Azure Firewall Network Security pattern-based discovery

  • Release version: Xanadu
  • Updated June 16, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Azure Firewall Network Security pattern-based discovery

    The Azure Firewall Network Security pattern-based discovery feature in ServiceNow helps discover and map Azure Firewall resources within your cloud environment. This capability is part of the Discovery and Service Mapping Patterns application, enabling detailed inventory and relationship data to be populated both in the CMDB and non-CMDB tables. It supports organizations managing Azure Firewall resources by providing comprehensive visibility into firewall configurations and statuses.

    Show full answer Show less

    Key Features

    • Pattern Activation: The Azure Firewall pattern is disabled by default and requires activation. Starting from Visibility Content version 6.28.0, toggling patterns no longer counts as customization, allowing automatic updates while retaining last active settings.
    • Azure GovCloud Support: Discovery of Azure GovCloud (US) accounts requires configuring the Azure service account with the appropriate datacenter URL to ensure proper data collection.
    • Data Storage: The discovery process populates essential Azure Firewall data into both CMDB and non-CMDB tables:
      • Non-CMDB Table [cmdbazurenetworksecurityazurefirewall]: Stores resource-specific information such as object ID, kind, location, resource group, subscription and tenant IDs, provisioning state, firewall policy, and service tier.
      • CMDB Table [cmdbcicmpresource]: Contains core configuration item details including object ID, name, location, installation and operational status, and resource type set as microsoft.network/azurefirewalls.
    • CI Relationships: The pattern establishes relationships linking Azure Firewall resources to their resource groups, datacenters, and associated cloud resources, enhancing CMDB data integrity and traceability.
    • Tag Collection: Tags applied to Azure Firewall resources are collected and stored in the Key Value [cmdbkeyvalue] table, capturing tag names and values for additional context and filtering.

    Practical Implications for ServiceNow Customers

    By enabling this discovery pattern, ServiceNow customers gain accurate and up-to-date inventory of Azure Firewall resources, including their configurations and operational states. This facilitates improved security posture management, compliance tracking, and operational efficiency. Additionally, the automatic handling of pattern activation and updates reduces maintenance overhead.

    Customers managing Azure GovCloud environments should ensure proper service account configuration to enable successful discovery.

    Overall, this solution helps maintain a reliable CMDB with detailed Azure Firewall data and relationships, supporting downstream ITSM and security processes.

    Discovery and Service Mapping Patterns finds Azure services on your cloud environment. Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.

    Pattern-based discovery and mapping requirements

    Verify the Microsoft Azure discovery prerequisites
    For more information, see the prerequisites section in Microsoft Azure Cloud components discovery using patterns.
    Enable the relevant pattern
    The pattern for this service is disabled by default. Starting with Visibility Content version 6.28.0, activating or deactivating a pattern won't be considered a customization, and it will continue to receive updates. Patterns that were previously activated or deactivated will reset to the latest predefined version after upgrading while retaining the last active field value. For more information on enabling patterns, see Activate a disabled pattern.
    Configure the Discovery schedule to support GovCloud
    Discovering Azure GovCloud (US) accounts requires using a datacenter URL when setting up an Azure service account. For more information, see Set up Azure service accounts.

    Discovery and Service Mapping Patterns application populates data in both CMDB and non-CMDB tables.

    Data stored in non-CMDB tables

    Discovery and Service Mapping Patterns application populates data in the non-CMDB table when running the Azure - Network Security Azure Firewall - Extended Inventory(LP) pattern.

    You can review the non-CMDB Azure tables by navigating to All > Configuration > Azure. You can also search the navigation filter for the specific pattern name.

    Table 1. Azure Network Security - Azure Firewall [cmdb_azure_network_security_azure_firewall]
    Field Description
    Object Id [object_id] The unique identifier of the resource.
    Kind [kind] The specific resource kind or sub-type (if applicable).
    DC Location [location] The Azure region where the resource is deployed.
    Resource Group [resource_group] The name of the Azure Resource Group containing the resource.
    Subscription Id [subscription_id] The identifier of the Azure subscription hosting the resource.
    Tenant Id [tenant_id] The identifier for the Azure Active Directory tenant.
    Provisioning State [provisioning_state] The current lifecycle state of the resource. For example: Succeeded or Updating.
    Configuration Item [configuration_item] References the Cloud Resource [cmdb_ci_cmp_resource] table.
    Firewall Policy [firewall_policy] The identifier or reference to the firewall policy applied to the Azure Firewall resource.
    Tier [tier] The service or performance tier assigned to the resource.

    Data stored in CMDB tables

    Discovery and Service Mapping Patterns application populates data in the CMDB when running the Azure - Network Security Azure Firewall - Extended Inventory(LP) pattern.

    Table 2. Cloud Resource [cmdb_ci_cmp_resource]
    Field Description
    Object ID [object_id] The unique identifier of the resource.
    Name [name] The name assigned to the resource.
    Location [location] The Azure region where the resource is deployed.
    Install Status [install_status] Install status of the resource. Default value is Installed.
    Operational status [operational_status] Operational status of the resource. Default value is Operational.
    Resource type [resource_type] Type of resource. The value is set to microsoft.network/azurefirewalls.

    CI relationships

    The Azure - Network Security Azure Firewall - Extended Inventory(LP) pattern creates these relationships to support Azure Firewall Network Security discovery.

    CI Relationship CI
    Resource Group [cmdb_ci_resource_group] Contains::Contained by Cloud Resource [cmdb_ci_cmp_resource]
    Cloud Resource [cmdb_ci_cmp_resource] Hosted on::Hosts Azure Datacenter [cmdb_ci_azure_datacenter]
    Azure Network Security - Azure Firewall [cmdb_azure_network_security_azure_firewall] References Cloud Resource [cmdb_ci_cmp_resource]

    Azure tag discovery

    The pattern collects tags and populates them in the Key Value [cmdb_key_value] table.
    Table 3. Key Value [cmdb_key_value]
    Field Description
    Key [key] Tag name.
    Value [value] Tag value.