CMDB classes targeted in Service Graph Connector for Microsoft Defender Endpoint

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of CMDB Classes Targeted in Service Graph Connector for Microsoft Defender Endpoint

    The Service Graph Connector for Microsoft Defender Endpoint enables users to integrate and periodically pull data from devices protected by Microsoft Defender for Endpoint, storing the information in tables that extend from the Configuration Item [cmdbci] table in ServiceNow.

    Show full answer Show less

    Key Features

    • Computer [cmdbcicomputer]: Attributes such as install status, name, operating system, and OS version are populated.
    • IP Address [cmdbciipaddress]: Captures details like install status, IP address, and NIC.
    • Network Adapter [cmdbcinetworkadapter]: Includes attributes such as MAC address and install status.
    • SG-Defender Machines Related [sndefenderintegsgdefendermachinesrelated]: Collects data on agent version, device ID, exposure level, health status, and onboarding status.
    • Software [cmdbcispkg]: Captures key attributes like name and version.
    • Software Installation [cmdbsamswinstall]: Populates data when the Software Asset Management (SAM) application is installed.
    • Software Instance [cmdbsoftwareinstance]: Includes information on installation and name.
    • Windows Server [cmdbciwinserver]: Captures OS details and relationships with network adapters and IP addresses.

    Key Outcomes

    By utilizing the Service Graph Connector, ServiceNow customers can effectively manage their IT assets by ensuring up-to-date information about security, network configuration, and software installations, thus enhancing visibility and control over their IT environment.

    When you complete setting up the connection, you can configure the integration to pull data periodically from machines utilizing the Microsoft Defender for Endpoint security solution. The data is saved in tables that extend from the Configuration item [cmdb_ci] table.

    Computer [cmdb_ci_computer]

    The following attributes in the Computer [cmdb_ci_computer] table are populated by collected data:
    Attribute label Attribute name
    Class sys_class_name
    Discovery source discovery_source
    Install Status install_status
    Name name
    Operating System os
    OS Version os_version
    Table 1. Relationships created for Computer
    Parent class Relationship type Child class
    Computer [cmdb_ci_computer] Owns::Owned by IP Address [cmdb_ci_ip_address]
    Computer [cmdb_ci_computer] Owns::Owned by Network Adapter [cmdb_ci_network_adapter]
    Computer [cmdb_ci_computer] Reference SG-Defender Machines Related [sn_defender_integ_sg_defender_machines_related]
    Computer [cmdb_ci_computer] Reference Software Installation [cmdb_sam_sw_install]

    IP Address [cmdb_ci_ip_address]

    The following attributes in the IP Address [cmdb_ci_ip_address] table are populated by collected data:
    Attribute label Attribute name
    Install Status install_status
    IP Address ip_address
    IP version ip_version
    Name name
    Nic nic
    Table 2. Relationship created for IP Address
    Parent class Relationship type Child class
    IP Address [cmdb_ci_ip_address] Reference Network Adapter [cmdb_ci_network_adapter]

    SG-Defender Machines Related [sn_defender_integ_sg_defender_machines_related]

    The following attributes in the SG-Defender Machines Related [sn_defender_integ_sg_defender_machines_related] table are populated by collected data:
    Attribute label Attribute name
    Agent Version agent_version
    Device Id device_id
    Exposure Level exposure_level
    First Seen first_seen_date
    Health Status health_status
    IsAadJoined isaadjoined
    Last Reported last_reported
    Managed by managed_by
    Onboarding Status onboarding_status

    Network Adapter [cmdb_ci_network_adapter]

    The following attributes in the Network Adapter [cmdb_ci_network_adapter] table are populated by collected data:
    Attribute label Attribute name
    Discovery source discovery_source
    Install Status install_status
    MAC Address mac_address
    Name name
    Table 3. Relationships created for Network Adapter
    Parent class Relationship type Child class
    Network Adapter [cmdb_ci_network_adapter] Reference Server [cmdb_ci_server]
    Network Adapter [cmdb_ci_network_adapter] Reference Computer [cmdb_ci_computer]

    Software [cmdb_ci_spkg]

    The following attributes in the Software [cmdb_ci_spkg] table are populated by collected data when the Software Asset Management (SAM) application isn't installed:
    Attribute label Attribute name
    Key key
    Name name
    Version version
    Table 4. Relationship created for Software
    Parent class Relationship type Child class
    Software [cmdb_ci_spkg] Reference Software Instance [cmdb_software_instance]

    Software Installation [cmdb_sam_sw_install]

    The following attributes in the Software Installation [cmdb_sam_sw_install] table are populated by collected data when the SAM application is installed:
    Attribute label Attribute name
    Discovery source discovery_source
    Display name display_name
    Version version

    Software Instance [cmdb_software_instance]

    The following attributes in the Software Instance [cmdb_software_instance] table are populated by collected data when the SAM application isn't installed:
    Attribute label Attribute name
    Installed on installed_on
    Name name
    Table 5. Relationship created for Software Instance
    Parent class Relationship type Child class
    Software Instance [cmdb_software_instance] Reference Server [cmdb_ci_server]

    Windows Server [cmdb_ci_win_server]

    The following attributes in the Windows Server [cmdb_ci_win_server] table are populated by collected data when the SAM application isn't installed:
    Attribute label Attribute name
    Class sys_class_name
    Discovery source discovery_source
    Install Status install_status
    Name name
    Operating System os
    OS Version os_version
    Table 6. Relationships created for Windows Server
    Parent class Relationship type Child class
    Windows Server [cmdb_ci_win_server] Owns::Owned by Network Adapter [cmdb_ci_network_adapter]
    Windows Server [cmdb_ci_win_server] Owns::Owned by IP Address [cmdb_ci_ip_address]
    Windows Server [cmdb_ci_win_server] Reference SG-Defender Machines Related [sn_defender_integ_sg_defender_machines_related]
    Windows Server [cmdb_ci_win_server] Reference Software Installation [cmdb_sam_sw_install]