azure / azure-iot-security Goto Github PK

Secure Azure IoT solutions end to end

License: MIT License

PowerShell 78.20% Shell 21.80%

azure-iot-security's Introduction

Azure Defender for IoT

Samples repository

Azure Defender for IoT provides reference architecture for security agents that log, process, aggregate, and send security data through IoT Hub. Azure IoT security agents are designed to work in a constrained IoT environment, and are highly customizable in terms of values they provide when compared to the resources they consume.

Security agents support the following IoT solution features:

Collect raw security events from the underlying OS (Linux, Windows). To learn more about available security data collectors, see Configure security agents.
Aggregate raw security events into messages sent through IoT hub.
Authenticate with existing device identity, or a dedicated module identity. See Security agent authentication methods to learn more.
Configure remotely through use of the azureiotsecurity module twin. To learn more, see Configure security agents.

In this repository, you'll find useful scripts and snippets to get you started with Azure Defender for IoT.

security_message - supported security event types, event schemas and event samples
securty_module_twin - security agent configuration through IoT Hub module twin, twin schema, defaults, and automation scripts
trigger_events - scripts to imitate malicious activity on an IoT device, in order to test and validate security agent proper behavior

Learn more about:

Azure Defender for IoT security agents
Azure Defender for IoT security agent reference architecture for C, on Github
Azure Defender for IoT security agent reference architecture for C#, on Github

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.

When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

azure-iot-security's People

Contributors

Stargazers

Watchers

Forkers

ujjwalmsft llukov amih90 danielkriger digitalarche galmoshe mohawk2 amalgireesh fmorumbasi kfbehar mbrg isabella232 kfabryczny rhadi2005 cleanmgr112 sourcecodecheck

azure-iot-security's Issues

azureiotsecurity 1.0.6: security vulnerabilities in Debian 9.13 base image

There are some critical and high CVEs detected in the Debian 9.13 base image used to build mcr.microsoft.com/ascforiot/azureiotsecurity:1.0.6. Can this be rebuilt with Debian 11 LTS to reduce the security vulnerabilities? There are still some critical and high security vulnerabilities from 2021 detected in Debian 11 base image, but the older CVEs have been addressed. This image was scanned with Trivy, as well as the Debian 11.0 image; see attached results.
azureiotsecurity_1_0_6_trivy_results.zip

IotSecurity for iot edge module

Hi,
I've installed the security module on my iot edge devices so the module version available on the azure market place.

It's seems like it's working fine. I get events in the security overview and logs workspace. I'm using the default configuration.

In the logs, im able to see the security events and alerts, but I can find where are all the snapshot (OS, harwarde, systeminfo, etc)

Moreover, there is this warning often in the module logs :

09/2020 05:58:55 | CorrelationId: acc70679-8141-47e1-83cb-3b1393750f2f | Warning: Process exited with error: /bin/bash -c "chroot /host ausearch -m USER_AUTH,USER_LOGIN --input-logs --checkpoint /var/tmp/UserLoginEventGeneratorCheckpoint", exitcode=10, message=

So where can I find all the snapshots event ?
And is there something to fix about the warning ?

Use DTDL v2 to define schemas

Wondering if there is any intent to use DTDL v2 to define schemas for telemetry messages and twins.

This repo is missing important files

There are important files that Microsoft projects should all have that are not present in this repository. A pull request has been opened to add the missing file(s). When the pr is merged this issue will be closed automatically.

Microsoft teams can learn more about this effort and share feedback within the open source guidance available internally.

Merge this pull request

Module cannot connect to edgeHub

Since recently the security IoT Edge module stopped working on one specific device. The module cannot connect to the edgeHub any more. Everything else works fine on this device especially all the other modules can connect to edgeHub and send data to IoT Hub. Also on another device the same configuration works fine including the security module. The debug logs of the security module look like this:

08/31/2020 08:03:59 | CorrelationId: 8621917e-5ac9-49f9-8730-0a8822b1f7a6 | Information: Agent is initializing...
08/31/2020 08:03:59 | CorrelationId: 8621917e-5ac9-49f9-8730-0a8822b1f7a6 | Information: Using Delayed start to allow EdgeHub module to complete initialization.
08/31/2020 08:04:09 | CorrelationId: 8621917e-5ac9-49f9-8730-0a8822b1f7a6 | Debug: Gateway Host: w120edgelinuxsimatic1
08/31/2020 08:04:09 | CorrelationId: 8621917e-5ac9-49f9-8730-0a8822b1f7a6 | Debug: EdgeHub IP: 172.18.0.2
08/31/2020 08:04:09 | CorrelationId: 8621917e-5ac9-49f9-8730-0a8822b1f7a6 | Debug: Module Id: azureiotsecurity
08/31/2020 08:04:09 | CorrelationId: 8621917e-5ac9-49f9-8730-0a8822b1f7a6 | Debug: Adding hosts mapping: 172.18.0.2 w120edgelinuxsimatic1
08/31/2020 08:04:09 | CorrelationId: 8621917e-5ac9-49f9-8730-0a8822b1f7a6 | Information: Verifiying EdgeHub is reachable using Amqp
08/31/2020 08:04:09 | CorrelationId: 8621917e-5ac9-49f9-8730-0a8822b1f7a6 | Debug: Checking connection: w120edgelinuxsimatic1:5671
08/31/2020 08:06:20 | CorrelationId: 8621917e-5ac9-49f9-8730-0a8822b1f7a6 | Debug: Error: Unable To Reach: w120edgelinuxsimatic1:5671
08/31/2020 08:06:20 | CorrelationId: 8621917e-5ac9-49f9-8730-0a8822b1f7a6 | Debug: Checking connection: w120edgelinuxsimatic1:443
08/31/2020 08:08:31 | CorrelationId: 8621917e-5ac9-49f9-8730-0a8822b1f7a6 | Debug: Error: Unable To Reach: w120edgelinuxsimatic1:443
08/31/2020 08:08:31 | CorrelationId: 8621917e-5ac9-49f9-8730-0a8822b1f7a6 | Fatal: Edgehub unreachable using Amqp. Terminating Module
08/31/2020 08:08:31 | CorrelationId: f3054c41-e6cd-494b-877c-c5f25b66af22 | Information: On stop Cancellation was requested, Disposing...
08/31/2020 08:08:43 | CorrelationId: 8dafcbf0-adc3-433b-b9ab-dbde3179e7ac | Information: Agent is initializing...
08/31/2020 08:08:44 | CorrelationId: 8dafcbf0-adc3-433b-b9ab-dbde3179e7ac | Information: Using Delayed start to allow EdgeHub module to complete initialization.
08/31/2020 08:08:54 | CorrelationId: 8dafcbf0-adc3-433b-b9ab-dbde3179e7ac | Debug: Gateway Host: w120edgelinuxsimatic1
08/31/2020 08:08:54 | CorrelationId: 8dafcbf0-adc3-433b-b9ab-dbde3179e7ac | Debug: EdgeHub IP: 172.18.0.2
08/31/2020 08:08:54 | CorrelationId: 8dafcbf0-adc3-433b-b9ab-dbde3179e7ac | Debug: Module Id: azureiotsecurity
08/31/2020 08:08:54 | CorrelationId: 8dafcbf0-adc3-433b-b9ab-dbde3179e7ac | Debug: Adding hosts mapping: 172.18.0.2 w120edgelinuxsimatic1
08/31/2020 08:08:54 | CorrelationId: 8dafcbf0-adc3-433b-b9ab-dbde3179e7ac | Information: Verifiying EdgeHub is reachable using Amqp
08/31/2020 08:08:54 | CorrelationId: 8dafcbf0-adc3-433b-b9ab-dbde3179e7ac | Debug: Checking connection: w120edgelinuxsimatic1:5671
08/31/2020 08:11:04 | CorrelationId: 8dafcbf0-adc3-433b-b9ab-dbde3179e7ac | Debug: Error: Unable To Reach: w120edgelinuxsimatic1:5671
08/31/2020 08:11:04 | CorrelationId: 8dafcbf0-adc3-433b-b9ab-dbde3179e7ac | Debug: Checking connection: w120edgelinuxsimatic1:443
08/31/2020 08:13:15 | CorrelationId: 8dafcbf0-adc3-433b-b9ab-dbde3179e7ac | Debug: Error: Unable To Reach: w120edgelinuxsimatic1:443
08/31/2020 08:13:15 | CorrelationId: 8dafcbf0-adc3-433b-b9ab-dbde3179e7ac | Fatal: Edgehub unreachable using Amqp. Terminating Module
08/31/2020 08:13:15 | CorrelationId: 298a08d2-9c3b-4b8e-9d89-ef780e8c0d5e | Information: On stop Cancellation was requested, Disposing...
08/31/2020 08:13:41 | CorrelationId: f237b898-262a-4673-9e12-239560f2edc5 | Information: Agent is initializing...
08/31/2020 08:13:41 | CorrelationId: f237b898-262a-4673-9e12-239560f2edc5 | Information: Using Delayed start to allow EdgeHub module to complete initialization.
08/31/2020 08:13:51 | CorrelationId: f237b898-262a-4673-9e12-239560f2edc5 | Debug: Gateway Host: w120edgelinuxsimatic1
08/31/2020 08:13:51 | CorrelationId: f237b898-262a-4673-9e12-239560f2edc5 | Debug: EdgeHub IP: 172.18.0.2
08/31/2020 08:13:51 | CorrelationId: f237b898-262a-4673-9e12-239560f2edc5 | Debug: Module Id: azureiotsecurity
08/31/2020 08:13:51 | CorrelationId: f237b898-262a-4673-9e12-239560f2edc5 | Debug: Adding hosts mapping: 172.18.0.2 w120edgelinuxsimatic1
08/31/2020 08:13:51 | CorrelationId: f237b898-262a-4673-9e12-239560f2edc5 | Information: Verifiying EdgeHub is reachable using Amqp
08/31/2020 08:13:51 | CorrelationId: f237b898-262a-4673-9e12-239560f2edc5 | Debug: Checking connection: w120edgelinuxsimatic1:5671
08/31/2020 08:16:01 | CorrelationId: f237b898-262a-4673-9e12-239560f2edc5 | Debug: Error: Unable To Reach: w120edgelinuxsimatic1:5671
08/31/2020 08:16:01 | CorrelationId: f237b898-262a-4673-9e12-239560f2edc5 | Debug: Checking connection: w120edgelinuxsimatic1:443
08/31/2020 08:18:12 | CorrelationId: f237b898-262a-4673-9e12-239560f2edc5 | Debug: Error: Unable To Reach: w120edgelinuxsimatic1:443
08/31/2020 08:18:12 | CorrelationId: f237b898-262a-4673-9e12-239560f2edc5 | Fatal: Edgehub unreachable using Amqp. Terminating Module

I tried the following:

Restart the security deamon
Restart edge service
Restart edgeHub and edgeAgent
Recreate edgeHub docker container

We are currently on version 1.0.9.4 of edgeHub and edgeAgent.

Are there any ideas what I can try to solve the issue?

Query: Why there is no support from Microsoft on any of it's own repositories

I am using microsoft azure portal for IoT development. I had many expectation when I opted for it. However , now I am realising that I must have gone with AWS as there is lot of technical support and clear documentation. I feel stuck everytime when I am trying to implement anything new.

I know this is not the right platform to talk this, however after seeing all the unanswered issues. I couldn't stop. I will also email this to [email protected]

Just wondering Why there is no support from Microsoft on any of it's own git repositories?

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.