CMDB classes targeted in Service Graph Connector for Microsoft Defender Endpoint

  • Release version: Xanadu
  • Updated April 27, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of CMDB Classes Targeted in Service Graph Connector for Microsoft Defender Endpoint

    The Service Graph Connector for Microsoft Defender Endpoint enables integration that pulls data from machines using Microsoft Defender for Endpoint. This data is stored in tables extending from the Configuration Item [cmdbci] table, helping organizations maintain an accurate and up-to-date Configuration Management Database (CMDB).

    Show full answer Show less

    Key Features

    • Computer [cmdbcicomputer]: This table captures essential attributes such as Install Status, Name, Operating System, and OS Version.
    • IP Address [cmdbciipaddress]: Attributes include Install Status, IP Address, IP Version, and Nic.
    • Network Adapter [cmdbcinetworkadapter]: Key attributes are Install Status, MAC Address, and Discovery Source.
    • Software [cmdbcispkg]: Records details like Key, Name, and Version, particularly when the Software Asset Management (SAM) application is not installed.
    • Software Installation [cmdbsamswinstall]: Captures data when SAM is installed, including Display Name and Version.
    • Software Instance [cmdbsoftwareinstance]: Includes attributes such as Installed On and Name when SAM is not present.
    • Windows Server [cmdbciwinserver]: Gathers similar data points as the Computer class, with added relationships to Network Adapter and IP Address.

    Key Outcomes

    By utilizing the Service Graph Connector for Microsoft Defender Endpoint, customers can expect:

    • Enhanced visibility of endpoint security data within the CMDB.
    • Improved asset management and tracking through automated data collection.
    • Establishment of valuable relationships between various components such as computers, IP addresses, and network adapters.
    • Streamlined management of software and installations, facilitating compliance and inventory accuracy.

    When you complete setting up the connection, you can configure the integration to pull data periodically from machines utilizing the Microsoft Defender for Endpoint security solution. The data is saved in tables that extend from the Configuration item [cmdb_ci] table.

    Computer [cmdb_ci_computer]

    The following attributes in the Computer [cmdb_ci_computer] table are populated by collected data:
    Attribute label Attribute name
    Class sys_class_name
    Discovery source discovery_source
    Install Status install_status
    Name name
    Operating System os
    OS Version os_version
    Table 1. Relationships created for Computer
    Parent class Relationship type Child class
    Computer [cmdb_ci_computer] Owns::Owned by IP Address [cmdb_ci_ip_address]
    Computer [cmdb_ci_computer] Owns::Owned by Network Adapter [cmdb_ci_network_adapter]
    Computer [cmdb_ci_computer] Reference SG-Defender Machines Related [sn_defender_integ_sg_defender_machines_related]
    Computer [cmdb_ci_computer] Reference Software Installation [cmdb_sam_sw_install]

    IP Address [cmdb_ci_ip_address]

    The following attributes in the IP Address [cmdb_ci_ip_address] table are populated by collected data:
    Attribute label Attribute name
    Install Status install_status
    IP Address ip_address
    IP version ip_version
    Name name
    Nic nic
    Table 2. Relationship created for IP Address
    Parent class Relationship type Child class
    IP Address [cmdb_ci_ip_address] Reference Network Adapter [cmdb_ci_network_adapter]

    SG-Defender Machines Related [sn_defender_integ_sg_defender_machines_related]

    The following attributes in the SG-Defender Machines Related [sn_defender_integ_sg_defender_machines_related] table are populated by collected data:
    Attribute label Attribute name
    Agent Version agent_version
    Device Id device_id
    Exposure Level exposure_level
    First Seen first_seen_date
    Health Status health_status
    IsAadJoined isaadjoined
    Last Reported last_reported
    Managed by managed_by
    Onboarding Status onboarding_status

    Network Adapter [cmdb_ci_network_adapter]

    The following attributes in the Network Adapter [cmdb_ci_network_adapter] table are populated by collected data:
    Attribute label Attribute name
    Discovery source discovery_source
    Install Status install_status
    MAC Address mac_address
    Name name
    Table 3. Relationships created for Network Adapter
    Parent class Relationship type Child class
    Network Adapter [cmdb_ci_network_adapter] Reference Server [cmdb_ci_server]
    Network Adapter [cmdb_ci_network_adapter] Reference Computer [cmdb_ci_computer]

    Software [cmdb_ci_spkg]

    The following attributes in the Software [cmdb_ci_spkg] table are populated by collected data when the Software Asset Management (SAM) application isn't installed:
    Attribute label Attribute name
    Key key
    Name name
    Version version
    Table 4. Relationship created for Software
    Parent class Relationship type Child class
    Software [cmdb_ci_spkg] Reference Software Instance [cmdb_software_instance]

    Software Installation [cmdb_sam_sw_install]

    The following attributes in the Software Installation [cmdb_sam_sw_install] table are populated by collected data when the SAM application is installed:
    Attribute label Attribute name
    Discovery source discovery_source
    Display name display_name
    Version version

    Software Instance [cmdb_software_instance]

    The following attributes in the Software Instance [cmdb_software_instance] table are populated by collected data when the SAM application isn't installed:
    Attribute label Attribute name
    Installed on installed_on
    Name name
    Table 5. Relationship created for Software Instance
    Parent class Relationship type Child class
    Software Instance [cmdb_software_instance] Reference Server [cmdb_ci_server]

    Windows Server [cmdb_ci_win_server]

    The following attributes in the Windows Server [cmdb_ci_win_server] table are populated by collected data when the SAM application isn't installed:
    Attribute label Attribute name
    Class sys_class_name
    Discovery source discovery_source
    Install Status install_status
    Name name
    Operating System os
    OS Version os_version
    Table 6. Relationships created for Windows Server
    Parent class Relationship type Child class
    Windows Server [cmdb_ci_win_server] Owns::Owned by Network Adapter [cmdb_ci_network_adapter]
    Windows Server [cmdb_ci_win_server] Owns::Owned by IP Address [cmdb_ci_ip_address]
    Windows Server [cmdb_ci_win_server] Reference SG-Defender Machines Related [sn_defender_integ_sg_defender_machines_related]
    Windows Server [cmdb_ci_win_server] Reference Software Installation [cmdb_sam_sw_install]