ListViolationEvents
Note
The Amazon IoT Device Defender detect feature will no longer be available to new customers starting August 31, 2026. If you would like to use the detect feature, sign up prior to August 31, 2026. To learn about alternatives to Amazon IoT Device Defender detect, see Amazon IoT Device Defender detect feature availability change. There is no change to Amazon IoT Device Defender audit availability.
Lists the Device Defender security profile violations discovered during the given time period. You can use filters to limit the results to those alerts issued for a particular security profile, behavior, or thing (device).
Requires permission to access the ListViolationEvents action.
Request Syntax
GET /violation-events?behaviorCriteriaType=behaviorCriteriaType&endTime=endTime&listSuppressedAlerts=listSuppressedAlerts&maxResults=maxResults&nextToken=nextToken&securityProfileName=securityProfileName&startTime=startTime&thingName=thingName&verificationState=verificationState HTTP/1.1
URI Request Parameters
The request uses the following URI parameters.
- behaviorCriteriaType
-
The criteria for a behavior.
Valid Values:
STATIC | STATISTICAL | MACHINE_LEARNING - endTime
-
The end time for the alerts to be listed.
Required: Yes
- listSuppressedAlerts
-
A list of all suppressed alerts.
- maxResults
-
The maximum number of results to return at one time.
Valid Range: Minimum value of 1. Maximum value of 250.
- nextToken
-
The token for the next set of results.
- securityProfileName
-
A filter to limit results to those alerts generated by the specified security profile.
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern:
[a-zA-Z0-9:_-]+ - startTime
-
The start time for the alerts to be listed.
Required: Yes
- thingName
-
A filter to limit results to those alerts caused by the specified thing.
Length Constraints: Minimum length of 1. Maximum length of 128.
- verificationState
-
The verification state of the violation (detect alarm).
Valid Values:
FALSE_POSITIVE | BENIGN_POSITIVE | TRUE_POSITIVE | UNKNOWN
Request Body
The request does not have a request body.
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"nextToken": "string",
"violationEvents": [
{
"behavior": {
"criteria": {
"comparisonOperator": "string",
"consecutiveDatapointsToAlarm": number,
"consecutiveDatapointsToClear": number,
"durationSeconds": number,
"mlDetectionConfig": {
"confidenceLevel": "string"
},
"statisticalThreshold": {
"statistic": "string"
},
"value": {
"cidrs": [ "string" ],
"count": number,
"number": number,
"numbers": [ number ],
"ports": [ number ],
"strings": [ "string" ]
}
},
"exportMetric": boolean,
"metric": "string",
"metricDimension": {
"dimensionName": "string",
"operator": "string"
},
"name": "string",
"suppressAlerts": boolean
},
"metricValue": {
"cidrs": [ "string" ],
"count": number,
"number": number,
"numbers": [ number ],
"ports": [ number ],
"strings": [ "string" ]
},
"securityProfileName": "string",
"thingName": "string",
"verificationState": "string",
"verificationStateDescription": "string",
"violationEventAdditionalInfo": {
"confidenceLevel": "string"
},
"violationEventTime": number,
"violationEventType": "string",
"violationId": "string"
}
]
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- nextToken
-
A token that can be used to retrieve the next set of results, or
nullif there are no additional results.Type: String
- violationEvents
-
The security profile violation alerts issued for this account during the given time period, potentially filtered by security profile, behavior violated, or thing (device) violating.
Type: Array of ViolationEvent objects
Errors
- InternalFailureException
-
An unexpected error has occurred.
- message
-
The message for the exception.
HTTP Status Code: 500
- InvalidRequestException
-
The request is not valid.
- message
-
The message for the exception.
HTTP Status Code: 400
- ThrottlingException
-
The rate exceeds the limit.
- message
-
The message for the exception.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific Amazon SDKs, see the following: