Azure Firewall Network Security pattern-based discovery

  • Release version: Zurich
  • Updated June 16, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Azure Firewall Network Security pattern-based discovery

    The Azure Firewall Network Security pattern-based discovery enables ServiceNow customers to identify and map Azure Firewall resources within their cloud environment using Discovery and Service Mapping Patterns. This process helps populate both CMDB and non-CMDB tables with detailed Azure Firewall data, enhancing cloud resource visibility and management.

    Show full answer Show less

    Key Features

    • Pattern Activation: The Azure Firewall Network Security discovery pattern is disabled by default. Starting with Visibility Content version 6.28.0, enabling or disabling patterns no longer counts as customization, ensuring patterns update to the latest version after upgrades while retaining the last active status.
    • Discovery Prerequisites: Customers must verify Microsoft Azure discovery prerequisites and configure Azure service accounts properly, especially when discovering Azure GovCloud (US) accounts, which require specific datacenter URLs.
    • Data Population: The discovery pattern populates data in:
      • Non-CMDB Tables: Includes Azure Firewall-specific details such as Object ID, kind, location, resource group, subscription ID, tenant ID, provisioning state, firewall policy, and service tier.
      • CMDB Tables: Cloud Resource table records key attributes like object ID, name, location, install and operational status, and resource type (set to microsoft.network/azurefirewalls).
    • CI Relationships: The pattern establishes relationships linking Azure Firewall resources to resource groups, datacenters, and cloud resources, supporting comprehensive configuration item (CI) mapping.
    • Tag Collection: Tags applied to Azure Firewall resources are collected and stored in the Key Value table, capturing tag names and values for improved resource categorization and management.

    Practical Benefits for ServiceNow Customers

    By leveraging this discovery pattern, customers can:

    • Automatically detect and inventory Azure Firewall resources across subscriptions and regions, including GovCloud.
    • Maintain an up-to-date CMDB with detailed firewall resource attributes and their operational status.
    • Visualize and manage resource relationships to support impact analysis and change management.
    • Utilize Azure tags within ServiceNow to enhance filtering, reporting, and governance of firewall resources.

    Overall, this discovery pattern streamlines Azure Firewall visibility, enabling better cloud security posture monitoring and operational efficiency within the ServiceNow platform.

    Discovery and Service Mapping Patterns finds Azure services on your cloud environment. Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.

    Pattern-based discovery and mapping requirements

    Verify the Microsoft Azure discovery prerequisites
    For more information, see the prerequisites section in Microsoft Azure Cloud discovery using patterns.
    Enable the relevant pattern
    The pattern for this service is disabled by default. Starting with Visibility Content version 6.28.0, activating or deactivating a pattern won't be considered a customization, and it will continue to receive updates. Patterns that were previously activated or deactivated will reset to the latest predefined version after upgrading while retaining the last active field value. For more information on enabling patterns, see Activate a disabled pattern.
    Configure the Discovery schedule to support GovCloud
    Discovering Azure GovCloud (US) accounts requires using a datacenter URL when setting up an Azure service account. For more information, see Set up Azure service accounts.

    Discovery and Service Mapping Patterns application populates data in both CMDB and non-CMDB tables.

    Data stored in non-CMDB tables

    Discovery and Service Mapping Patterns application populates data in the non-CMDB table when running the Azure - Network Security Azure Firewall - Extended Inventory(LP) pattern.

    You can review the non-CMDB Azure tables by navigating to All > Configuration > Azure. You can also search the navigation filter for the specific pattern name.

    Table 1. Azure Network Security - Azure Firewall [cmdb_azure_network_security_azure_firewall]
    Field Description
    Object Id [object_id] The unique identifier of the resource.
    Kind [kind] The specific resource kind or sub-type (if applicable).
    DC Location [location] The Azure region where the resource is deployed.
    Resource Group [resource_group] The name of the Azure Resource Group containing the resource.
    Subscription Id [subscription_id] The identifier of the Azure subscription hosting the resource.
    Tenant Id [tenant_id] The identifier for the Azure Active Directory tenant.
    Provisioning State [provisioning_state] The current lifecycle state of the resource. For example: Succeeded or Updating.
    Configuration Item [configuration_item] References the Cloud Resource [cmdb_ci_cmp_resource] table.
    Firewall Policy [firewall_policy] The identifier or reference to the firewall policy applied to the Azure Firewall resource.
    Tier [tier] The service or performance tier assigned to the resource.

    Data stored in CMDB tables

    Discovery and Service Mapping Patterns application populates data in the CMDB when running the Azure - Network Security Azure Firewall - Extended Inventory(LP) pattern.

    Table 2. Cloud Resource [cmdb_ci_cmp_resource]
    Field Description
    Object ID [object_id] The unique identifier of the resource.
    Name [name] The name assigned to the resource.
    Location [location] The Azure region where the resource is deployed.
    Install Status [install_status] Install status of the resource. Default value is Installed.
    Operational status [operational_status] Operational status of the resource. Default value is Operational.
    Resource type [resource_type] Type of resource. The value is set to microsoft.network/azurefirewalls.

    CI relationships

    The Azure - Network Security Azure Firewall - Extended Inventory(LP) pattern creates these relationships to support Azure Firewall Network Security discovery.

    CI Relationship CI
    Resource Group [cmdb_ci_resource_group] Contains::Contained by Cloud Resource [cmdb_ci_cmp_resource]
    Cloud Resource [cmdb_ci_cmp_resource] Hosted on::Hosts Azure Datacenter [cmdb_ci_azure_datacenter]
    Azure Network Security - Azure Firewall [cmdb_azure_network_security_azure_firewall] References Cloud Resource [cmdb_ci_cmp_resource]

    Azure tag discovery

    The pattern collects tags and populates them in the Key Value [cmdb_key_value] table.
    Table 3. Key Value [cmdb_key_value]
    Field Description
    Key [key] Tag name.
    Value [value] Tag value.