CMDB classes targeted in Service Graph Connector for Microsoft Defender Endpoint

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 8분

    • When you complete setting up the connection, you can configure the integration to pull data periodically from machines utilizing the Microsoft Defender for Endpoint security solution. The data is saved in tables that extend from the Configuration item [cmdb_ci] table.

    Computer [cmdb_ci_computer]

    The following attributes in the Computer [cmdb_ci_computer] table are populated by collected data:
    Attribute label Attribute name
    Class sys_class_name
    Discovery source discovery_source
    Install Status install_status
    Name name
    Operating System os
    OS Version os_version
    표 1. Relationships created for Computer
    Parent class Relationship type Child class
    Computer [cmdb_ci_computer] Owns::Owned by IP Address [cmdb_ci_ip_address]
    Computer [cmdb_ci_computer] Owns::Owned by Network Adapter [cmdb_ci_network_adapter]
    Computer [cmdb_ci_computer] Reference SG-Defender Machines Related [sn_defender_integ_sg_defender_machines_related]
    Computer [cmdb_ci_computer] Reference Software Installation [cmdb_sam_sw_install]

    IP Address [cmdb_ci_ip_address]

    The following attributes in the IP Address [cmdb_ci_ip_address] table are populated by collected data:
    Attribute label Attribute name
    Install Status install_status
    IP Address ip_address
    IP version ip_version
    Name name
    Nic nic
    표 2. Relationship created for IP Address
    Parent class Relationship type Child class
    IP Address [cmdb_ci_ip_address] Reference Network Adapter [cmdb_ci_network_adapter]

    SG-Defender Machines Related [sn_defender_integ_sg_defender_machines_related]

    The following attributes in the SG-Defender Machines Related [sn_defender_integ_sg_defender_machines_related] table are populated by collected data:
    Attribute label Attribute name
    Agent Version agent_version
    Device Id device_id
    Exposure Level exposure_level
    First Seen first_seen_date
    Health Status health_status
    IsAadJoined isaadjoined
    Last Reported last_reported
    Managed by managed_by
    Onboarding Status onboarding_status

    Network Adapter [cmdb_ci_network_adapter]

    The following attributes in the Network Adapter [cmdb_ci_network_adapter] table are populated by collected data:
    Attribute label Attribute name
    Discovery source discovery_source
    Install Status install_status
    MAC Address mac_address
    Name name
    표 3. Relationships created for Network Adapter
    Parent class Relationship type Child class
    Network Adapter [cmdb_ci_network_adapter] Reference Server [cmdb_ci_server]
    Network Adapter [cmdb_ci_network_adapter] Reference Computer [cmdb_ci_computer]

    Software [cmdb_ci_spkg]

    The following attributes in the Software [cmdb_ci_spkg] table are populated by collected data when the Software Asset Management (SAM) application isn't installed:
    Attribute label Attribute name
    Key key
    Name name
    Version version
    표 4. Relationship created for Software
    Parent class Relationship type Child class
    Software [cmdb_ci_spkg] Reference Software Instance [cmdb_software_instance]

    Software Installation [cmdb_sam_sw_install]

    The following attributes in the Software Installation [cmdb_sam_sw_install] table are populated by collected data when the SAM application is installed:
    Attribute label Attribute name
    Discovery source discovery_source
    Display name display_name
    Version version

    Software Instance [cmdb_software_instance]

    The following attributes in the Software Instance [cmdb_software_instance] table are populated by collected data when the SAM application isn't installed:
    Attribute label Attribute name
    Installed on installed_on
    Name name
    표 5. Relationship created for Software Instance
    Parent class Relationship type Child class
    Software Instance [cmdb_software_instance] Reference Server [cmdb_ci_server]

    Windows Server [cmdb_ci_win_server]

    The following attributes in the Windows Server [cmdb_ci_win_server] table are populated by collected data when the SAM application isn't installed:
    Attribute label Attribute name
    Class sys_class_name
    Discovery source discovery_source
    Install Status install_status
    Name name
    Operating System os
    OS Version os_version
    표 6. Relationships created for Windows Server
    Parent class Relationship type Child class
    Windows Server [cmdb_ci_win_server] Owns::Owned by Network Adapter [cmdb_ci_network_adapter]
    Windows Server [cmdb_ci_win_server] Owns::Owned by IP Address [cmdb_ci_ip_address]
    Windows Server [cmdb_ci_win_server] Reference SG-Defender Machines Related [sn_defender_integ_sg_defender_machines_related]
    Windows Server [cmdb_ci_win_server] Reference Software Installation [cmdb_sam_sw_install]