API Reference

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.


Lists the Device Defender security profile violations discovered during the given time period. You can use filters to limit the results to those alerts issued for a particular security profile, behavior, or thing (device).

Request Syntax

GET /violation-events?endTime=endTime&maxResults=maxResults&nextToken=nextToken&securityProfileName=securityProfileName&startTime=startTime&thingName=thingName HTTP/1.1

URI Request Parameters

The request requires the following URI parameters.


The end time for the alerts to be listed.


The maximum number of results to return at one time.

Valid Range: Minimum value of 1. Maximum value of 250.


The token for the next set of results.


A filter to limit results to those alerts generated by the specified security profile.

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [a-zA-Z0-9:_-]+


The start time for the alerts to be listed.


A filter to limit results to those alerts caused by the specified thing.

Length Constraints: Minimum length of 1. Maximum length of 128.

Request Body

The request does not have a request body.

Response Syntax

HTTP/1.1 200 Content-type: application/json { "nextToken": "string", "violationEvents": [ { "behavior": { "criteria": { "comparisonOperator": "string", "consecutiveDatapointsToAlarm": number, "consecutiveDatapointsToClear": number, "durationSeconds": number, "statisticalThreshold": { "statistic": "string" }, "value": { "cidrs": [ "string" ], "count": number, "ports": [ number ] } }, "metric": "string", "name": "string" }, "metricValue": { "cidrs": [ "string" ], "count": number, "ports": [ number ] }, "securityProfileName": "string", "thingName": "string", "violationEventTime": number, "violationEventType": "string", "violationId": "string" } ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


A token that can be used to retrieve the next set of results, or null if there are no additional results.

Type: String


The security profile violation alerts issued for this account during the given time period, potentially filtered by security profile, behavior violated, or thing (device) violating.

Type: Array of ViolationEvent objects



An unexpected error has occurred.

HTTP Status Code: 500


The request is not valid.

HTTP Status Code: 400


The rate exceeds the limit.

HTTP Status Code: 429

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: