Rule Synopsis
These are the rule/s that determine how MS Defender for Endpoint Status values are mapped and transformed into the four different sets of ServiceNow Status values.
Rule Details and Default
By default, CI Sync sets the various ServiceNow status values according to the mapping table (called a “value map”) shown below.
|
Defender for EndPoint Status Values
|
|
ServiceNow Hardware Status |
ServiceNow Hardware Sub-Status |
ServiceNow Install Status |
ServiceNow Operational Status |
|||||
|
Value |
Label |
|
Value |
Label |
Value |
Label |
Value |
Label |
Value |
Label |
|
1 |
Active |
-> |
installed |
Installed |
in_use |
In Use |
1 |
Installed |
1 |
Operational |
|
-1
|
|
-> |
retired |
Retired |
divested |
Divested |
7 |
Retired |
6 |
Retired |
|
Otherwise |
-> |
|
|
|
|
|
|
5 |
Ready |
|
Note: CI Sync internally uses a logical value of minus one (-1) to represent an MS Defender for Endpoint deleted asset (i.e. assets no longer visible to CI Sync).
Override Options
Context
Customers may consider changing how CI Sync sets the various ServiceNow status values to meet their CI and Asset lifecycle management requirements within ServiceNow.
Options
-
This rule can be amended to have CI Sync use the native “Onboarding Status” value held in Microsoft Defender for Endpoint (this attribute and value are visible in the Defender for EndPoint portal).
-
This rule can also be amended to have CI Sync retire Defender for Endpoint related CIs based on an aging criteria (e.g. if the asset in Defender has not been seen for “n” days).
Overriding via Connection Settings
Customers can perform the override using a “Connection Setting” via the CI Sync User Interface (i.e. customers can perform the overrides themselves). Additional information for this is available via the following documentation:
-
For a general overview of CI Sync Connection Settings please read Understanding the use of CI Sync Connection Settings.
-
For the specific CI Sync Connection Setting/s related to the rule described on this page please read Status Mapping for Defender for Endpoint.
For documentation on all CI Sync Connection Settings please visit the page tree Connection Setting Guides.
Additional Information
N/A
Related Rules
N/A
Support Model for Rule Overrides
Question: Can overrides be performed by customers without a Syncfish Extended Implementation and Support Plan?
Answer: Yes (via self-service in the CI Sync UI)
Question: Which Syncfish Extended Implementation and Support Plan is required to obtain overrides of this rule
Answer: Either a Bronze Plan, Silver Plan or Gold Plan (for customers wanting Syncfish assistance to perform overrides of this rule)