Service Graph Connector for Microsoft Defender for IoT (Azure)

  • Release version: Xanadu
  • Updated January 22, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Service Graph Connector for Microsoft Defender for IoT (Azure)

    The Service Graph Connector for Microsoft Defender for IoT (Azure) integrates Microsoft Defender for IoT with the ServiceNow Operational Technology Manager application. This integration automates the import of operational technology (OT) devices and sensor appliances into the ServiceNow Configuration Management Database (CMDB), enabling better asset visibility and management of OT environments.

    Show full answer Show less

    Supported Versions

    • Supports Microsoft Defender for IoT sensor versions 22.2.3.22 and 22.2.5.9.

    Key Features

    • Guided Setup: Provides a structured sequence of tasks within ServiceNow to configure the integration efficiently.
    • CMDB Integrations Dashboard: Available through the Integration Commons for CMDB app, this dashboard offers centralized monitoring of integration status, processing results, and errors, with filtering capabilities by integration or time frame.
    • Data Mapping and Transformation: Uses the Robust Transform Engine (RTE) to map and transform data from Microsoft Defender for IoT sources into ServiceNow CMDB classes, and the Identification and Reconciliation Engine (IRE) to insert data into CMDB.
    • Scheduled Data Pulls: Enables periodic data imports from Microsoft Defender for IoT into the CMDB, ensuring up-to-date OT device information.
    • Validation of Network IDS (NIDS) Sensors: Ensures only validated sensors (not in learning mode) are eligible for device import, enhancing data accuracy.
    • Connection Management: Access integration connection details via the Common Connection Framework (CCF) through the Integration Commons for CMDB app.

    Data Integration Details

    Data from Microsoft Defender for IoT is first loaded into specific staging tables before being mapped to and inserted into a wide range of CMDB tables. These tables cover various device and sensor types including but not limited to:

    • OT-specific devices such as PLCs, HMIs, Industrial Sensors, and Control Modules
    • Standard IT devices such as Servers (Linux, AIX, Solaris, OSX, Windows), IP Phones, Printers, and Network Adapters
    • Specialized OT devices like RTUs, Historians, and Uninterruptible Power Supplies (UPS)

    This comprehensive mapping ensures detailed classification and accurate representation of both OT and IT assets within the ServiceNow CMDB.

    Practical Benefits for ServiceNow Customers

    • Automates the discovery and import of OT devices and sensors, reducing manual effort and improving data accuracy.
    • Enhances visibility of OT infrastructure within ServiceNow, supporting better operational and security management.
    • Facilitates ongoing synchronization with Microsoft Defender for IoT data, keeping CMDB information current.
    • Allows monitoring and troubleshooting of the integration through dedicated dashboards and connection frameworks.

    Next Steps

    • Use the guided setup to configure the connector within your ServiceNow instance.
    • Validate imported NIDS sensors to ensure readiness for device import.
    • Monitor integration status and troubleshoot issues using the CMDB Integrations Dashboard.
    • Configure periodic data pulls to maintain up-to-date OT device information in the CMDB.

    Integrate Microsoft Defender for IoT with the ServiceNow® Operational Technology Manager application to automate import of OT devices and sensor appliances.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Supported versions

    Supports Microsoft Defender for IoT sensor versions:
    • 22.2.3.22
    • 22.2.5.9

    Use cases

    You can use the Service Graph Connector for Microsoft Defender for IoT (Azure) with the ServiceNow® Operational Technology Manager application to import OT devices and sensor appliances.

    Guided setup

    The guided setup for the Service Graph Connector for Microsoft Defender for IoT (Azure) provides an organized sequence of tasks to configure the integration on your instance. To access the guided setup, see Configure guided setup.

    CMDB integrations dashboard

    The Integration Commons for CMDB store app provides a dashboard with a central view of the status, processing results, and processing errors of all installed integrations. You can see metrics for all integration runs. You can filter the view to a specific CMDB integration, a specific time duration, or a specific integration run. For more details about monitoring integrations in the CMDB Integrations Dashboard, see Integration Commons for CMDB.

    Data mapping

    Data from the Microsoft Defender for IoT (Azure) data sources is mapped and transformed into the ServiceNow CMDB Configuration Item (CI) class definitions using the Robust Transform Engine (RTE). Data is inserted into the ServiceNow CMDB using the Identification and Reconciliation Engine (IRE).

    When you complete the setup, you can configure the integration to periodically pull data from the Microsoft Defender for IoT (Azure) application.

    The following table lists the data sources included for a Microsoft Defender for IoT (Azure) project and the corresponding staging tables where the imported data is loaded.
    Table 1. Data sources and staging tables for Microsoft Defender for IoT (Azure)
    Data source Staging table
    SG-OT Azure D4IoT Devices Import SG-OT Azure D4IoT Devices Import [sn_msftd4iotazsgc_sg_ot_azure_d4iot_devices_import]
    SG-OT Azure D4IoT Sensors Import SG-OT Msft D4IoT Sensors Import [sn_msftd4iotazsgc_sg_ot_azure_d4iot_sensors_import]
    The imported data from the staging tables is then inserted into the following target tables:
    • AIX Server [cmdb_ci_aix_server]
    • Computer [cmdb_ci_computer]
    • Configuration Item [cmdb_ci]
    • DCS [cmdb_ci_ot_dcs]
    • ESX Server [cmdb_ci_esx_server]
    • EWS [cmdb_ci_ot_ews]
    • External System Metadata [cmdb_key_value_v2]
    • Game Console [cmdb_ci_game_console]
    • Handheld Computing Device [cmdb_ci_handheld_computing]
    • Historian [cmdb_ci_ot_historian]
    • HMI [cmdb_ci_ot_hmi]
    • HP-UX Server [cmdb_ci_hpux_server]
    • HVAC Equipment [cmdb_ci_hvac]
    • HyperV Server [cmdb_ci_hyper_v_server]
    • IED [cmdb_ci_ot_ied]
    • Industrial Actuator [cmdb_ci_ot_industrial_actuator]
    • Industrial Drive [cmdb_ci_ot_industrial_drive]
    • Industrial Robot [cmdb_ci_ot_industrial_robot]
    • Industrial Sensor [cmdb_ci_ot_industrial_sensor]
    • IoT Device [cmdb_ci_iot]
    • IP Address [cmdb_ci_ip_address]
    • IP Camera [cmdb_ci_ip_camera]
    • IP Firewall [cmdb_ci_ip_firewall]
    • IP Phone [cmdb_ci_ip_phone]
    • Linux Server [cmdb_ci_linux_server]
    • Netgear [cmdb_ci_netgear]
    • Network Adapter [cmdb_ci_network_adapter]
    • Network Intrusion Detection System [cmdb_ci_nids]
    • Operational Technology (OT) [cmdb_ci_ot]
    • OSX Server [cmdb_ci_osx_server]
    • OT Control Module [cmdb_ci_ot_control_module]
    • OT Control System [cmdb_ci_ot_control]
    • OT Device Details [cmdb_ot_entity]
    • OT Field Device [cmdb_ci_ot_field_device]
    • PLC [cmdb_ci_ot_plc]
    • Printer [cmdb_ci_printer]
    • RTU [cmdb_ci_ot_rtu]
    • Serial Number [cmdb_serial_number]
    • Server [cmdb_ci_server]
    • Server [cmdb_ci_server]
    • Solaris Server [cmdb_ci_solaris_server]
    • Source [sys_object_source]
    • Unix Servercmdb_ci_unix_server]
    • Uninterruptible Power Supply (UPS) [cmdb_ci_ups]
    • Wireless Access Point [cmdb_ci_wap_network]

    For more information on where data is saved when pulling data from a Microsoft Defender for IoT (Azure) project, see CMDB classes targeted.