Posted On: Sep 24, 2021

With Amazon IoT Device Defender, customers can now verify an alarm based on their investigation of detected behavior anomalies. They can verify an alarm as True positive, Benign positive, False positive, or Unknown and provide a description of their verification. Users, such as a security or operational team, can use this to manage alarms and improve response time.

Customers can view or filter Amazon IoT Device Defender Detect alarms using one of the four verification states. They can mark alarm verification states so that other members of their team can take follow-up actions (for example, performing mitigation actions on ‘True positive’ alarms, skipping ‘Benign positive’ alarms, or continuing investigation on ‘Unknown’ alarms). Additionally, they can verify an alarm as ‘False positive’ to let Amazon Web Services know that they believe Amazon IoT Device Defender identified behavior anomalies incorrectly.

Detect alarm verification states is available in all Amazon Web Services regions where Amazon IoT Device Defender is available. To learn more, see Amazon IoT Device Defender developer guide.