Azure Web Application Firewall Policy pattern-based discovery
Summarize
Summary of Azure Web Application Firewall Policy pattern-based discovery
The Azure Web Application Firewall Policy pattern-based discovery feature enables the identification and mapping of Azure services in your cloud environment. This process may require updating the Discovery and Service Mapping Patterns application from the ServiceNow Store to the latest version.
Show less
Key Features
- Pattern Activation: The pattern for Azure Web Application Firewall is disabled by default. From Visibility Content version 6.28.0 onwards, activating or deactivating this pattern will not be treated as a customization and will continue to receive updates.
- GovCloud Support: To discover Azure GovCloud accounts, it is essential to use the correct datacenter URL when configuring your Azure service account.
- Data Population: The Discovery and Service Mapping Patterns application populates data into both CMDB and non-CMDB tables, depending on the pattern being executed.
Key Outcomes
When utilizing the Azure - Web Application Firewall Policy - Extended Inventory pattern, the application captures essential data attributes such as:
- Object ID: Unique identifier for resources.
- Policy State: Current state of the web application firewall policy.
- Default Action: Indicates if the policy is in Prevention or Detection mode.
- CI Relationships: Establishes relationships between various configuration items (CIs) such as Cloud Load Balancer and Web ACL.
The pattern also collects Azure tags and stores them in the Key Value table, facilitating better resource management and organization.
Discovery and Service Mapping Patterns finds Azure services on your cloud environment. Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.
Pattern-based discovery and mapping requirements
- Verify the Microsoft Azure discovery prerequisites
- For more information, see the prerequisites section in Microsoft Azure Cloud discovery using patterns.
- Enable the relevant pattern
- The pattern for this service is disabled by default. Starting with Visibility Content version 6.28.0, activating or deactivating a pattern won't be considered a customization, and it will continue to receive updates. Patterns that were previously activated or deactivated will reset to the latest predefined version after upgrading while retaining the last active field value. For more information on enabling patterns, see Activate a disabled pattern.
- Configure the Discovery schedule to support GovCloud
- Discovering Azure GovCloud (US) accounts requires using a datacenter URL when setting up an Azure service account. For more information, see Set up Azure service accounts.
Discovery and Service Mapping Patterns application populates data in both CMDB and non-CMDB tables.
Data stored in non-CMDB tables
Discovery and Service Mapping Patterns application populates data in the non-CMDB table when running the Azure - Web Application Firewall Policy - Extended Inventory(LP) pattern.
You can review the non-CMDB Azure tables by navigating to . You can also search the navigation filter for the specific pattern name.
| Field | Description |
|---|---|
| Object Id [object_id] | The unique identifier of the resource. |
| Kind [kind] | The specific kind or variant of the resource. |
| DC Location [location] | The Azure region where the resource is deployed. |
| Resource Group [resource_group] | The name of the resource group containing the resource. |
| Subscription Id [subscription_id] | The subscription ID associated with the resource. |
| Tenant Id [tenant_id] | The Azure Active Directory tenant ID associated with the resource. |
| Provisioning State [provisioning_state] | The latest provisioning status of the resource. |
| Configuration Item [configuration_item] | References the Web ACL [cmdb_ci_web_acl] table. |
| Policy State [policy_state] | The current state of the policy applied to the resource. |
Data stored in CMDB tables
Discovery and Service Mapping Patterns application populates data in the CMDB when running the Azure - Web Application Firewall Policy - Extended Inventory(LP) pattern.
| Field | Description |
|---|---|
| Object ID [object_id] | The unique identifier of the resource. |
| Name [name] | The name of the resource. |
| Location [location] | The Azure region where the resource is deployed. |
| Default Action [default_action] | Indicates the effective operation mode of the web application firewall (WAF) policy. Possible values are allow and detect.
|
| Install Status [install_status] | Install status of the resource. Default value is Installed. |
| Operational status [operational_status] | Operational status of the resource. Default value is Operational. |
| Description [short_description] | Type of resource. The value is set to microsoft.network/applicationgatewaywebapplicationfirewallpolicies. |
CI relationships
The Azure - Web Application Firewall Policy - Extended Inventory(LP) pattern creates these relationships to support Azure Web Application Firewall Policy discovery.
| CI | Relationship | CI |
|---|---|---|
| Cloud Load Balancer [cmdb_ci_cloud_load_balancer] | Protected by::Protects | Web ACL [cmdb_ci_web_acl] |
| Resource Group [cmdb_ci_resource_group] | Contains::Contained by | Web ACL [cmdb_ci_web_acl] |
| Web ACL [cmdb_ci_web_acl] | Hosted on::Hosts | Azure Datacenter [cmdb_ci_azure_datacenter] |
| Azure Web Application Firewall - Policy [cmdb_azure_web_application_firewall_policy] | References | Web ACL [cmdb_ci_web_acl] |
Azure tag discovery
| Field | Description |
|---|---|
| Key [key] | Tag name. |
| Value [value] | Tag value. |