Azure Application Security Group pattern-based discovery
Summarize
Summary of Azure Application Security Group pattern-based discovery
The Azure Application Security Group pattern-based discovery enables ServiceNow customers to identify and map Azure Application Security Groups within their cloud environment. This discovery leverages the Discovery and Service Mapping Patterns application to detect Azure services and populate configuration data into both CMDB and non-CMDB tables. Activation of the relevant pattern and appropriate configuration are essential for accurate discovery results.
Show less
Key Features
- Pattern Activation: The Azure Application Security Group discovery pattern is disabled by default. From Visibility Content version 6.28.0 onward, activating or deactivating patterns does not count as customization, allowing seamless updates after upgrades.
- Discovery Prerequisites: Microsoft Azure discovery prerequisites must be met, including configuring service accounts properly, especially for Azure GovCloud (US), which requires using a datacenter URL.
- Data Population: The discovery populates data into:
- Non-CMDB tables: When running the "Azure - Application Security Group - Extended Inventory(LP)" pattern, data is stored in non-CMDB Azure tables accessible via the ServiceNow navigation.
- CMDB tables: Data is also stored in the Cloud Resource [cmdbcicmpresource] table, representing the discovered Azure Application Security Group as a configuration item.
- Key Fields Captured: Important resource details include geographical location, object ID, provisioning state, resource group, subscription ID, tenant ID, install and operational status, and resource type.
- CI Relationships: The pattern establishes relationships supporting discovery, such as linking Application Security Groups to Resource Groups, Azure Datacenters, and Cloud Resources.
- Tag Discovery: Azure tags are gathered and stored in the Key Value [cmdbkeyvalue] table, enabling enhanced metadata management with tag names and values.
Practical Benefits
By implementing this pattern, ServiceNow customers can maintain an up-to-date and detailed inventory of Azure Application Security Groups within their CMDB. This improves visibility into Azure network security configurations, supports compliance and operational management, and integrates seamlessly with existing discovery and service mapping processes. Proper activation and configuration ensure that discovery runs efficiently and that data remains current following application upgrades.
Discovery and Service Mapping Patterns finds Azure services on your cloud environment. Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.
Pattern-based discovery and mapping requirements
- Verify the Microsoft Azure discovery prerequisites
- For more information, see the prerequisites section in Microsoft Azure Cloud components discovery using patterns.
- Enable the relevant pattern
- The pattern for this service is disabled by default. Starting with Visibility Content version 6.28.0, activating or deactivating a pattern won't be considered a customization, and it will continue to receive updates. Patterns that were previously activated or deactivated will reset to the latest predefined version after upgrading while retaining the last active field value. For more information on enabling patterns, see Activate a disabled pattern.
- Configure the Discovery schedule to support GovCloud
- Discovering Azure GovCloud (US) accounts requires using a datacenter URL when setting up an Azure service account. For more information, see Set up Azure service accounts.
Discovery and Service Mapping Patterns application populates data in both CMDB and non-CMDB tables.
Data stored in non-CMDB tables
Discovery and Service Mapping Patterns application populates data in the non-CMDB table when running the Azure - Application Security Group - Extended Inventory(LP) pattern.
You can review the non-CMDB Azure tables by navigating to . You can also search the navigation filter for the specific pattern name.
| Field | Description |
|---|---|
| Location [location] | The geographical region where the resource is deployed. |
| Object Id [object_id] | The unique identifier for the resource in Azure. |
| Provisioning State [provisioning_state] | Current state of the provisioning process for the resource. |
| Resource Group [resource_group] | Name of the resource group. |
| Subscription ID [subscription_id] | The subscription ID. |
| Tenant ID [tenant_id] | The identifier for the tenant under which the resource belongs. |
| Configuration Item [configuration_item] | References the Cloud Resource [cmdb_ci_cmp_resource] table. |
Data stored in CMDB tables
Discovery and Service Mapping Patterns application populates data in the CMDB when running the Azure - Application Security Group - Extended Inventory(LP) pattern.
| Field | Description |
|---|---|
| Install Status [install_status] | Install status of the resource. Default value is Installed. |
| Location [location] | The geographical region where the resource is deployed. |
| Name [name] | The name of the resource. |
| Object ID [object_id] | The unique identifier for the resource in Azure. |
| Operational status [operational_status] | Operational status of the resource. Default value is Operational. |
| Resource type [resource_type] | Type of resource. The value is set to microsoft.network/applicationsecuritygroups. |
CI relationships
The pattern creates these relationships to support discovery.
| CI | Relationship | CI |
|---|---|---|
| Resource Group [cmdb_ci_resource_group] | Contains::Contained by | Cloud Resource [cmdb_ci_cmp_resource] |
| Cloud Resource [cmdb_ci_cmp_resource] | Hosted on::Hosts | Azure Datacenter [cmdb_ci_azure_datacenter] |
| Azure Application Security Group [cmdb_azure_application_security_group_application_security_group] | References | Cloud Resource [cmdb_ci_cmp_resource] |
Azure tag discovery
| Field | Description |
|---|---|
| Key [key] | Tag name. |
| Value [value] | Tag value. |