Welcome to the Netskope One DSPM Knowledge Base

You will find your answers here!

    Sorry, we didn't find any relevant articles for you.

    Send us your queries using the form below and we will get back to you with a solution.

    Connecting to AWS RDS SQL Server Data Stores

    Table of Contents

    Overview Authenticate Data Store Using Snapshots Using a Netskope One DSPM Service Account Retrieve Connection Information Connect Your Data Store

    Overview

    Netskope One DSPM supports scanning AWS RDS SQL Server Data Stores. Follow these instructions to setup your AWS RDS SQL Server database and configure its connection to Netskope One DSPM.

    Authenticate Data Store

    There are two methods for authenticating RDS and Aurora data stores: Snapshots or Service Account. 

    Using Snapshots

    Snapshots are quicker and simpler, spinning up a secure copy of the data store for Netskope One DSPM to scan without needing to create a Service Account. This copy exists only within your Netskope One DSPM instance, and Netskope One DSPM does not store any associated data. It's encrypted and then immediately spun down, so there are no lingering data copies. Please note that spinning up the data store copy can cause the scan initiation process can take several hours.

    The following features are not supported when authenticating via Snapshot:

    • Privilege Analysis
    • Data-in-use monitoring
    • Database selection
    • Sample data collection

    Ensure you've enabled data store Snapshots access during AWS Infrastructure onboarding. For already onboarded accounts, you must manually add permission AmazonRDSFullAccess in the AWS Console.

    Using a Netskope One DSPM Service Account

    Excerpt: SQL Server: Create Service Account

    These steps may require the assistance of your local database administrator.

     

    Begin by configuring a service account which will be dedicated to Netskope One DSPM’s use.

    1. As a DB administrator, log into your SQL database.
    2. Create the Netskope One DSPM-specific SQL user by executing the following commands in the mentioned order:
    Command Outcome Notes 
    CREATE LOGIN 'dasera_user' WITH PASSWORD ='dasera_password';
    		 Creates the  DB user with which will be dedicated to Netskope One DSPM’s use as a service account. 

    Substitute dasera_user and dasera_password with your own preferred values. You will need this information later when configuring Netskope One DSPM.

    Note : We recommend to use dasera as the username and a password of your choice. You will need this information later when configuring Netskope One DSPM.

    		 
    USE "database name"; 
CREATE USER dasera FOR LOGIN 'dasera_user'; ALTER ROLE db_datareader ADD MEMBER dasera;

    Grants read-only access to the Netskope One DSPM specific DB user in each SQL database to you want to scan.

    The CREATE USER command enables the previously-created LOGIN to access the database. The built-in   db_datareader role grants read-only access to all schemas and tables (including system tables) on the active database.
     

    Substitute database name with each SQL DB you wish to scan with Netskope One DSPM Application

     

     

    Retrieve Connection Information

    Excerpt: SQL Server: Retrieve Connection Information

    In addition to configuring a service account, Netskope One DSPM will also require additional information in order to communicate with your SQL database. Please follow the steps below to identify the connection values for later use within Netskope One DSPM.

    Highlight Color Corresponding Netskope One DSPM Value Example
    Blue Data Store Endpoint
    Gray Port

    Connect Your Data Store

    Excerpt: Connect Your Data Store 1

    Log into the Netskope One DSPM platform. Navigate to the Data Stores > Data Store Invento

    1. Log into the Netskope One DSPM platform.
    2. Navigate to Data Stores → Data Store Inventory.
    3. Use the Discovered tab, then click the CONNECT button under Actions to connect a discovered data store. You'll immediately see the Credentials tab with some fields automatically populated.
    4. Alternately, click the CONNECT A DATA STORE button in the upper right to select a data store type and go through the data store connection UI manually.

    1. The Connect a Data Store modal is displayed, starting with the SELECT DATA STORE tab.
    2. Click on the icon for the Data Store Type you wish to connect. The modal will auto-navigate you to the next tab.
    3. On the PROVIDE CREDENTIALS tab, complete the following fields:
    Field Value
    AWS Account Name Select one of the AWS Accounts defined within the Infrastructure Section screen. The field will default if there is just one AWS account configured.
    Data Store Identifier Friendly name to describe this Data Store. Your value is displayed in other Netskope One DSPM screens such as Policy Management and Classification Management.
    Data Store Endpoint Enter the corresponding value from the Retrieve Connection Information section above.
    Database Username (if Service Account) Enter the corresponding value from the Using a Netskope One DSPM Service Account step above.
    Password (if Service Account) Enter the corresponding value from the Using a Netskope One DSPM Service Account step above.
    Scan Frequency Controls how often your Data Store is reviewed for changes, Netskope One DSPM’s recommended frequency is defaulted, which you can override (if desired).
    Sidecar Pool

    Excerpt: Connect Your Data Store: Credentials: Sidecar Pool

    If you will use sidecars to monitor this data store, select a sidecar pool with network visibility to said data store. This field is displayed when there is at least one defined sidecar pool.

    To learn more, please visit our Sidecar Administration article.

    Excerpt: Connect Your Data Store 2

    Click the NEXT button, which will navigate you to the next tab. On the SELECT CAP

    1. Click the NEXT button. The SELECT CAPABILITIES tab is displayed.
    2. Complete the following fields:
    • Assign a Data Owner (optional): define one or more Platform Users responsible for this Data Store and its data sets.
    • Which databases should Netskope One DSPM scan?: utilize the field’s picklist control to select which databases & schemas should be monitored by the Netskope One DSPM application. By default, all databases & schemas are selected.
    • Features: Netskope One DSPM’s recommended feature selections will be defaulted, which you can override if desired. Some features are always-on, some are not applicable (with disabled toggles), while others may request additional configurations.
    Capability Supported for AWS RDS SQL Server via Service Account Supported for AWS RDS SQL Server via Snapshots
    Discovery Yes (always-on) Yes
    Configuration Analysis Yes Yes
    Privilege Analysis Yes No
    Shadow Data Analysis Yes No
    Classification Yes Yes
    Data In Use Monitoring No (custom query logs only) No
    Automation Yes (always-on) Yes

    Excerpt: Connect Your Data Store 3

    Click the NEXT button, which will navigate you to the next tab. On the REVIEW tab

    1. Click the SAVE button, which will navigate you to the next tab.
    2. On the REVIEW tab, Netskope One DSPM will validate your credentials and capability selections. In the event of any issues, follow the on-screen instructions to remediate the displayed warnings or errors.
    3. Click the SAVE button to finalize your connection.

    Was this article helpful?

    Still can't find what you are looking for?

    Contact Netskope Technical Support