTHENTICATION: IoT_ACRAuthentication
Authentication schema used for pull an edge module from an ACR repository does not use Service Principal Authentication.
IO_T_AGENT_SENDS_UNUTILIZED_MESSAGES: IoT_AgentSendsUnutilizedMessages
IoT agent message size capacity is currently underutilized, causing an increase in the number of sent messages. Adjust message intervals for better utilization.
IO_T_BASELINE: IoT_Baseline
Identified security related system configuration issues.
IO_T_EDGE_HUB_MEM_OPTIMIZE: IoT_EdgeHubMemOptimize
You can optimize Edge Hub memory usage by turning off protocol heads for any protocols not used by Edge modules in your solution.
IO_T_EDGE_LOGGING_OPTIONS: IoT_EdgeLoggingOptions
Logging is disabled for this edge module.
IO_T_INCONSISTENT_MODULE_SETTINGS: IoT_InconsistentModuleSettings
A minority within a device security group has inconsistent Edge Module settings with the rest of their group.
IO_T_INSTALL_AGENT: IoT_InstallAgent
Install the Azure Security of Things Agent.
IO_T_IP_FILTER_DENY_ALL: IoT_IPFilter_DenyAll
IP Filter Configuration should have rules defined for allowed traffic and should deny all other traffic by default.
IO_T_IP_FILTER_PERMISSIVE_RULE: IoT_IPFilter_PermissiveRule
An Allow IP Filter rules source IP range is too large. Overly permissive rules might expose your IoT hub to malicious intenders.
IO_T_OPEN_PORTS: IoT_OpenPorts
A listening endpoint was found on the device.
IO_T_PERMISSIVE_FIREWALL_POLICY: IoT_PermissiveFirewallPolicy
An Allowed firewall policy was found (INPUT/OUTPUT). The policy should Deny all traffic by default and define rules to allow necessary communication to/from the device.
IO_T_PERMISSIVE_INPUT_FIREWALL_RULES: IoT_PermissiveInputFirewallRules
A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or Ports.
IO_T_PERMISSIVE_OUTPUT_FIREWALL_RULES: IoT_PermissiveOutputFirewallRules
A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or Ports.
IO_T_PRIVILEGED_DOCKER_OPTIONS: IoT_PrivilegedDockerOptions
Edge module is configured to run in privileged mode, with extensive Linux capabilities or with host-level network access (send/receive data to host machine).
IO_T_SHARED_CREDENTIALS: IoT_SharedCredentials
Same authentication credentials to the IoT Hub used by multiple devices. This could indicate an illegitimate device impersonating a legitimate device. It also exposes the risk of device impersonation by an attacker.
IO_T_VULNERABLE_TLS_CIPHER_SUITE: IoT_VulnerableTLSCipherSuite
Insecure TLS configurations detected. Immediate upgrade recommended.

"IoT_ACRAuthentication": IoT_ACRAuthentication
Authentication schema used for pull an edge module from an ACR repository does not use Service Principal Authentication.
"IoT_AgentSendsUnutilizedMessages": IoT_AgentSendsUnutilizedMessages
IoT agent message size capacity is currently underutilized, causing an increase in the number of sent messages. Adjust message intervals for better utilization.
"IoT_Baseline": IoT_Baseline
Identified security related system configuration issues.
"IoT_EdgeHubMemOptimize": IoT_EdgeHubMemOptimize
You can optimize Edge Hub memory usage by turning off protocol heads for any protocols not used by Edge modules in your solution.
"IoT_EdgeLoggingOptions": IoT_EdgeLoggingOptions
Logging is disabled for this edge module.
"IoT_InconsistentModuleSettings": IoT_InconsistentModuleSettings
A minority within a device security group has inconsistent Edge Module settings with the rest of their group.
"IoT_InstallAgent": IoT_InstallAgent
Install the Azure Security of Things Agent.
"IoT_IPFilter_DenyAll": IoT_IPFilter_DenyAll
IP Filter Configuration should have rules defined for allowed traffic and should deny all other traffic by default.
"IoT_IPFilter_PermissiveRule": IoT_IPFilter_PermissiveRule
An Allow IP Filter rules source IP range is too large. Overly permissive rules might expose your IoT hub to malicious intenders.
"IoT_OpenPorts": IoT_OpenPorts
A listening endpoint was found on the device.
"IoT_PermissiveFirewallPolicy": IoT_PermissiveFirewallPolicy
An Allowed firewall policy was found (INPUT/OUTPUT). The policy should Deny all traffic by default and define rules to allow necessary communication to/from the device.
"IoT_PermissiveInputFirewallRules": IoT_PermissiveInputFirewallRules
A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or Ports.
"IoT_PermissiveOutputFirewallRules": IoT_PermissiveOutputFirewallRules
A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or Ports.
"IoT_PrivilegedDockerOptions": IoT_PrivilegedDockerOptions
Edge module is configured to run in privileged mode, with extensive Linux capabilities or with host-level network access (send/receive data to host machine).
"IoT_SharedCredentials": IoT_SharedCredentials
Same authentication credentials to the IoT Hub used by multiple devices. This could indicate an illegitimate device impersonating a legitimate device. It also exposes the risk of device impersonation by an attacker.
"IoT_VulnerableTLSCipherSuite": IoT_VulnerableTLSCipherSuite
Insecure TLS configurations detected. Immediate upgrade recommended.

SecuritySolutionStatus

Enabled: Enabled
Disabled: Disabled

SecuritySolutionStatusEnabled: Enabled
SecuritySolutionStatusDisabled: Disabled

Enabled: Enabled
Disabled: Disabled

Enabled: Enabled
Disabled: Disabled

ENABLED: Enabled
DISABLED: Disabled

"Enabled": Enabled
"Disabled": Disabled

SystemDataResponse

CreatedAt string: The timestamp of resource creation (UTC).
CreatedBy string: The identity that created the resource.
CreatedByType string: The type of identity that created the resource.
LastModifiedAt string: The timestamp of resource last modification (UTC)
LastModifiedBy string: The identity that last modified the resource.
LastModifiedByType string: The type of identity that last modified the resource.

CreatedAt string: The timestamp of resource creation (UTC).
CreatedBy string: The identity that created the resource.
CreatedByType string: The type of identity that created the resource.
LastModifiedAt string: The timestamp of resource last modification (UTC)
LastModifiedBy string: The identity that last modified the resource.
LastModifiedByType string: The type of identity that last modified the resource.

createdAt String: The timestamp of resource creation (UTC).
createdBy String: The identity that created the resource.
createdByType String: The type of identity that created the resource.
lastModifiedAt String: The timestamp of resource last modification (UTC)
lastModifiedBy String: The identity that last modified the resource.
lastModifiedByType String: The type of identity that last modified the resource.

createdAt string: The timestamp of resource creation (UTC).
createdBy string: The identity that created the resource.
createdByType string: The type of identity that created the resource.
lastModifiedAt string: The timestamp of resource last modification (UTC)
lastModifiedBy string: The identity that last modified the resource.
lastModifiedByType string: The type of identity that last modified the resource.

created_at str: The timestamp of resource creation (UTC).
created_by str: The identity that created the resource.
created_by_type str: The type of identity that created the resource.
last_modified_at str: The timestamp of resource last modification (UTC)
last_modified_by str: The identity that last modified the resource.
last_modified_by_type str: The type of identity that last modified the resource.

createdAt String: The timestamp of resource creation (UTC).
createdBy String: The identity that created the resource.
createdByType String: The type of identity that created the resource.
lastModifiedAt String: The timestamp of resource last modification (UTC)
lastModifiedBy String: The identity that last modified the resource.
lastModifiedByType String: The type of identity that last modified the resource.

UnmaskedIpLoggingStatus

Disabled: Disabled
Unmasked IP logging is disabled
Enabled: Enabled
Unmasked IP logging is enabled

UnmaskedIpLoggingStatusDisabled: Disabled
Unmasked IP logging is disabled
UnmaskedIpLoggingStatusEnabled: Enabled
Unmasked IP logging is enabled

Disabled: Disabled
Unmasked IP logging is disabled
Enabled: Enabled
Unmasked IP logging is enabled

Disabled: Disabled
Unmasked IP logging is disabled
Enabled: Enabled
Unmasked IP logging is enabled

DISABLED: Disabled
Unmasked IP logging is disabled
ENABLED: Enabled
Unmasked IP logging is enabled

"Disabled": Disabled
Unmasked IP logging is disabled
"Enabled": Enabled
Unmasked IP logging is enabled

UserDefinedResourcesProperties

Query string: Azure Resource Graph query which represents the security solution's user defined resources. Required to start with "where type != "Microsoft.Devices/IotHubs""
QuerySubscriptions List<string>: List of Azure subscription ids on which the user defined resources query should be executed.

Query string: Azure Resource Graph query which represents the security solution's user defined resources. Required to start with "where type != "Microsoft.Devices/IotHubs""
QuerySubscriptions []string: List of Azure subscription ids on which the user defined resources query should be executed.

query String: Azure Resource Graph query which represents the security solution's user defined resources. Required to start with "where type != "Microsoft.Devices/IotHubs""
querySubscriptions List<String>: List of Azure subscription ids on which the user defined resources query should be executed.

query string: Azure Resource Graph query which represents the security solution's user defined resources. Required to start with "where type != "Microsoft.Devices/IotHubs""
querySubscriptions string[]: List of Azure subscription ids on which the user defined resources query should be executed.

query str: Azure Resource Graph query which represents the security solution's user defined resources. Required to start with "where type != "Microsoft.Devices/IotHubs""
query_subscriptions Sequence[str]: List of Azure subscription ids on which the user defined resources query should be executed.

query String: Azure Resource Graph query which represents the security solution's user defined resources. Required to start with "where type != "Microsoft.Devices/IotHubs""
querySubscriptions List<String>: List of Azure subscription ids on which the user defined resources query should be executed.

UserDefinedResourcesPropertiesResponse

Query string: Azure Resource Graph query which represents the security solution's user defined resources. Required to start with "where type != "Microsoft.Devices/IotHubs""
QuerySubscriptions List<string>: List of Azure subscription ids on which the user defined resources query should be executed.

Query string: Azure Resource Graph query which represents the security solution's user defined resources. Required to start with "where type != "Microsoft.Devices/IotHubs""
QuerySubscriptions []string: List of Azure subscription ids on which the user defined resources query should be executed.

query String: Azure Resource Graph query which represents the security solution's user defined resources. Required to start with "where type != "Microsoft.Devices/IotHubs""
querySubscriptions List<String>: List of Azure subscription ids on which the user defined resources query should be executed.

query string: Azure Resource Graph query which represents the security solution's user defined resources. Required to start with "where type != "Microsoft.Devices/IotHubs""
querySubscriptions string[]: List of Azure subscription ids on which the user defined resources query should be executed.

query str: Azure Resource Graph query which represents the security solution's user defined resources. Required to start with "where type != "Microsoft.Devices/IotHubs""
query_subscriptions Sequence[str]: List of Azure subscription ids on which the user defined resources query should be executed.

query String: Azure Resource Graph query which represents the security solution's user defined resources. Required to start with "where type != "Microsoft.Devices/IotHubs""
querySubscriptions List<String>: List of Azure subscription ids on which the user defined resources query should be executed.

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:security:IotSecuritySolution default /subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/Locations/eastus/IoTSecuritySolutions/default

Package Details

Repository: Azure Native pulumi/pulumi-azure-native
License: Apache-2.0