Notice: Running the AWS IoT Device Client will incur usage of AWS IoT services, and is likely to incur charges on your AWS account. Please refer the pricing pages for AWS IoT Core, AWS IoT Device Management, and AWS IoT Device Defender for more details.
The Device Defender feature within the AWS IoT Device Client publishes device-side metrics about the device to the cloud. You can then use the cloud-side service to identify unusual behavior that might indicate a compromised device by monitoring the behavior of your devices.
To get started with the feature you will need to set the right configuration. This consists of two parameters
enabled: Whether or not the Device Defender feature is enabled (True/False).
device-defender-interval: Defines the interval in seconds between each cycle of gathering and reporting Device Defender metrics. The client-side Device Defender feature gathers your device side metrics and posts them to the Device Defender cloud service.
$ ./aws-iot-device-client --enable-device-defender [true|false] --device-defender-interval 300
{
...
"device-defender": {
"enabled": true,
"interval": 300
}
...
}
It is important to note the interval's recommended minimum is 300 seconds, anything less than this is subject to being throttled. Starting the AWS IoT Device Client will now start the Device Defender feature. The device will begin publishing reports with all of the available device-side metrics (You can see an example report at the bottom of the link).
The rest of the functionality and interaction with Device Defender will be on the cloud-side, where you can create security profiles and alarms to monitor the metrics your device publishes. In order to learn more about the cloud side features, please refer How to use AWS IoT Device Defender detect.