Azure Firewall Network Security pattern-based discovery

  • Release version: Yokohama
  • Updated June 16, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Azure Firewall Network Security pattern-based discovery

    Azure Firewall Network Security pattern-based discovery enables ServiceNow customers to identify and map Azure Firewall resources within their cloud environments. This discovery process leverages the Discovery and Service Mapping Patterns application, which requires verification of Azure prerequisites and enabling the relevant pattern. It supports both standard Azure environments and Azure GovCloud (US) accounts, helping maintain an accurate, up-to-date view of network security components in the Configuration Management Database (CMDB) and associated non-CMDB tables.

    Show full answer Show less

    Key Features

    • Pattern Activation: The Azure Firewall pattern is disabled by default and must be activated. Activation or deactivation no longer counts as customization and patterns reset to the latest version after upgrades, retaining the last active state.
    • Discovery Schedule Configuration: For Azure GovCloud accounts, discovery requires setup with a datacenter URL in the Azure service account configuration.
    • Data Population: The pattern populates data into both CMDB and non-CMDB tables:
      • Non-CMDB Data: Includes detailed Azure Firewall attributes such as object ID, resource kind, location, resource group, subscription and tenant IDs, provisioning state, firewall policy, and service tier.
      • CMDB Data: Captures core cloud resource information including object ID, name, location, install and operational statuses, and resource type (set as microsoft.network/azurefirewalls).
    • CI Relationships: The pattern establishes relationships linking Azure Firewall resources to resource groups, datacenters, and cloud resource configuration items to provide a comprehensive view of dependencies and hosting.
    • Tag Discovery: Azure tags associated with firewall resources are collected and stored in the Key Value table, enhancing filtering and categorization capabilities.

    Practical Benefits

    By implementing the Azure Firewall Network Security pattern, ServiceNow customers can:

    • Automatically discover and map Azure Firewall resources with accurate metadata, improving visibility into network security configurations.
    • Maintain updated and consistent CMDB and related non-CMDB tables for better asset management and compliance tracking.
    • Utilize established CI relationships to understand the resource hierarchy and hosting context within Azure.
    • Leverage tag data for enhanced resource categorization and reporting.
    • Support discovery in specialized environments such as Azure GovCloud by configuring discovery schedules appropriately.

    Discovery and Service Mapping Patterns finds Azure services on your cloud environment. Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.

    Pattern-based discovery and mapping requirements

    Verify the Microsoft Azure discovery prerequisites
    For more information, see the prerequisites section in Microsoft Azure Cloud components discovery using patterns.
    Enable the relevant pattern
    The pattern for this service is disabled by default. Starting with Visibility Content version 6.28.0, activating or deactivating a pattern won't be considered a customization, and it will continue to receive updates. Patterns that were previously activated or deactivated will reset to the latest predefined version after upgrading while retaining the last active field value. For more information on enabling patterns, see Activate a disabled pattern.
    Configure the Discovery schedule to support GovCloud
    Discovering Azure GovCloud (US) accounts requires using a datacenter URL when setting up an Azure service account. For more information, see Set up Azure service accounts.

    Discovery and Service Mapping Patterns application populates data in both CMDB and non-CMDB tables.

    Data stored in non-CMDB tables

    Discovery and Service Mapping Patterns application populates data in the non-CMDB table when running the Azure - Network Security Azure Firewall - Extended Inventory(LP) pattern.

    You can review the non-CMDB Azure tables by navigating to All > Configuration > Azure. You can also search the navigation filter for the specific pattern name.

    Table 1. Azure Network Security - Azure Firewall [cmdb_azure_network_security_azure_firewall]
    Field Description
    Object Id [object_id] The unique identifier of the resource.
    Kind [kind] The specific resource kind or sub-type (if applicable).
    DC Location [location] The Azure region where the resource is deployed.
    Resource Group [resource_group] The name of the Azure Resource Group containing the resource.
    Subscription Id [subscription_id] The identifier of the Azure subscription hosting the resource.
    Tenant Id [tenant_id] The identifier for the Azure Active Directory tenant.
    Provisioning State [provisioning_state] The current lifecycle state of the resource. For example: Succeeded or Updating.
    Configuration Item [configuration_item] References the Cloud Resource [cmdb_ci_cmp_resource] table.
    Firewall Policy [firewall_policy] The identifier or reference to the firewall policy applied to the Azure Firewall resource.
    Tier [tier] The service or performance tier assigned to the resource.

    Data stored in CMDB tables

    Discovery and Service Mapping Patterns application populates data in the CMDB when running the Azure - Network Security Azure Firewall - Extended Inventory(LP) pattern.

    Table 2. Cloud Resource [cmdb_ci_cmp_resource]
    Field Description
    Object ID [object_id] The unique identifier of the resource.
    Name [name] The name assigned to the resource.
    Location [location] The Azure region where the resource is deployed.
    Install Status [install_status] Install status of the resource. Default value is Installed.
    Operational status [operational_status] Operational status of the resource. Default value is Operational.
    Resource type [resource_type] Type of resource. The value is set to microsoft.network/azurefirewalls.

    CI relationships

    The Azure - Network Security Azure Firewall - Extended Inventory(LP) pattern creates these relationships to support Azure Firewall Network Security discovery.

    CI Relationship CI
    Resource Group [cmdb_ci_resource_group] Contains::Contained by Cloud Resource [cmdb_ci_cmp_resource]
    Cloud Resource [cmdb_ci_cmp_resource] Hosted on::Hosts Azure Datacenter [cmdb_ci_azure_datacenter]
    Azure Network Security - Azure Firewall [cmdb_azure_network_security_azure_firewall] References Cloud Resource [cmdb_ci_cmp_resource]

    Azure tag discovery

    The pattern collects tags and populates them in the Key Value [cmdb_key_value] table.
    Table 3. Key Value [cmdb_key_value]
    Field Description
    Key [key] Tag name.
    Value [value] Tag value.