Overview
This article contains instructions for maintaining & grouping the Data Tag library, including the ingestion of tags from outside systems.
Data Tags can be used to group and organize classified fields & dataset objects (databases, schema, and tables). They can also be used for searching, filtering, and being referenced by Policy Conditions.
The application of Data Tags to classification fields is performed in Netskope One DSPM within the Classification > Classification Management screen; to learn more, visit our
- Data Classification Page, for field-level classification; or
- Object-Level Classification, for object-level classification
Data Tag Auto-Assignment
With each datastore scan by Netskope One DSPM Application the newly-classified fields are automatically assigned the Data Tags from its associated Sensitive Data Type.
The association of Data Tags to Sensitive Data Types is performed within the Classification > Sensitive Data Types screen.
Before finalizing the association, the platform will prompt you to select one of the following inheritance effects:
- Apply the Data Tag(s) to future fields classified as this Sensitive Data Type, but leave current classification fields as-is
- Also apply to current fields.
Built-In Data Tags
The following Data Tags & Tag Categories are built into Netskope One DSPM and can be used immediately:
| Tag Category | Tag Name |
|---|---|
| Compliance |
|
| Healthcare |
|
| Other |
|
Managing Data Tags
The following actions are all initiated from the Classification > Data Tags screen.
Creating Tags
Excerpt: Creating Tags
Click the Create New Tag button. The Create New Tag is displayed. Enter the follo
- Click the Create New Tag button.
- The Create New Tag is displayed.
- Enter the following values:
| Field | Value |
|---|---|
| Tag Category |
How this Tag should be grouped on this screen and within drop-downs throughout the platform such as filters. You can also create a new Tag Category (see below). |
| Tag Name | Friendly name which will display throughout the platform. Spaces are not permitted. |
| Description | Any value which helps explain the Tag's purpose |
| Color | Click on the color palette control and select an available color, which will display throughout the platform. |
- Click the Save button.
- The Edit Tag modal will be dismissed.
Editing Tags
Excerpt: Editing Tags
Click the edit (pencil) icon on any existing Tag. The Edit Tag modal is displayed
- Click the edit (pencil) icon on any existing Tag.
- The Edit Tag modal is displayed.
- Complete your desired changes.
- Click the Save button.
- The Edit Tag modal will be dismissed.
Deleting Tags
Excerpt: Deleting Tags
Click the delete (trash) icon on any existing Tag Category header. The Delete Tag
- Click the delete (trash) icon on any existing Tag Category header.
- The Delete Tag modal is displayed.
- If you wish to proceed, click the Delete button.
Note that when a data store is tagged, all child objects (databases, schemas, tables, and fields) within it will inherit the tag from the parent data store. Similarly, when a child object is tagged, the parent object inherits the tag, and you will see from the Data Store Inventory page which tags are contained within the data store's data sets.
Managing Tag Categories
Creating Tag Categories
Excerpt: Creating Tag Categories
Follow the steps in prior sections to either add or edit a Tag. Click the Tag Cat
- Follow the steps in prior sections to either add or edit a Tag.
- Click the Tag Category field and select "Create new category".
- The Create New Category modal is displayed.
- Enter the following values:
| Field | Value |
|---|---|
| Category Name | Friendly name which will display throughout the platform. |
| Description | Any value which helps explain the Tag Category's purpose |
- Click the SAVE button.
- The Create New Category modal will be dismissed.
- Continue with editing or creating your Tag.
Editing Tag Categories
Excerpt: Editing Tags
Click the edit (pencil) icon on any existing Tag. The Edit Tag modal is displayed
- Click the edit (pencil) icon on any existing Tag.
- The Edit Tag modal is displayed.
- Complete your desired changes.
- Click the Save button.
- The Edit Tag modal will be dismissed.
Deleting Tag Categories
Excerpt: Deleting Tag Categories
Before you can delete an Existing Tag Category, you must first delete all of its
Before you can delete an Existing Tag Category, you must first delete all of its child Tags.
- Click the delete (trash) icon on any existing Tag Category header.
- The Delete Tag Category modal is displayed.
- If you wish to proceed, click the Delete button.
Ingesting External Tags
Netskope One DSPM supports the following methods for ingesting Data Tags from outside systems.
Amazon Web Services (AWS)
When onboarding AWS Accounts and Organizations as Infrastructure Connections, you can auto-ingest all data-store instance-specific tags from the AWS Tag Editor, which automatically performs the following actions within Netskope One DSPM:
- A Data Tag Category is created and named after the AWS Account or Organization ID.
- A Data Tag is created for each AWS Tag. Ingested tags are automatically adjusted to ensure uniqueness from similarly-named tags from other data sources.
The above Tag Categories and Data Tags cannot be changed within Netskope One DSPM. If you need to add, edit, or delete these definitions, please update them directly within the AWS console. Changes will regularly sync to Netskope One DSPM.
Google Cloud Platform (GCP)
When onboarding GCP Projects as Infrastructure Connections, you can choose to auto-ingest any available GCP Policy Taxonomies, which automatically performs the following actions within Netskope One DSPM:
- A Data Tag Category is created and named after the GCP Policy Taxonomy.
- A Data Tag is created for each GCP Policy Tag. If a GCP Policy Tag resides below the taxonomy's root level, the Netskope One DSPM Data Tag will be prepended with the GCP Tag's hierarchy path.
- Any GCP Policy Tag associations to GCP fields will also be replicated within their corresponding Netskope One DSPM classification fields.
The above Tag Categories and Data Tags cannot be changed within Netskope One DSPM. If you need to add, edit, or delete these definitions, please update them directly within the Google Cloud Platform console. Changes will regularly sync to Netskope One DSPM.
Snowflake
When connecting Snowflake Data Stores, you can choose to auto-ingest any available Snowflake tags, which automatically performs the following actions within Netskope One DSPM:
- A Data Tag Category is created and named after the Snowflake Data Store Identifier.
- A Data Tag is created for each Snowflake schema-level. Each Data Tag will be prepended with the Snowflake Data Store Identifier, to ensure no uniqueness conflicts with like-named tags you might import from other Snowflake Data Stores.
- Any Snowflake tag associations to Snowflake databases, schemas, tables, or fields will also be replicated within their corresponding Netskope One DSPM objects.
Open API
With Netskope One DSPM’s Open APIs, you can build integrations to ingest Data Tags from your external data catalog systems. To learn more, please visit our Using the Netskope One DSPM API article.
All Data Tags have an assigned color, to make them distinctive within the Netskope One DSPM user interface. The below hex codes can be used within Netskope One DSPM's Open API to properly define your Data Tags:
