CMDB classes targeted in Service Graph Connector for Microsoft Defender Endpoint

Release version: Zurich

Updated July 31, 2025

2 minutes to read

Summarize

Summarized using AI

Summary of CMDB Classes Targeted in Service Graph Connector for Microsoft Defender Endpoint

The Service Graph Connector for Microsoft Defender Endpoint enables ServiceNow customers to integrate and pull data from machines utilizing Microsoft Defender for Endpoint. This integration populates various Configuration Management Database (CMDB) tables, enhancing visibility into asset configurations and relationships.

Show full answer Show less

Key Features

Data Collection: The integration collects and populates attributes in several CMDB tables, including Computer, IP Address, Network Adapter, Software, Software Installation, Software Instance, and Windows Server.
Relationships: The connector establishes relationships between different CMDB classes, helping users understand how assets are interconnected.

Key Outcomes

The integration supports improved asset management by providing detailed attributes such as install status, operating system, and device ID.
Users gain insights into the health and exposure level of their devices, enabling better security management.
By maintaining up-to-date information in the CMDB, organizations can enhance their operational efficiency and risk management related to endpoint security.

When you complete setting up the connection, you can configure the integration to pull data periodically from machines utilizing the Microsoft Defender for Endpoint security solution. The data is saved in tables that extend from the Configuration item [cmdb_ci] table.

Computer [cmdb_ci_computer]

The following attributes in the Computer [cmdb_ci_computer] table are populated by collected data:


Attribute label	Attribute name
Class	sys_class_name
Discovery source	discovery_source
Install Status	install_status
Name	name
Operating System	os
OS Version	os_version

Table 1. Relationships created for Computer
Parent class	Relationship type	Child class
Computer [cmdb_ci_computer]	Owns::Owned by	IP Address [cmdb_ci_ip_address]
Computer [cmdb_ci_computer]	Owns::Owned by	Network Adapter [cmdb_ci_network_adapter]
Computer [cmdb_ci_computer]	Reference	SG-Defender Machines Related [sn_defender_integ_sg_defender_machines_related]
Computer [cmdb_ci_computer]	Reference	Software Installation [cmdb_sam_sw_install]

IP Address [cmdb_ci_ip_address]

The following attributes in the IP Address [cmdb_ci_ip_address] table are populated by collected data:


Attribute label	Attribute name
Install Status	install_status
IP Address	ip_address
IP version	ip_version
Name	name
Nic	nic

Table 2. Relationship created for IP Address
Parent class	Relationship type	Child class
IP Address [cmdb_ci_ip_address]	Reference	Network Adapter [cmdb_ci_network_adapter]

SG-Defender Machines Related [sn_defender_integ_sg_defender_machines_related]

The following attributes in the SG-Defender Machines Related [sn_defender_integ_sg_defender_machines_related] table are populated by collected data:


Attribute label	Attribute name
Agent Version	agent_version
Device Id	device_id
Exposure Level	exposure_level
First Seen	first_seen_date
Health Status	health_status
IsAadJoined	isaadjoined
Last Reported	last_reported
Managed by	managed_by
Onboarding Status	onboarding_status

Network Adapter [cmdb_ci_network_adapter]

The following attributes in the Network Adapter [cmdb_ci_network_adapter] table are populated by collected data:


Attribute label	Attribute name
Discovery source	discovery_source
Install Status	install_status
MAC Address	mac_address
Name	name

Table 3. Relationships created for Network Adapter
Parent class	Relationship type	Child class
Network Adapter [cmdb_ci_network_adapter]	Reference	Server [cmdb_ci_server]
Network Adapter [cmdb_ci_network_adapter]	Reference	Computer [cmdb_ci_computer]

Software [cmdb_ci_spkg]

The following attributes in the Software [cmdb_ci_spkg] table are populated by collected data when the Software Asset Management (SAM) application isn't installed:


Attribute label	Attribute name
Key	key
Name	name
Version	version

Table 4. Relationship created for Software
Parent class	Relationship type	Child class
Software [cmdb_ci_spkg]	Reference	Software Instance [cmdb_software_instance]

Software Installation [cmdb_sam_sw_install]

The following attributes in the Software Installation [cmdb_sam_sw_install] table are populated by collected data when the SAM application is installed:


Attribute label	Attribute name
Discovery source	discovery_source
Display name	display_name
Version	version

Software Instance [cmdb_software_instance]

The following attributes in the Software Instance [cmdb_software_instance] table are populated by collected data when the SAM application isn't installed:


Attribute label	Attribute name
Installed on	installed_on
Name	name

Table 5. Relationship created for Software Instance
Parent class	Relationship type	Child class
Software Instance [cmdb_software_instance]	Reference	Server [cmdb_ci_server]

Windows Server [cmdb_ci_win_server]

The following attributes in the Windows Server [cmdb_ci_win_server] table are populated by collected data when the SAM application isn't installed:


Attribute label	Attribute name
Class	sys_class_name
Discovery source	discovery_source
Install Status	install_status
Name	name
Operating System	os
OS Version	os_version

Table 6. Relationships created for Windows Server
Parent class	Relationship type	Child class
Windows Server [cmdb_ci_win_server]	Owns::Owned by	Network Adapter [cmdb_ci_network_adapter]
Windows Server [cmdb_ci_win_server]	Owns::Owned by	IP Address [cmdb_ci_ip_address]
Windows Server [cmdb_ci_win_server]	Reference	SG-Defender Machines Related [sn_defender_integ_sg_defender_machines_related]
Windows Server [cmdb_ci_win_server]	Reference	Software Installation [cmdb_sam_sw_install]

Target CMDB classes

Zurich ServiceNow AI Platform Capabilities