Rule Synopsis
These are the rule/s that determine how MS Defender for Cloud Apps Attributes/Fields are mapped to CMDB CI Attributes/Fields for each type of Cloud Apps Resource Type.
Rule Details and Default
Please read the table below which show the default attribute mappings.
Special Handling of the Business Application Description Attribute
By default, CI Sync reads many individual attributes from each Defender for Cloud Application and combines these into line seperated values in the Description of each Business Application CI.
See below for the full list of individual attributes from Defender for Cloud Apps CI Sync writes to the Description of each CI. The example shown below is for DocuSign.
csaStarLevel: selfAssessment
dataAtRestEncryptionMethod: aes
dataCenter: US
dataRetentionPolicy: dataRetained
dataTypes: ["documents"]
domainRegistrationDateTime: 1999-06-14T00:00:00Z
fedRampLevel: moderate
founded: 2003
gdprReadinessStatement: https://www.docusign.com/privacy/gdpr
headquarters: US
holding: public
hostingCompany: Amazon Web Services, Azure
isAdminAuditTrail: true
isCobitCompliant: unknown
isCoppaCompliant: unknown
isDataAuditTrail: true
isDataClassification: unknown
isDataOwnership: true
isDisasterRecoveryPlan: true
isDmca: true
isFerpaCompliant: unknown
isFfiecCompliant: unknown
isFileSharing: true
isFinraCompliant: unknown
isFismaCompliant: unknown
isGaapCompliant: true
isGdprDataProtectionImpactAssessment: true
isGdprDataProtectionOfficer: true
isGdprDataProtectionSecureCrossBorderDataTransfer: true
isGdprLawfulBasisForProcessing: true
isGdprReportDataBreaches: true
isGdprRightToAccess: true
isGdprRightToBeInformed: true
isGdprRightToDataPortablility: true
isGdprRightToErasure: true
isGdprRightToObject: true
isGdprRightToRectification: true
isGdprRightToRestrictionOfProcessing: true
isGdprRightsRelatedToAutomatedDecisionMaking: true
isGlbaCompliant: unknown
isHipaaCompliant: true
isHitrustCsfCompliant: unknown
isHttpSecurityHeadersContentSecurityPolicy: true
isHttpSecurityHeadersStrictTransportSecurity: true
isHttpSecurityHeadersXContentTypeOptions: true
isHttpSecurityHeadersXFrameOptions: true
isHttpSecurityHeadersXXssProtection: true
isIpAddressRestriction: true
isIsae3402Compliant: unknown
isIso27001Compliant: true
isIso27017Compliant: true
isIso27018Compliant: true
isItarCompliant: unknown
isMultiFactorAuthentication: true
isPasswordPolicyChangePasswordPeriod: true
isPasswordPolicyCharacterCombination: true
isPasswordPolicyPasswordHistoryAndReuse: true
isPasswordPolicyPasswordLengthLimit: true
isPasswordPolicyPersonalInformationUse: true
isPenetrationTesting: true
isPrivacyShieldCompliant: false
isRememberPassword: false
isRequiresUserAuthentication: true
isSoc1Compliant: true
isSoc2Compliant: true
isSoc3Compliant: false
isSoxCompliant: true
isSp80053Compliant: true
isSsae16Compliant: true
isSupportsSaml: true
isTrustedCertificate: true
isUserAuditTrail: true
isUserCanUploadData: true
isUserRolesSupport: true
isValidCertificateName: true
latestBreachDateTime: 2017-05-09T00:00:00Z
pciDssVersion: v4
tlsEncryptionProtocol: tls1_3
vendor: DocuSign
Override Options
Context
Customers may consider changing the attribute/field level mappings (e.g. to add or remove attributes/fields).
Note: The attributes/fields available in ServiceNow are specific to target CI Table/Class (based on the CI Class inheritance model baked into the ServiceNow CMDB. Customers wishing to amend the attribute/field level mappings may have broader implications on the target CI Table/Class used for a given Cloud Apps Resource Type. For this reason, customers should engage Syncfish to discuss the implications of changing the default attribute/field level mappings.
Options
-
The field mappings (and transformation of data for persistence into the destination fields) can be amended for each Cloud Apps Resource Type.
Overriding via Connection Settings
N/A
Additional Information
N/A
Related Rules
N/A
Support Model for Rule Overrides
Question: Can overrides be performed by customers without a Syncfish Extended Implementation and Support Plan?
Answer: No (a plan is needed - see below)
Question: Which Syncfish Extended Implementation and Support Plan is required to obtain overrides of this rule
Answer: Either a Bronze Plan, Silver Plan or Gold Plan