CMDB classes targeted in Service Graph Connector for Microsoft Defender Endpoint

  • Release version: Washingtondc
  • Updated April 27, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of CMDB classes targeted in Service Graph Connector for Microsoft Defender Endpoint

    The Service Graph Connector for Microsoft Defender Endpoint allows integration with ServiceNow to periodically pull security data from machines using Microsoft Defender for Endpoint. This data is stored in various CMDB tables extending from the Configuration item [cmdbci] table, enhancing visibility and management of IT assets.

    Show full answer Show less

    Key Features

    • Computer [cmdbcicomputer]: Captures attributes like Install Status, Name, Operating System, and OS Version, which are essential for asset management.
    • IP Address [cmdbciipaddress]: Gathers information such as IP Address, IP Version, and Name to maintain accurate network configurations.
    • SG-Defender Machines Related [sndefenderintegsgdefendermachinesrelated]: Tracks agent version, device ID, exposure level, and health status of machines for security insights.
    • Network Adapter [cmdbcinetworkadapter]: Records attributes including MAC Address and Install Status, linking network hardware with their respective computers.
    • Software [cmdbcispkg]: Monitors software key, name, and version for effective software asset management.
    • Software Installation [cmdbsamswinstall]: If SAM is installed, it adds details like Display Name and Version for installed software.
    • Software Instance [cmdbsoftwareinstance]: Captures installation details when SAM is not installed, ensuring visibility of all software instances.
    • Windows Server [cmdbciwinserver]: Collects similar attributes as Computer, providing a comprehensive view of server configurations.

    Key Outcomes

    By utilizing the Service Graph Connector, ServiceNow customers can expect enhanced data integrity and asset visibility across their IT landscape. The relationships established between various classes enable streamlined management of devices, networks, and software, ultimately improving security posture and operational efficiency.

    When you complete setting up the connection, you can configure the integration to pull data periodically from machines utilizing the Microsoft Defender for Endpoint security solution. The data is saved in tables that extend from the Configuration item [cmdb_ci] table.

    Computer [cmdb_ci_computer]

    The following attributes in the Computer [cmdb_ci_computer] table are populated by collected data:
    Attribute label Attribute name
    Class sys_class_name
    Discovery source discovery_source
    Install Status install_status
    Name name
    Operating System os
    OS Version os_version
    Table 1. Relationships created for Computer
    Parent class Relationship type Child class
    Computer [cmdb_ci_computer] Owns::Owned by IP Address [cmdb_ci_ip_address]
    Computer [cmdb_ci_computer] Owns::Owned by Network Adapter [cmdb_ci_network_adapter]
    Computer [cmdb_ci_computer] Reference SG-Defender Machines Related [sn_defender_integ_sg_defender_machines_related]
    Computer [cmdb_ci_computer] Reference Software Installation [cmdb_sam_sw_install]

    IP Address [cmdb_ci_ip_address]

    The following attributes in the IP Address [cmdb_ci_ip_address] table are populated by collected data:
    Attribute label Attribute name
    Install Status install_status
    IP Address ip_address
    IP version ip_version
    Name name
    Nic nic
    Table 2. Relationship created for IP Address
    Parent class Relationship type Child class
    IP Address [cmdb_ci_ip_address] Reference Network Adapter [cmdb_ci_network_adapter]

    SG-Defender Machines Related [sn_defender_integ_sg_defender_machines_related]

    The following attributes in the SG-Defender Machines Related [sn_defender_integ_sg_defender_machines_related] table are populated by collected data:
    Attribute label Attribute name
    Agent Version agent_version
    Device Id device_id
    Exposure Level exposure_level
    First Seen first_seen_date
    Health Status health_status
    IsAadJoined isaadjoined
    Last Reported last_reported
    Managed by managed_by
    Onboarding Status onboarding_status

    Network Adapter [cmdb_ci_network_adapter]

    The following attributes in the Network Adapter [cmdb_ci_network_adapter] table are populated by collected data:
    Attribute label Attribute name
    Discovery source discovery_source
    Install Status install_status
    MAC Address mac_address
    Name name
    Table 3. Relationships created for Network Adapter
    Parent class Relationship type Child class
    Network Adapter [cmdb_ci_network_adapter] Reference Server [cmdb_ci_server]
    Network Adapter [cmdb_ci_network_adapter] Reference Computer [cmdb_ci_computer]

    Software [cmdb_ci_spkg]

    The following attributes in the Software [cmdb_ci_spkg] table are populated by collected data when the Software Asset Management (SAM) application isn't installed:
    Attribute label Attribute name
    Key key
    Name name
    Version version
    Table 4. Relationship created for Software
    Parent class Relationship type Child class
    Software [cmdb_ci_spkg] Reference Software Instance [cmdb_software_instance]

    Software Installation [cmdb_sam_sw_install]

    The following attributes in the Software Installation [cmdb_sam_sw_install] table are populated by collected data when the SAM application is installed:
    Attribute label Attribute name
    Discovery source discovery_source
    Display name display_name
    Version version

    Software Instance [cmdb_software_instance]

    The following attributes in the Software Instance [cmdb_software_instance] table are populated by collected data when the SAM application isn't installed:
    Attribute label Attribute name
    Installed on installed_on
    Name name
    Table 5. Relationship created for Software Instance
    Parent class Relationship type Child class
    Software Instance [cmdb_software_instance] Reference Server [cmdb_ci_server]

    Windows Server [cmdb_ci_win_server]

    The following attributes in the Windows Server [cmdb_ci_win_server] table are populated by collected data when the SAM application isn't installed:
    Attribute label Attribute name
    Class sys_class_name
    Discovery source discovery_source
    Install Status install_status
    Name name
    Operating System os
    OS Version os_version
    Table 6. Relationships created for Windows Server
    Parent class Relationship type Child class
    Windows Server [cmdb_ci_win_server] Owns::Owned by Network Adapter [cmdb_ci_network_adapter]
    Windows Server [cmdb_ci_win_server] Owns::Owned by IP Address [cmdb_ci_ip_address]
    Windows Server [cmdb_ci_win_server] Reference SG-Defender Machines Related [sn_defender_integ_sg_defender_machines_related]
    Windows Server [cmdb_ci_win_server] Reference Software Installation [cmdb_sam_sw_install]