Welcome to the Netskope One DSPM Knowledge Base

You will find your answers here!

    Sorry, we didn't find any relevant articles for you.

    Send us your queries using the form below and we will get back to you with a solution.

    Connecting to Snowflake Data Stores

    Table of Contents

    Overview Retrieve Connection Information Create a Netskope One DSPM Service Account User within Snowflake Connect Your Data Store

    Overview

    Netskope One DSPM needs access to your Snowflake account, both to access Snowflake query logs and to find sensitive data within the data stores of your Snowflake instance. In order to access your Snowflake account, you need to create a database user (service account)  within Snowflake that Netskope One DSPM application can use.

    Retrieve Connection Information

    In addition to configuring a Netskope One DSPM service account user, Netskope One DSPM will also require the URL for your Snowflake account which is of the following format <account_identifier>.snowflakecomputing.com in order to communicate with your Snowflake instance. See Snowflake Documentation to get more details on Account Identifiers

    Create a Netskope One DSPM Service Account User within Snowflake

    Excerpt: Snowflake: Create Service Account: Script

    A database service account within the Snowflake data warehouse is required for connecting all the relevant data stores with the Netskope One DSPM application. Netskope One DSPM provides a Python script that automates the following 

    1. Create a Netskope One DSPM Database user within Snowflake.
    2. Grant necessary privileges to the Netskope One DSPM Database user.
    3. Assign the default role and warehouse to the Netskope One DSPM user.

    Prerequisites

    • You are aware of the URL for your Snowflake account which is of the following format <account_identifier>.snowflakecomputing.com in order to communicate with your Snowflake instance. 
    • You are signed into Snowflake as an account administrator. Please note that the credentials for this admin account are never shared with Netskope One DSPM. This is a separate step that you run on your own, as described here.
    • The following are locally-installed:

    Run Script

    1. Open the command line interface (CLI).
    2. Type the following command download the automation script locally in your system 
     wget https://dasera-release.s3.us-west-2.amazonaws.com/snowflake_setup.py
    1. If necessary, navigate to the directory where the script was downloaded.
    1. Run the script by typing python snowflake_setup.py
    2. When prompted, enter the following parameters:

     

    Parameter Value
    Snowflake Account Snowflake Account information corresponding to your organization. Enter the corresponding value from the Retrieve Connection Information step above.
    Username

    Provide the Snowflake account administrator login name. 

    It’s extremely important to be signed into Snowflake account by an account administrator (i.e. a user with the ACCOUNTADMIN role).

     

     
    Password Provide the password for the Snowflake account administrator login.
    Admin role Ideally it would be ACOUNTADMIN as it is the only role that (a) has access to and (b) can grant privileges to the SNOWFLAKE tables.
    Admin warehouse Name of the Admin warehouse as defined by  your organization. Check the list of warehouses from the top menu of your Snowflake account. Script would be granting usage and monitor privileges to each of the databases in this warehouse and thus enabling them to be scanned by the Netskope One DSPM application.
    Username to create for Netskope One DSPM user A name like Netskope One DSPM  is recommended, but you can use any value.
    Role to create for Netskope One DSPM user A name like Netskope One DSPM_Role is recommended, but you can use any value.
    Password for Netskope One DSPM user Provide the Password for the new Netskope One DSPM user.
    Warehouse for Netskope One DSPM user to use Provide the default warehouse for the Netskope One DSPM user.

    You can alternatively authenticate this data store using AWS Secrets Manager instead of a username and password.

     

    Connect Your Data Store

    Excerpt: Connect Your Data Store 1

    Log into the Netskope One DSPM platform. Navigate to the Data Stores > Data Store Invento

    1. Log into the Netskope One DSPM platform.
    2. Navigate to Data Stores → Data Store Inventory.
    3. Use the Discovered tab, then click the CONNECT button under Actions to connect a discovered data store. You'll immediately see the Credentials tab with some fields automatically populated.
    4. Alternately, click the CONNECT A DATA STORE button in the upper right to select a data store type and go through the data store connection UI manually.

    1. The Connect a Data Store modal is displayed, starting with the SELECT DATA STORE tab.
    2. Click on the icon for the Data Store Type you wish to connect. The modal will auto-navigate you to the next tab.
    3. On the PROVIDE CREDENTIALS tab, complete the following fields:
    Field Value
    Data Store Identifier Provide a friendly name to describe this Data Store. Your value is displayed in other Netskope One DSPM screens such as Policy Management and Classification Management.
    Data Store Endpoint Enter your Snowflake's Account URL account_identifier.snowflakecomputing.com
    Authentication Method Select AWS Secrets Manager or Username / Password authentication.
    Secret ARN If using AWS Secrets Manager authentication, enter Secret ARN obtained from AWS Secrets Manager.
    Database Username If using Username/Password authentication, enter the Netskope One DSPM user you created in Create a Netskope One DSPM Service Account step above.
    Password If using Username/Password authentication, enter the password for the Netskope One DSPM user you created in Create a Netskope One DSPM Service Account step above.
    Scan Frequency Controls how often your Data Store is reviewed for changes, Netskope One DSPM’s recommended frequency is defaulted, which you can override if (desired).
    Sidecar Pool

    Excerpt: Connect Your Data Store: Credentials: Sidecar Pool

    If you will use sidecars to monitor this data store, select a sidecar pool with network visibility to said data store. This field is displayed when there is at least one defined sidecar pool.

    To learn more, please visit our Sidecar Administration article.

    Excerpt: Connect Your Data Store 2

    Click the NEXT button, which will navigate you to the next tab. On the SELECT CAP

    1. Click the NEXT button. The SELECT CAPABILITIES tab is displayed.
    2. Complete the following fields:
    • Assign a Data Owner (optional): define one or more Platform Users responsible for this Data Store and its data sets.
    • Which databases should Netskope One DSPM scan?: utilize the field’s picklist control to select which databases & schemas should be monitored by the Netskope One DSPM application. By default, all databases & schemas are selected.
    • Features: Netskope One DSPM’s recommended feature selections will be defaulted, which you can override if desired. Some features are always-on, some are not applicable (with disabled toggles), while others may request additional configurations.
    Feature Supported for Snowflake
    Discovery Yes (always-on)
    Privilege Analysis Yes
    Shadow Data Analysis Yes
    Classification

    Yes

    Select the Ingest Snowflake tags checkbox to also import Snowflake schema tags and their object-level assignments for this Data Store. To learn more, please visit our Data Tags article.

     
    Data In Use Monitoring Yes
    Automation Yes (always-on)

    Excerpt: Connect Your Data Store 3

    Click the NEXT button, which will navigate you to the next tab. On the REVIEW tab

    1. Click the SAVE button, which will navigate you to the next tab.
    2. On the REVIEW tab, Netskope One DSPM will validate your credentials and capability selections. In the event of any issues, follow the on-screen instructions to remediate the displayed warnings or errors.
    3. Click the SAVE button to finalize your connection.

    Was this article helpful?

    Still can't find what you are looking for?

    Contact Netskope Technical Support