CMDB classes targeted in Service Graph Connector for Microsoft Defender Endpoint
Summarize
Summarized using AI
This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.
Summary of CMDB Classes Targeted in Service Graph Connector for Microsoft Defender Endpoint
The Service Graph Connector for Microsoft Defender Endpoint enables users to integrate and periodically pull data from devices protected by Microsoft Defender for Endpoint, storing the information in tables that extend from the Configuration Item [cmdbci] table in ServiceNow.
Show less
Key Features
- Computer [cmdbcicomputer]: Attributes such as install status, name, operating system, and OS version are populated.
- IP Address [cmdbciipaddress]: Captures details like install status, IP address, and NIC.
- Network Adapter [cmdbcinetworkadapter]: Includes attributes such as MAC address and install status.
- SG-Defender Machines Related [sndefenderintegsgdefendermachinesrelated]: Collects data on agent version, device ID, exposure level, health status, and onboarding status.
- Software [cmdbcispkg]: Captures key attributes like name and version.
- Software Installation [cmdbsamswinstall]: Populates data when the Software Asset Management (SAM) application is installed.
- Software Instance [cmdbsoftwareinstance]: Includes information on installation and name.
- Windows Server [cmdbciwinserver]: Captures OS details and relationships with network adapters and IP addresses.
Key Outcomes
By utilizing the Service Graph Connector, ServiceNow customers can effectively manage their IT assets by ensuring up-to-date information about security, network configuration, and software installations, thus enhancing visibility and control over their IT environment.
When you complete setting up the connection, you can configure the integration to pull data periodically from machines utilizing the Microsoft Defender for Endpoint security solution. The data is saved in tables that extend from the Configuration item [cmdb_ci] table.
Computer [cmdb_ci_computer]
The following attributes in the Computer [cmdb_ci_computer] table are populated by collected data:
| Attribute label | Attribute name |
|---|---|
| Class | sys_class_name |
| Discovery source | discovery_source |
| Install Status | install_status |
| Name | name |
| Operating System | os |
| OS Version | os_version |
| Parent class | Relationship type | Child class |
|---|---|---|
| Computer [cmdb_ci_computer] | Owns::Owned by | IP Address [cmdb_ci_ip_address] |
| Computer [cmdb_ci_computer] | Owns::Owned by | Network Adapter [cmdb_ci_network_adapter] |
| Computer [cmdb_ci_computer] | Reference | SG-Defender Machines Related [sn_defender_integ_sg_defender_machines_related] |
| Computer [cmdb_ci_computer] | Reference | Software Installation [cmdb_sam_sw_install] |
IP Address [cmdb_ci_ip_address]
The following attributes in the IP Address [cmdb_ci_ip_address] table are populated by collected data:
| Attribute label | Attribute name |
|---|---|
| Install Status | install_status |
| IP Address | ip_address |
| IP version | ip_version |
| Name | name |
| Nic | nic |
| Parent class | Relationship type | Child class |
|---|---|---|
| IP Address [cmdb_ci_ip_address] | Reference | Network Adapter [cmdb_ci_network_adapter] |
SG-Defender Machines Related [sn_defender_integ_sg_defender_machines_related]
The following attributes in the SG-Defender Machines Related [sn_defender_integ_sg_defender_machines_related] table are populated by collected data:
| Attribute label | Attribute name |
|---|---|
| Agent Version | agent_version |
| Device Id | device_id |
| Exposure Level | exposure_level |
| First Seen | first_seen_date |
| Health Status | health_status |
| IsAadJoined | isaadjoined |
| Last Reported | last_reported |
| Managed by | managed_by |
| Onboarding Status | onboarding_status |
Network Adapter [cmdb_ci_network_adapter]
The following attributes in the Network Adapter [cmdb_ci_network_adapter] table are populated by collected data:
| Attribute label | Attribute name |
|---|---|
| Discovery source | discovery_source |
| Install Status | install_status |
| MAC Address | mac_address |
| Name | name |
| Parent class | Relationship type | Child class |
|---|---|---|
| Network Adapter [cmdb_ci_network_adapter] | Reference | Server [cmdb_ci_server] |
| Network Adapter [cmdb_ci_network_adapter] | Reference | Computer [cmdb_ci_computer] |
Software [cmdb_ci_spkg]
The following attributes in the Software [cmdb_ci_spkg] table are populated by collected data when the Software Asset Management (SAM) application isn't installed:
| Attribute label | Attribute name |
|---|---|
| Key | key |
| Name | name |
| Version | version |
| Parent class | Relationship type | Child class |
|---|---|---|
| Software [cmdb_ci_spkg] | Reference | Software Instance [cmdb_software_instance] |
Software Installation [cmdb_sam_sw_install]
The following attributes in the Software Installation [cmdb_sam_sw_install] table are populated by collected data when the SAM application is installed:
| Attribute label | Attribute name |
|---|---|
| Discovery source | discovery_source |
| Display name | display_name |
| Version | version |
Software Instance [cmdb_software_instance]
The following attributes in the Software Instance [cmdb_software_instance] table are populated by collected data when the SAM application isn't installed:
| Attribute label | Attribute name |
|---|---|
| Installed on | installed_on |
| Name | name |
| Parent class | Relationship type | Child class |
|---|---|---|
| Software Instance [cmdb_software_instance] | Reference | Server [cmdb_ci_server] |
Windows Server [cmdb_ci_win_server]
The following attributes in the Windows Server [cmdb_ci_win_server] table are populated by collected data when the SAM application isn't installed:
| Attribute label | Attribute name |
|---|---|
| Class | sys_class_name |
| Discovery source | discovery_source |
| Install Status | install_status |
| Name | name |
| Operating System | os |
| OS Version | os_version |
| Parent class | Relationship type | Child class |
|---|---|---|
| Windows Server [cmdb_ci_win_server] | Owns::Owned by | Network Adapter [cmdb_ci_network_adapter] |
| Windows Server [cmdb_ci_win_server] | Owns::Owned by | IP Address [cmdb_ci_ip_address] |
| Windows Server [cmdb_ci_win_server] | Reference | SG-Defender Machines Related [sn_defender_integ_sg_defender_machines_related] |
| Windows Server [cmdb_ci_win_server] | Reference | Software Installation [cmdb_sam_sw_install] |