Attribute mapping and classification for Service Graph Connector for Microsoft Defender for IoT (Azure)
The following tables describe the attribute mapping and classification for sensors and devices.
| Payload field name | Data type | Mapped to table | Mapped to field | Description |
|---|---|---|---|---|
| id | String format: /subscriptions/<subscription-id>/provider/<provider>/locations/<location>/sites/<site>/sensor/<sensor-name> |
|
|
Unique ID for the sensor. |
| name | String | cmdb_ci_nids | name | Name of the sensor. |
| properties.hostname | String | cmdb_ci_nids | fqdn | Host name of the sensor. |
| properties.ip | String | cmdb_ci_ip_address | ip_address | IP address of the sensor. |
| properties.learningMode | Boolean | cmdb_ci_nids | False or unavailable: Life Cycle Stage (life_cycle_stage) : Operational Life Cycle Stage Status (life_cycle_stage_status): In Use True: Life Cycle Stage (life_cycle_stage) : Operational Life Cycle Stage Status (life_cycle_stage_status): Learning |
Learning mode status of the IoT sensor. |
| properties.mac | String | cmdb_ci_network_adapter | name, mac_address | MAC address of the sensor. |
| properties.sensorStatus | String | cmdb_ci_nids | connection_state | Status of the IoT sensor. |
| properties.sensorVersion | String | cmdb_ci_nids | firmware_version | Version of the IoT sensor. |
| properties.upSince_utc | Date and time as string | cmdb_ci_nids | first_discovered | Startup time. |
| properties.zone | String | cmdb_ci_nids | zone | Zone of the IoT sensor. |
| Payload field name | Data type | Mapped to table | Mapped to field | Description |
|---|---|---|---|---|
| id | String format: /subscriptions/subscription-id>/providers/<providers-id>/location/<location>/deviceGroups/<device-Group>/devices/<name-field> |
|
|
Unique ID for the device. |
| resourceGroup | (Empty) | cmdb_key_value_v2 | (Empty) | Resource group |
| tenantId | (Empty) | cmdb_key_value_v2 | (Empty) | Tenant ID |
| properties.authorizedState | String | cmdb_key_value_v2 | (Empty) | Authorized state of the device |
| properties.criticality | String | cmdb_ot_entity | business_criticality | Criticality of the device |
| properties.deviceName | String | cmdb_ci | name | Name of the device. |
| properties.deviceSubTypeDisplayName | String | cmdb_ci | sys_class_name | Device subtype display name. |
| properties.firstSeen | Date and time as string |
|
first_discovered | First time the device was seen. |
| properties.lastSeen | Date and time as string |
|
most_recent_discovery | Last time the device was seen. |
| properties.purdueLevel | String | cmdb_ot_entity | purdue_level | Purdue level of the device. |
| properties.operatingSystem.distribution | String | cmdb_ci_computer | os | OS distribution |
| properties.operatingSystem.version | String | cmdb_ci_computer | os_version | OS version |
| properties.operatingSystem.platform | String | cmdb_ci_computer | os_domain | OS platform |
| properties.operatingSystem.architecture | String | cmdb_ci_computer | os_address_width | OS architecture |
| properties.additionalFields.plcKeyState | (Empty) | cmdb_ci_ot_plc | switch_position | PLC key state |
| properties.additionalFields.plcRunState | (Empty) | cmdb_ci_ot_plc | switch_remote_mode | PLC run state |
| properties.hardware | Object | (Empty) | (Empty) | Device hardware data |
| properties.hardware.model | String | cmdb_ci | (Empty) | Hardware model |
| properties.hardware.serialNumber | String | cmdb_serial_number | serial_number | Hardware serial number |
| properties.hardware.vendor | String | cmdb_ci | manufacturer | Hardware vendor |
| properties.nics | Array of Objects | (Empty) | (Empty) | List of the device network interface cards. |
| properties.nics[{}] | Object | (Empty) | (Empty) | Network interface card properties |
| properties.nics[{}].ipv4Address | String | cmdb_ci_ip_address | ip_address | IPv4 address |
| properties.nics[{}].macAddress | String | cmdb_ci_network_adapter | name, mac | MAC Address |
| properties.slots | Array of Objects | (Empty) | (Empty) | List of the device slot in the backplane. |
| properties.slots[{}] | Object | (Empty) | (Empty) | Slot data in PLC backplane. |
| properties.slots[{}].firmwareVersion | String | cmdb_ci_ot_control_module | firmware_version | Firmware version of the slot. |
| properties.slots[{}].model | String | cmdb_ci_ot_control_module | model_id | Model of the slot. |
| properties.slots[{}].rackNumber | Integer | cmdb_ci_ot_control_module | rack_number | Rack number in the backplane |
| properties.slots[{}].serialNumber | String | cmdb_ci_ot_control_module | serial_number | Serial number of the slot. |
| properties.slots[{}].slotNumber | Integer | cmdb_ci_ot_control_module | slot_number | Slot number inside the rack. |
| properties.slots[{}].hardwareVendor | String | cmdb_ci_ot_control_module | vendor | Hardware vendor of the slot. |
| Microsoft Azure device sub type name | Microsoft Azure device type name | Operating system/firmware | NOW class | NOW table | NOW OT type |
|---|---|---|---|---|---|
| Alarm Siren | (Empty) | (Empty) | IoT device | cmdb_ci_iot | NULL |
| Alarm System | (Empty) | (Empty) | OT Control System | cmdb_ci_ot_control | OT Control System |
| ATM | (Empty) | (Empty) | IoT device | cmdb_ci_iot | NULL |
| Backup Server | (Empty) | (Empty) | Server | cmdb_ci_server | NULL |
| Barcode Scanner | (Empty) | (Empty) | IoT device | cmdb_ci_iot | NULL |
| DB Server | (Empty) | (Empty) | Server | cmdb_ci_server | NULL |
| DCS Controller | Industrial | (Empty) | DCS | cmdb_ci_ot_dcs | NULL |
| Domain Controller | (Empty) | (Empty) | Server | cmdb_ci_server | NULL |
| Door Control Panel | (Empty) | (Empty) | IoT device | cmdb_ci_iot | NULL |
| DVR | (Empty) | (Empty) | IoT device | cmdb_ci_iot | NULL |
| Elevator | (Empty) | (Empty) | IoT device | cmdb_ci_iot | NULL |
| Engineering Station | Industrial | (Empty) | EWS | cmdb_ci_ot_ews | EWS |
| Fire Alarm | (Empty) | (Empty) | IoT device | cmdb_ci_iot | NULL |
| Fire Detector | (Empty) | (Empty) | IoT device | cmdb_ci_iot | NULL |
| Firewall | (Empty) | (Empty) | IP Firewall | cmdb_ci_ip_firewall | NULL |
| Game console | (Empty) | (Empty) | Game Console | cmdb_ci_game_console | NULL |
| Historian | (Empty) | (Empty) | Historian | cmdb_ci_ot_historian | Historian |
| HMI | Industrial | (Empty) | HMI | cmdb_ci_ot_hmi | HMI |
| Humidity Sensor | (Empty) | (Empty) | IoT device | cmdb_ci_iot | NULL |
| HVAC | (Empty) | (Empty) | HVAC Equipment | cmdb_ci_hvac | NULL |
| I/O Adapter | (Empty) | (Empty) | Network Adapter | (Empty) | NA |
| IED | (Empty) | (Empty) | IED | cmdb_ci_ot_ied | ied |
| Industrial Packaging System | (Empty) | (Empty) | OT Field Device | cmdb_ci_ot_field_device | OT Field Device |
| Industrial Robot | (Empty) | (Empty) | Industrial Robot | cmdb_ci_ot_industrial_robot | Industrial Robot |
| Industrial Scale | (Empty) | (Empty) | OT Field Device | cmdb_ci_ot_field_device | OT Field Device |
| Intercom | (Empty) | (Empty) | IoT device | cmdb_ci_iot | NULL |
| IP Camera | (Empty) | (Empty) | IP Camera | cmdb_ci_ip_camera | NULL |
| IP Telephone | (Empty) | (Empty) | IP phone | cmdb_ci_ip_phone | NULL |
| Marquee | (Empty) | (Empty) | IoT device | cmdb_ci_iot | NULL |
| Meter | (Empty) | (Empty) | Industrial Sensor | cmdb_ci_ot_industrial_sensor | Industrial Sensor |
| Motion Detector | (Empty) | (Empty) | IoT device | cmdb_ci_iot | NULL |
| Multicast/Broadcast | (Empty) | (Empty) | Netgear | cmdb_ci_netgear | NULL |
| NTP Server | (Empty) | (Empty) | Server | cmdb_ci_server | NULL |
| People Counter System | (Empty) | (Empty) | IoT device | cmdb_ci_iot | NULL |
| Physical Location | (Empty) | (Empty) | (Empty) | (Empty) | NULL |
| PLC | Industrial | (Empty) | PLC | cmdb_ci_ot_plc | PLC |
| Pneumatic Device | (Empty) | (Empty) | Industrial Actuator | cmdb_ci_ot_industrial_actuator | Industrial Actuator |
| Printer | (Empty) | (Empty) | Printer | cmdb_ci_printer | NULL |
| Protocol Converter | (Empty) | (Empty) | Netgear | cmdb_ci_netgear | NULL |
| Punch Clock | (Empty) | (Empty) | IoT device | cmdb_ci_iot | NULL |
| Robot Controller | (Empty) | (Empty) | OT Control System | cmdb_ci_ot_control | OT Control System |
| Router | (Empty) | (Empty) | IP Router | cmdb_ci_ip_router | NULL |
| RTU | (Empty) | (Empty) | RTU | cmdb_ci_ot_rtu | NULL |
| Server | Server | (Empty) | Server | cmdb_ci_server | NULL |
| Servo Drive | (Empty) | (Empty) | Industrial Actuator | cmdb_ci_ot_industrial_actuator | Industrial Actuator |
| Slot | (Empty) | (Empty) | OT Control Module | cmdb_ci_ot_control_module | OT Control Module |
| Smart Light | (Empty) | (Empty) | IoT device | cmdb_ci_iot | NULL |
| Smart Phone | (Empty) | (Empty) | Handheld Computing Device | cmdb_ci_handheld_computing | NULL |
| Smart Switch | (Empty) | (Empty) | IoT device | cmdb_ci_iot | NULL |
| Smart TV | (Empty) | (Empty) | Smart Television | cmdb_ci_stv | NULL |
| Storage | (Empty) | (Empty) | Server | cmdb_ci_server | NULL |
| Switch | Network Device | (Empty) | IP Switch | cmdb_ci_ip_switch | NULL |
| Tablet | (Empty) | (Empty) | Handheld Computing Device | cmdb_ci_handheld_computing | NULL |
| Terminal Station | (Empty) | (Empty) | Computer | cmdb_ci_computer | NULL |
| Thermostat | (Empty) | (Empty) | IoT device | cmdb_ci_iot | NULL |
| Turnstile | (Empty) | (Empty) | IoT device | cmdb_ci_iot | |
| Uninterruptable Power Supply | (Empty) | (Empty) | UPS | cmdb_ci_ups | NULL |
| Variable Frequency Drive | (Empty) | (Empty) | Industrial Drive | cmdb_ci_ot_industrial_drive | Industrial Drive |
| VPN Gateway | (Empty) | (Empty) | Netgear | cmdb_ci_netgear | NULL |
| Wifi Pineapple | (Empty) | (Empty) | Netgear | cmdb_ci_netgear | NULL |
| Wireless Access Point | (Empty) | (Empty) | Wireless Access Point | cmdb_ci_wap_network | NULL |
| WLAN access point | Network Device | (Empty) | Wireless Access Point | cmdb_ci_wap_network | NULL |
| Workstation | Workstation | (Empty) | Computer | cmdb_ci_computer | NULL |
| Unknown | All | (Empty) | Operational Technology (OT) | cmdb_ci_ot | Operational Technology (OT) |
| Unclassified | Unclassified or All | (Empty) | Operational Technology (OT) | cmdb_ci_ot | Operational Technology (OT) |
| Any other type | (Empty) | (Empty) | Operational Technology (OT) | cmdb_ci_ot | Operational Technology (OT) |
| Any above type value except with designation Network and IoT | (Empty) |
|
Windows Server | cmdb_ci_linux_server | Same as when the operating system isn't present. |
| Any above type value except with designation Network and IoT | (Empty) |
|
Linux Server | cmdb_ci_linux_server | Same as when the operating system isn't present. |
| Any above type value except with designation Network and IoT | (Empty) | aix | AIX Server | cmdb_ci_aix_server | Same as when the operating system isn't present. |
| Any above type value except with designation Network and IoT | (Empty) | esx | ESX Server | cmdb_ci_esx_server | Same as when the operating system isn't present. |
| Any above type value except with designation Network and IoT | (Empty) |
|
HP-UX Server | cmdb_ci_hpux_server | Same as when the operating system isn't present. |
| Any above type value except with designation Network and IoT | (Empty) |
|
HypverV Server | cmdb_ci_hyper_v_server | Same as when the operating system isn't present. |
| Any above type value except with designation Network and IoT | (Empty) |
|
Solaris Server | cmdb_ci_solaris_server | Same as when the operating system isn't present. |
| Any above type value except with designation Network and IoT | (Empty) |
|
OSX Server | cmdb_ci_osx_server | Same as when the operating system isn't present. |
| Any above type value except with designation Network and IoT | (Empty) |
|
Unix Server | cmdb_ci_unix_server | Same as when the operating system isn't present. |
| Any above type value except with designation Network and IoT | (Empty) |
|
Base Computer class | cmdb_ci_computer | Same as when the operating system isn't present. |
| Any above type value except with designation Network and IoT | (Empty) | server | Base Server Class | cmdb_ci_server | Same as when the operating system isn't present. |