Welcome to the Netskope One DSPM Knowledge Base

You will find your answers here!

    Sorry, we didn't find any relevant articles for you.

    Send us your queries using the form below and we will get back to you with a solution.

    Connecting to Azure PostgreSQL Data Stores

    Table of Contents

    Overview Retrieve Connection Information Create Netskope One DSPM Service Account Excerpt: PostgreSQL/Azure: Create Service Account: Script 1 Connect Your Data Store Excerpt: Connect Your Data Store: Credentials: Sidecar Pool

    Overview

    Netskope One DSPM supports scanning Azure PostgreSQL Data Stores. Follow these instructions to setup your Azure PostgreSQL database and configure its connection to Netskope One DSPM.

    Retrieve Connection Information

    Please follow the steps below to identify the connection values to communicate Netskope One DSPM with your Azure PostgreSQL database.

    1. Click this link to log into your Azure Portal, which will navigate you to the resource view of your PostgreSQL servers.
    2. Locate your database server resource and click the hyperlink.
    3. Navigate to the Overview section and take note of the following values:
    Highlight Color Corresponding Netskope One DSPM Value Example
    Blue Data Store Endpoint
    Green Admin name
    Blue List of Databases

    Create Netskope One DSPM Service Account

    Excerpt: PostgreSQL/Azure: Create Service Account: Script 1

    A PostgreSQL service account within the database is required for connecting your data store with the Netskope One DSPM application.  Netskope One DSPM provides a Python script which both creates the service account and assigns the necessary non-super user permissions.

    Prerequisites

    • You have database administrator access for the data store.
    • The following are locally-installed:
    • You have validated your setup & Azure environment connectivity using the CLI

    Run Script

    1. Open the command line interface (CLI).
    2. Type the following command download the automation script locally in your system 
     wget https://dasera-release.s3.us-west-2.amazonaws.com/postgres_setup.py
    1. If necessary, navigate to the directory where the script was downloaded.
    1. Setup your Azure account subscription from CLI by running the following commands
      1. az login
      2. az account list
    1. Run the script by typing python postgres_setup.py
    2. When prompted, enter the following parameters:

     

    Parameter Value
    Endpoint Enter the corresponding value from the Retrieve Connection Information step above.
    Database Enter the corresponding database name as listed under Available resources from  the Retrieve Connection Information step above.
    Port

    Enter the corresponding value from the Retrieve Connection Information step above.

    5432 is default PostgreSQL port number. If you are using a custom port number, be sure to substitute it here.

     
    Username Username of the database administrator running this script. Enter the corresponding value from the Retrieve Connection Information step above.
    Password Password of the database administrator running this script
    Username to create for Netskope One DSPM user Provide the Database name for which you want to create the Netskope One DSPM DB user. dasera_user is recommended, but you can use any value.
    Password Password for the Netskope One DSPM DB user

    When the script is complete, the following message (or similar) will be displayed: 

    Created user dasera_sa with global select access

    Since the DB admin privileges might differ in each of the databases, you would need to run the above steps, for each of the databases separately that you wish to connect with Netskope One DSPM application.

     

    Connect Your Data Store

    Before attempting to connect an Azure Data Store, be sure you have configured a Netskope One DSPM-specific Azure Service Account as described above and onboarded the Azure Infrastructure for this Data Store. 

    Excerpt: Connect Your Data Store 1

    Log into the Netskope One DSPM platform. Navigate to the Data Stores > Data Store Invento

    1. Log into the Netskope One DSPM platform.
    2. Navigate to Data Stores → Data Store Inventory.
    3. Use the Discovered tab, then click the CONNECT button under Actions to connect a discovered data store. You'll immediately see the Credentials tab with some fields automatically populated.
    4. Alternately, click the CONNECT A DATA STORE button in the upper right to select a data store type and go through the data store connection UI manually.

    1. The Connect a Data Store modal is displayed, starting with the SELECT DATA STORE tab.
    2. Click on the icon for the Data Store Type you wish to connect. The modal will auto-navigate you to the next tab.
    3. On the PROVIDE CREDENTIALS tab, complete the following fields:
    Field Value
    Select Azure Account Select one of the Azure Accounts defined within the Infrastructure Section screen. The field will default if there is just one AWS Account configured.
    Data Store Identifier Provide a friendly name to describe this Data Store. Your value is displayed in other Netskope One DSPM screens such as Policy Management and Classification Management.
    Data Store Endpoint

    Enter the corresponding value from the Retrieve Connection Information step above, plus the port number and database name.

    For example, for a Public IP address like 1.2.3.4 and database named "example_db", you would enter 1.2.3.4:5439/example_db.

    5432 is default PostgreSQL DB port number. If you are using a custom port number, be sure to substitute it here.

     
    Database Username Enter the corresponding value from the Create a Netskope One DSPM Service Account step above.
    Authentication Method Select “Password”.
    Password Enter the corresponding value from the Create a Netskope One DSPM Service Account step above.
    Side car

    Provide reference of a sidecar instance connected to Database (optional)

    Refer to the article Installing Netskope One DSPM sidecar via Azure containers for more details

     

     
    Scan Frequency Controls how often your Data Store is reviewed for changes, Netskope One DSPM’s recommended frequency is defaulted, which you can override if (desired).
    Sidecar Pool

    Excerpt: Connect Your Data Store: Credentials: Sidecar Pool

    If you will use sidecars to monitor this data store, select a sidecar pool with network visibility to said data store. This field is displayed when there is at least one defined sidecar pool.

    To learn more, please visit our Sidecar Administration article.
    Capability Supported for PostgreSQL
    Discovery Yes (always-on)
    Privilege Analysis Yes 
    Shadow Data Analysis No
    Classification Yes
    Data In Use Monitoring No (custom query logs only)
    Automation Yes (always-on)

    Excerpt: Connect Your Data Store 3

    Click the NEXT button, which will navigate you to the next tab. On the REVIEW tab

    1. Click the SAVE button, which will navigate you to the next tab.
    2. On the REVIEW tab, Netskope One DSPM will validate your credentials and capability selections. In the event of any issues, follow the on-screen instructions to remediate the displayed warnings or errors.
    3. Click the SAVE button to finalize your connection.

    Was this article helpful?

    Still can't find what you are looking for?

    Contact Netskope Technical Support