Azure Application Security Group pattern-based discovery
Summarize
Summary of Azure Application Security Group pattern-based discovery
The Azure Application Security Group pattern-based discovery enables ServiceNow customers to automatically identify and map Azure Application Security Group resources within their cloud environments. This capability is part of the Discovery and Service Mapping Patterns application, which must be updated to the latest version for optimal functionality. It supports discovery of Azure resources including those in Azure GovCloud (US) with specific configuration.
Show less
Key Features
- Pattern Activation: The Azure Application Security Group discovery pattern is disabled by default and must be enabled. Starting with Visibility Content version 6.28.0, enabling or disabling patterns no longer counts as a customization, allowing future updates without losing settings.
- Discovery Schedule Configuration: For Azure GovCloud accounts, discovery requires using a datacenter URL when setting up Azure service accounts to properly authenticate and collect data.
- Data Population: The discovery process populates data into both CMDB and non-CMDB tables:
- Non-CMDB Data: Populated when running the Azure - Application Security Group - Extended Inventory (LP) pattern. Non-CMDB tables can be reviewed under the Azure section in ServiceNow.
- CMDB Data: Key resource details such as resource type, operational status, location, and identifiers are stored in the Cloud Resource [cmdbcicmpresource] table.
- CI Relationships: The pattern creates essential configuration item (CI) relationships to represent resource grouping, hosting, and referencing, improving the accuracy of your CMDB topology.
- Tag Discovery: Tags associated with Azure Application Security Groups are collected and stored in the Key Value [cmdbkeyvalue] table, enabling tag-based filtering and reporting.
Key Outcomes
- Automated and accurate discovery of Azure Application Security Groups enhances your CMDB completeness and reliability.
- Improved visibility into the provisioning state, operational status, and relationships of Azure security groups enables better cloud resource management and compliance tracking.
- Support for Azure GovCloud environments ensures discovery capabilities extend to government cloud deployments.
- Tag collection supports enhanced resource categorization and facilitates governance and operational workflows.
Discovery and Service Mapping Patterns finds Azure services on your cloud environment. Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.
Pattern-based discovery and mapping requirements
- Verify the Microsoft Azure discovery prerequisites
- For more information, see the prerequisites section in Microsoft Azure Cloud components discovery using patterns.
- Enable the relevant pattern
- The pattern for this service is disabled by default. Starting with Visibility Content version 6.28.0, activating or deactivating a pattern won't be considered a customization, and it will continue to receive updates. Patterns that were previously activated or deactivated will reset to the latest predefined version after upgrading while retaining the last active field value. For more information on enabling patterns, see Activate a disabled pattern.
- Configure the Discovery schedule to support GovCloud
- Discovering Azure GovCloud (US) accounts requires using a datacenter URL when setting up an Azure service account. For more information, see Set up Azure service accounts.
Discovery and Service Mapping Patterns application populates data in both CMDB and non-CMDB tables.
Data stored in non-CMDB tables
Discovery and Service Mapping Patterns application populates data in the non-CMDB table when running the Azure - Application Security Group - Extended Inventory(LP) pattern.
You can review the non-CMDB Azure tables by navigating to . You can also search the navigation filter for the specific pattern name.
| Field | Description |
|---|---|
| Location [location] | The geographical region where the resource is deployed. |
| Object Id [object_id] | The unique identifier for the resource in Azure. |
| Provisioning State [provisioning_state] | Current state of the provisioning process for the resource. |
| Resource Group [resource_group] | Name of the resource group. |
| Subscription ID [subscription_id] | The subscription ID. |
| Tenant ID [tenant_id] | The identifier for the tenant under which the resource belongs. |
| Configuration Item [configuration_item] | References the Cloud Resource [cmdb_ci_cmp_resource] table. |
Data stored in CMDB tables
Discovery and Service Mapping Patterns application populates data in the CMDB when running the Azure - Application Security Group - Extended Inventory(LP) pattern.
| Field | Description |
|---|---|
| Install Status [install_status] | Install status of the resource. Default value is Installed. |
| Location [location] | The geographical region where the resource is deployed. |
| Name [name] | The name of the resource. |
| Object ID [object_id] | The unique identifier for the resource in Azure. |
| Operational status [operational_status] | Operational status of the resource. Default value is Operational. |
| Resource type [resource_type] | Type of resource. The value is set to microsoft.network/applicationsecuritygroups. |
CI relationships
The pattern creates these relationships to support discovery.
| CI | Relationship | CI |
|---|---|---|
| Resource Group [cmdb_ci_resource_group] | Contains::Contained by | Cloud Resource [cmdb_ci_cmp_resource] |
| Cloud Resource [cmdb_ci_cmp_resource] | Hosted on::Hosts | Azure Datacenter [cmdb_ci_azure_datacenter] |
| Azure Application Security Group [cmdb_azure_application_security_group_application_security_group] | References | Cloud Resource [cmdb_ci_cmp_resource] |
Azure tag discovery
| Field | Description |
|---|---|
| Key [key] | Tag name. |
| Value [value] | Tag value. |