Service Graph Connector for Microsoft Defender for IoT (On-premises Management Console)

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Service Graph Connector for Microsoft Defender for IoT (On-premises Management Console)

    The Service Graph Connector for Microsoft Defender for IoT (On-premises Management Console) enables integration between Microsoft Defender for IoT and the ServiceNow® Operational Technology Manager application. This integration automates the import of sensor appliances, OT devices, and network connections into the ServiceNow Configuration Management Database (CMDB), helping streamline asset and network visibility within your operational technology environment.

    Show full answer Show less

    The connector supports Microsoft Defender for IoT version 10.5.2 or later and is designed to facilitate continuous data synchronization between the on-premises IoT security console and ServiceNow.

    Key Features

    • Guided Setup: Provides a structured sequence of configuration tasks to easily deploy and configure the integration within your ServiceNow instance.
    • CMDB Integrations Dashboard: Available through the Integration Commons for CMDB Store app, this dashboard offers centralized monitoring of integration status, processing results, and errors, with filtering capabilities by integration, time, or run.
    • Data Mapping and Transformation: Uses the Robust Transform Engine (RTE) to map and transform Microsoft Defender for IoT data into ServiceNow CMDB Configuration Item (CI) classes, and the Identification and Reconciliation Engine (IRE) to insert data accurately into the CMDB.
    • Data Sources and Staging Tables: Imports data from Microsoft Defender for IoT connections, devices, and sensors into specific staging tables, which are then processed into target CMDB tables representing a wide range of device types and operational technology components.
    • Periodic Data Pulls: Configurable to regularly import updated data from Microsoft Defender for IoT projects, ensuring your CMDB remains current with the latest OT environment information.

    Practical Use and CMDB Impact

    Once configured, the integration imports detailed information about OT sensors, devices, and network connections into ServiceNow’s CMDB tables. These tables cover various asset types such as servers, industrial devices (PLCs, RTUs, HMIs), network equipment, and IoT devices, enabling comprehensive operational technology asset management.

    This up-to-date visibility supports better operational decision-making, risk management, and incident response within your enterprise OT infrastructure.

    Next Steps for ServiceNow Customers

    • Use the Guided Setup to implement the connector quickly and correctly.
    • Monitor integration health and data processing through the CMDB Integrations Dashboard.
    • Review and understand the CMDB classes targeted by the integration to align imported data with your asset management processes.
    • Leverage attribute mapping and classification details to customize or extend the integration as needed to fit your environment.

    Integrate Microsoft Defender for IoT (On-premises Management Console) with the ServiceNow® Operational Technology Manager application to automate import of sensor appliances, OT devices, and network connections.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Supported versions

    Microsoft Defender for IoT (On-premises Management Console) version: 10.5.2  or later

    Use cases

    You can use the Service Graph Connector for Microsoft Defender for IoT (On-premises Management Console) with the ServiceNow® Operational Technology Manager application to import sensor appliances, OT devices, and network connections.

    Guided setup

    The guided setup for the Service Graph Connector for Microsoft Defender for IoT (On-premises Management Console) provides an organized sequence of tasks to configure the integration on your instance. To access the guided setup, see Configure guided setup.

    CMDB integrations dashboard

    The Integration Commons for CMDB store app provides a dashboard with a central view of the status, processing results, and processing errors of all installed integrations. You can see metrics for all integration runs. You can filter the view to a specific CMDB integration, a specific time duration, or a specific integration run. For more details about monitoring integrations in the CMDB Integrations Dashboard, see Integration Commons for CMDB.

    Data mapping

    Data from the Microsoft Defender for IoT (On-premises Management Console) data sources is mapped and transformed into the ServiceNow CMDB Configuration Item (CI) class definitions using the Robust Transform Engine (RTE). Data is inserted into the ServiceNow CMDB using the Identification and Reconciliation Engine (IRE).

    When you complete the setup, you can configure the integration to periodically pull data from the Microsoft Defender for IoT (On-premises Management Console) application.

    The following table lists the data sources included for a Microsoft Defender for IoT (On-premises Management Console) project and the corresponding staging tables where the imported data is loaded.
    Table 1. Data sources and staging tables for Microsoft Defender for IoT (On-premises Management Console)
    Data source Staging table
    SG-OT Microsoft D4IoT Connections Import SG-OT Msft D4IoT Connections Import [sn_msftd4iotsgc_sg_ot_msft_d4iot_connections_import]
    SG-OT Microsoft D4IoT Devices Import SG-OT Msft D4IoT Devices Import [sn_msftd4iotsgc_sg_ot_msft_d4iot_devices_import]
    SG-OT Microsoft D4IoT Sensors Import SG-OT Msft D4IoT Sensors Import [sn_msftd4iotsgc_sg_ot_msft_d4iot_sensors_import]
    The imported data from the staging tables is then inserted into the following target tables:
    • AIX Server [cmdb_ci_aix_server]
    • Computer [cmdb_ci_computer]
    • Configuration Item [cmdb_ci]
    • DCS [cmdb_ci_ot_dcs]
    • ESX Server [cmdb_ci_esx_server]
    • EWS [cmdb_ci_ot_ews]
    • External System Metadata [cmdb_key_value_v2]
    • Game Console [cmdb_ci_game_console]
    • Handheld Computing Device [cmdb_ci_handheld_computing]
    • Historian [cmdb_ci_ot_historian]
    • HMI [cmdb_ci_ot_hmi]
    • HP-UX Server [cmdb_ci_hpux_server]
    • HVAC Equipment [cmdb_ci_hvac]
    • HyperV Server [cmdb_ci_hyper_v_server]
    • IED [cmdb_ci_ot_ied]
    • Industrial Actuator [cmdb_ci_ot_industrial_actuator]
    • Industrial Drive [cmdb_ci_ot_industrial_drive]
    • Industrial Robot [cmdb_ci_ot_industrial_robot]
    • Industrial Sensor [cmdb_ci_ot_industrial_sensor]
    • IoT Device [cmdb_ci_iot]
    • IP Address [cmdb_ci_ip_address]
    • IP Camera [cmdb_ci_ip_camera]
    • IP Firewall [cmdb_ci_ip_firewall]
    • IP Phone [cmdb_ci_ip_phone]
    • Linux Server [cmdb_ci_linux_server]
    • Netgear [cmdb_ci_netgear]
    • Network Adapter [cmdb_ci_network_adapter]
    • Network Intrusion Detection System [cmdb_ci_nids]
    • Operational Technology (OT) [cmdb_ci_ot]
    • OSX Server [cmdb_ci_osx_server]
    • OT Control Module [cmdb_ci_ot_control_module]
    • OT Control System [cmdb_ci_ot_control]
    • OT Device Details [cmdb_ot_entity]
    • OT Field Device [cmdb_ci_ot_field_device]
    • PLC [cmdb_ci_ot_plc]
    • Printer [cmdb_ci_printer]
    • RTU [cmdb_ci_ot_rtu]
    • Serial Number [cmdb_serial_number]
    • Server [cmdb_ci_server]
    • Server [cmdb_ci_server]
    • Solaris Server [cmdb_ci_solaris_server]
    • Source [sys_object_source]
    • Unix Servercmdb_ci_unix_server]
    • Uninterruptible Power Supply (UPS) [cmdb_ci_ups]
    • Wireless Access Point [cmdb_ci_wap_network]

    For more information on where data is saved when pulling data from a Microsoft Defender for IoT (On-premises Management Console) project, see CMDB classes targeted.