Posted On: Sep 24, 2021

With AWS IoT Device Defender, customers can now verify an alarm based on their investigation of detected behavior anomalies. They can verify an alarm as True positive, Benign positive, False positive, or Unknown and provide a description of their verification. Users, such as a security or operational team, can use this to manage alarms and improve response time.

Customers can view or filter AWS IoT Device Defender Detect alarms using one of the four verification states. They can mark alarm verification states so that other members of their team can take follow-up actions (for example, performing mitigation actions on ‘True positive’ alarms, skipping ‘Benign positive’ alarms, or continuing investigation on ‘Unknown’ alarms). Additionally, they can verify an alarm as ‘False positive’ to let AWS know that they believe AWS IoT Device Defender identified behavior anomalies incorrectly.

Detect alarm verification states is available in all AWS Regions where AWS IoT Device Defender is available. To learn more, see AWS IoT Device Defender developer guide.