# 雲端指標
建立安全性設定檔時,您可以針對 IoT 裝置產生的指標設定行為和閾值,來指定 IoT 裝置的預期行為。下列是雲端指標,這些指標來自 AWS IoT。
## 訊息大小 (aws:message-byte-size)
訊息中的位元組數。使用此指標,以指定從裝置傳輸到 AWS IoT 的每則訊息的最大或最小大小 (以位元組為單位)。
相容於:Rules Detect \$1 ML Detect
運算子:less-than \$1 less-than-equals \$1 greater-than \$1 greater-than-equals
值:是非負整數。
單位:位元組
**Example**
```
{
"name": "Max Message Size",
"metric": "aws:message-byte-size",
"criteria": {
"comparisonOperator": "less-than-equals",
"value": {
"count": 1024
},
"consecutiveDatapointsToAlarm": 1,
"consecutiveDatapointsToClear": 1
},
"suppressAlerts": true
}
```
**Example 使用 `statisticalThreshold` 的範例**
```
{
"name": "Large Message Size",
"metric": "aws:message-byte-size",
"criteria": {
"comparisonOperator": "less-than-equals",
"statisticalThreshold": {
"statistic": "p90"
},
"durationSeconds": 300,
"consecutiveDatapointsToAlarm": 1,
"consecutiveDatapointsToClear": 1
},
"suppressAlerts": true
}
```
**Example 使用 ML Detect 的範例**
```
{
"name": "Message size ML behavior",
"metric": "aws:message-byte-size",
"criteria": {
"consecutiveDatapointsToAlarm": 1,
"consecutiveDatapointsToClear": 1,
"mlDetectionConfig": {
"confidenceLevel": "HIGH"
}
},
"suppressAlerts": true
}
```
如果在三個連續 5 分鐘的期間內,某裝置傳輸的訊息累積大小超過針對 90% 的所有其他裝置而量測的訊息累積大小,所有其他裝置會為此安全性設定檔行為進行報告,而且出現警示。
## 已傳送的訊息 (aws:num-messages-sent)
裝置在特定時段傳送的訊息數量。
使用此指標,以指定在特定時段可在每個裝置和 AWS IoT 之間傳送的最大或最小訊息數量。
相容於:Rules Detect \$1 ML Detect
運算子:less-than \$1 less-than-equals \$1 greater-than \$1 greater-than-equals
值:是非負整數。
單位:訊息
持續時間:非負整數。有效值為 300、600、900、1800 或 3600 秒。
**Example**
```
{
"name": "Out bound message count",
"metric": "aws:num-messages-sent",
"criteria": {
"comparisonOperator": "less-than-equals",
"value": {
"count": 50
},
"durationSeconds": 300,
"consecutiveDatapointsToAlarm": 1,
"consecutiveDatapointsToClear": 1
},
"suppressAlerts": true
}
```
**Example 使用 `statisticalThreshold` 的範例**
```
{
"name": "Out bound message rate",
"metric": "aws:num-messages-sent",
"criteria": {
"comparisonOperator": "less-than-equals",
"statisticalThreshold": {
"statistic": "p99"
},
"durationSeconds": 300,
"consecutiveDatapointsToAlarm": 1,
"consecutiveDatapointsToClear": 1
},
"suppressAlerts": true
}
```
**Example 使用 ML Detect 的範例**
```
{
"name": "Messages sent ML behavior",
"metric": "aws:num-messages-sent",
"criteria": {
"consecutiveDatapointsToAlarm": 1,
"consecutiveDatapointsToClear": 1,
"mlDetectionConfig": {
"confidenceLevel": "HIGH"
}
},
"suppressAlerts": true
}
```
## 已接收的訊息 (aws:num-messages-received)
裝置在特定時段接收的訊息數量。
使用此指標,以指定在特定時段可在每個裝置和 AWS IoT 之間接收的最大或最小訊息數量。
相容於:Rules Detect \$1 ML Detect
運算子:less-than \$1 less-than-equals \$1 greater-than \$1 greater-than-equals
值:是非負整數。
單位:訊息
持續時間:非負整數。有效值為 300、600、900、1800 或 3600 秒。
**Example**
```
{
"name": "In bound message count",
"metric": "aws:num-messages-received",
"criteria": {
"comparisonOperator": "less-than-equals",
"value": {
"count": 50
},
"durationSeconds": 300,
"consecutiveDatapointsToAlarm": 1,
"consecutiveDatapointsToClear": 1
},
"suppressAlerts": true
}
```
**Example 使用 `statisticalThreshold` 的範例**
```
{
"name": "In bound message rate",
"metric": "aws:num-messages-received",
"criteria": {
"comparisonOperator": "less-than-equals",
"statisticalThreshold": {
"statistic": "p99"
},
"durationSeconds": 300,
"consecutiveDatapointsToAlarm": 1,
"consecutiveDatapointsToClear": 1
},
"suppressAlerts": true
}
```
**Example 使用 ML Detect 的範例**
```
{
"name": "Messages received ML behavior",
"metric": "aws:num-messages-received",
"criteria": {
"consecutiveDatapointsToAlarm": 1,
"consecutiveDatapointsToClear": 1,
"mlDetectionConfig": {
"confidenceLevel": "HIGH"
}
},
"suppressAlerts": true
}
```
## 授權失敗 (aws:num-authorization-failures)
使用此指標,以指定允許在指定期間內用於每一裝置的最大授權失敗數。當定義從裝置到 AWS IoT 的請求時發生授權失敗,例如,如果裝置嘗試發佈到一個不具備足夠許可的主題時。
相容於:Rules Detect \$1 ML Detect
單位:失敗數
運算子:less-than \$1 less-than-equals \$1 greater-than \$1 greater-than-equals
值:是非負整數。
持續時間:非負整數。有效值為 300、600、900、1800 或 3600 秒。
**Example**
```
{
"name": "Authorization Failures",
"metric": "aws:num-authorization-failures",
"criteria": {
"comparisonOperator": "less-than",
"value": {
"count": 5
},
"durationSeconds": 300,
"consecutiveDatapointsToAlarm": 1,
"consecutiveDatapointsToClear": 1
},
"suppressAlerts": true
}
```
**Example 使用 `statisticalThreshold` 的範例**
```
{
"name": "Authorization Failures",
"metric": "aws:num-authorization-failures",
"criteria": {
"comparisonOperator": "less-than-equals",
"statisticalThreshold": {
"statistic": "p50"
},
"durationSeconds": 300,
"consecutiveDatapointsToAlarm": 1,
"consecutiveDatapointsToClear": 1
},
"suppressAlerts": true
}
```
**Example 使用 ML Detect 的範例**
```
{
"name": "Authorization failures ML behavior",
"metric": "aws:num-authorization-failures",
"criteria": {
"consecutiveDatapointsToAlarm": 1,
"consecutiveDatapointsToClear": 1,
"mlDetectionConfig": {
"confidenceLevel": "HIGH"
}
},
"suppressAlerts": true
}
```
## 來源 IP (aws:source-ip-address)
裝置連接到 AWS IoT 的來源 IP 地址。
使用此指標來指定一組允許 (之前稱為白名單) 或拒絕 (之前稱為黑名單) 的 Classless Inter-Domain Routings (CIDR),每個裝置必須或不得連接到 AWS IoT。
相容於:Rules Detect
運算子:in-cidr-set \$1 not-in-cidr-set
值:CIDR 清單
單位:N/A
**Example**
```
{
"name": "Denied source IPs",
"metric": "aws:source-ip-address",
"criteria": {
"comparisonOperator": "not-in-cidr-set",
"value": {
"cidrs": [ "12.8.0.0/16", "15.102.16.0/24" ]
}
},
"suppressAlerts": true
}
```
## 連線嘗試次數 (aws:num-connection-attempts)
裝置已在指定時段嘗試建立連線的次數。
使用此指標來指定每個裝置的連線嘗試次數上限或下限。成功和失敗的嘗試都會列入計算。
相容於:Rules Detect \$1 ML Detect
運算子:less-than \$1 less-than-equals \$1 greater-than \$1 greater-than-equals
值:是非負整數。
單位:嘗試連線的次數
持續時間:非負整數。有效值為 300、600、900、1800 或 3600 秒。
**Example**
```
{
"name": "Connection Attempts",
"metric": "aws:num-connection-attempts",
"criteria": {
"comparisonOperator": "less-than-equals",
"value": {
"count": 5
},
"durationSeconds": 600,
"consecutiveDatapointsToAlarm": 1,
"consecutiveDatapointsToClear": 1
},
"suppressAlerts": true
}
```
**Example 使用 `statisticalThreshold` 的範例**
```
{
"name": "Connection Attempts",
"metric": "aws:num-connection-attempts",
"criteria": {
"comparisonOperator": "less-than-equals",
"statisticalThreshold": {
"statistic": "p10"
},
"durationSeconds": 300,
"consecutiveDatapointsToAlarm": 1,
"consecutiveDatapointsToClear": 1
},
"suppressAlerts": true
}
```
**Example 使用 ML Detect 的範例**
```
{
"name": "Connection attempts ML behavior",
"metric": "aws:num-connection-attempts",
"criteria": {
"consecutiveDatapointsToAlarm": 1,
"consecutiveDatapointsToClear": 1,
"mlDetectionConfig": {
"confidenceLevel": "HIGH"
}
},
"suppressAlerts": false
}
```
## 中斷連線 (aws:num-disconnects)
裝置在特定時段從 AWS IoT 中斷連線的次數。
使用此指標來指定裝置在特定時段從 AWS IoT 中斷連線的次數上限或下限。
相容於:Rules Detect \$1 ML Detect
運算子:less-than \$1 less-than-equals \$1 greater-than \$1 greater-than-equals
值:是非負整數。
單位:中斷連線數
持續時間:非負整數。有效值為 300、600、900、1800 或 3600 秒。
**Example**
```
{
"name": "Disconnections",
"metric": "aws:num-disconnects",
"criteria": {
"comparisonOperator": "less-than-equals",
"value": {
"count": 5
},
"durationSeconds": 600,
"consecutiveDatapointsToAlarm": 1,
"consecutiveDatapointsToClear": 1
},
"suppressAlerts": true
}
```
**Example 使用 `statisticalThreshold` 的範例**
```
{
"name": "Disconnections",
"metric": "aws:num-disconnects",
"criteria": {
"comparisonOperator": "less-than-equals",
"statisticalThreshold": {
"statistic": "p10"
},
"durationSeconds": 300,
"consecutiveDatapointsToAlarm": 1,
"consecutiveDatapointsToClear": 1
},
"suppressAlerts": true
}
```
**Example 使用 ML Detect 的範例**
```
{
"name": "Disconnects ML behavior",
"metric": "aws:num-disconnects",
"criteria": {
"consecutiveDatapointsToAlarm": 1,
"consecutiveDatapointsToClear": 1,
"mlDetectionConfig": {
"confidenceLevel": "HIGH"
}
},
"suppressAlerts": true
}
```
## 中斷連線持續時間 (aws:disconnect-duration)
裝置與 AWS IoT 保持中斷連線的持續時間。
使用此指標可指定裝置與 AWS IoT 保持中斷連線的最長持續時間。
相容於:Rules Detect
運算子:小於 \$1 小於等於
值:非負整數 (單位分鐘)
**Example**
```
{
"name": "DisconnectDuration",
"metric": "aws:disconnect-duration",
"criteria": {
"comparisonOperator": "less-than-equals",
"value": {
"count": 5
}
},
"suppressAlerts": true
}
```