Welcome to the Netskope One DSPM Knowledge Base

You will find your answers here!

    Sorry, we didn't find any relevant articles for you.

    Send us your queries using the form below and we will get back to you with a solution.

    Connecting to Heroku PostgreSQL Data Stores

    Table of Contents

    Overview Create a Netskope One DSPM Service Account Retrieve Connection Information Generate Heroku API Key Connect Your Data Store

    Overview

    Netskope One DSPM supports scanning Heroku PostgreSQL Data Stores. Follow these instructions to set up your Heroku PostgreSQL database and configure its connection to Netskope One DSPM.

    Create a Netskope One DSPM Service Account

    A Heroku PostgreSQL service account within the database is required for connecting your data store with the Netskope One DSPM application. Please follow the steps below to configure the service account within the Heroku dashboard.

    Prerequisites

    You have access to configure service accounts within Heroku applications.

    Steps

    1. As the authorized Heroku user, click this link to log into your Heroku portal, which will navigate you to the main dashboard.
    2. On the Apps tab, select the name of your application. The application’s Overview tab is displayed.
    3. Click on the Resources tab.  
    4. Under the Add-ons section, select the name of your Heroku PostgreSQL resource. The resource's Overview tab is displayed.
    5. Click the Credentials tab.
    6. Click the Create Credential button.
    7. Enter the following values:
    Field Name Value
    User Any value (Netskope One DSPM is recommended)
    Attachments Enter the name of each Heroku PostgreSQL database you wish to monitor using Netskope One DSPM
    Permissions Select `Read-only permissions`

    Heroku auto-generates the password for new service accounts. Be sure to capture and save this value for later use.

     
    1. Click the save button.

    Retrieve Connection Information

    Please follow the steps below to identify the connection values to communicate Netskope One DSPM with your Heroku PostgreSQL database.

    1. As the authorized Heroku user, click this link to log into your Heroku portal, which will navigate you to the main dashboard.
    2. On the Apps tab, select the name of your application. The application’s Overview tab is displayed.
    3. Click on the Resources tab.  
    4. Under the Add-ons section, select the name of your Heroku PostgreSQL resource. The resource's Overview tab is displayed.
    5. Select the credential created in the above section. The credential's details are displayed.
    6. Take note of the following values for later use:
    Field Name Corresponding Netskope One DSPM Value
    Host Data Store Endpoint
    Port Data Store Endpoint
    Database Data Store Endpoint

    Generate Heroku API Key

    These steps are required only if you wish to use Configuration Analysis within the Netskope One DSPM application.

    To better-secure your API key, it is recommended that you create a Heroku user dedicated for Netskope One DSPM's use.

     
    1. As the Netskope One DSPM-specific Heroku user, click this link to log into your Heroku portal, which will navigate you to the main dashboard.
    2. In the upper-right, click your user icon
    3. Select Account Settings. The Manage Account screen is displayed.
    4. If desired, click the Regenerate API Key button to reset your API key.
    5. In the API Key section, click the Reveal button.
    6. Take note of the API key value for later use.

    Connect Your Data Store

    Excerpt: Connect Your Data Store 1

    1. Log into the Netskope One DSPM platform.
    2. Navigate to Data Stores → Data Store Inventory.
    3. Use the Discovered tab, then click the CONNECT button under Actions to connect a discovered data store. You'll immediately see the Credentials tab with some fields automatically populated.
    4. Alternately, click the CONNECT A DATA STORE button in the upper right to select a data store type and go through the data store connection UI manually.

    1. The Connect a Data Store modal is displayed, starting with the SELECT DATA STORE tab.
    2. Click on the icon for the Data Store Type you wish to connect. The modal will auto-navigate you to the next tab.
    3. On the PROVIDE CREDENTIALS tab, complete the following fields:
    Field Value
    Data Store Identifier Provide a friendly name to describe this Data Store. Your value is displayed in other Netskope One DSPM screens, such as Policy Management and Classification Management.
    Data Store Endpoint

    Enter the corresponding values from the Retrieve Connection Information step above in the following format:

    {host}:{port}/{database}

    For example, for a endpoint  like 1.2.3.4, database named "example_db", and using the standard port, you would enter 1.2.3.4:5432/example_db.
    Database Username Enter the corresponding value from the Create Netskope One DSPM Service Account step above.
    Password Enter the corresponding value from the Create Netskope One DSPM Service Account step above.
    Scan Frequency Controls how often your Data Store is reviewed for changes. Netskope One DSPM’s recommended frequency is defaulted, which you can override if (desired).

    Excerpt: Connect Your Data Store 2

    1. Click the NEXT button. The SELECT CAPABILITIES tab is displayed.
    2. Complete the following fields:
    • Assign a Data Owner (optional): define one or more Platform Users responsible for this Data Store and its data sets.
    • Which databases should Netskope One DSPM scan?: utilize the field’s picklist control to select which databases & schemas should be monitored by the Netskope One DSPM application. By default, all databases & schemas are selected.
    • Features: Netskope One DSPM’s recommended feature selections will be defaulted, which you can override if desired. Some features are always-on, some are not applicable (with disabled toggles), while others may request additional configurations.
    • Configuration: enter the API key value you created in the Generate Heroku API Key step above. Otherwise, deselect the checkbox if you don't wish to utilize Configuration Analysis.

    Netskope One DSPM does not validate the supplied API key.  If your key is revoked or its format is incorrect, your data store connection can still be saved. Subsequent scans will also complete, while Configuration Analysis-related errors will appear within the Activity Logs.

     
    Feature Supported for Heroku PostgreSQL
    Discovery N/A
    Privilege Analysis Yes (database user & role retrieval only)
    Shadow Data Analysis Yes
    Classification Yes
    Data-in-Use Monitoring Yes (Custom Query Logs only)
    Automation Yes (always on)

    Excerpt: Connect Your Data Store 3

    Click the NEXT button, which will navigate you to the next tab. On the REVIEW tab

    1. Click the SAVE button, which will navigate you to the next tab.
    2. On the REVIEW tab, Netskope One DSPM will validate your credentials and capability selections. In the event of any issues, follow the on-screen instructions to remediate the displayed warnings or errors.
    3. Click the SAVE button to finalize your connection.

    Was this article helpful?

    Still can't find what you are looking for?

    Contact Netskope Technical Support