Overview
Netskope One DSPM supports scanning MongoDB Data Stores, both those setup using MongoDB Atlas or on-prem. While the instructions are written from a MongoDB Atlas perspective, they should be applicable to on-prem installations (with some variation in steps and screenshots).
Create a MongoDB Service Account
Netskope One DSPM requires programmatic access to connect to & scan your MongoDB Data Stores, including assigning specific user permissions. Please follow the steps below to create the necessary configurations within the MongoDB console.
- Log into MongoDB Atlas.
- Navigate to the SECURITY > Database Access screen.
- Click the ADD NEW DATABASE USER button. A modal titled “Add Database User” is displayed.
- Within the Authentication Method section, select “Password”.
- Within the Password Authentication section, complete the following fields:
- Username: any value; it is recommended to include "Netskope One DSPM" in the name, to make it easier to identify
- Password
- Within the Database User Privileges section, complete the following field:
- Built-In Role: Only read any database
- Click the Add User button.
Retrieve Cluster Connection Information
In addition to configuring a service account, Netskope One DSPM will also require additional information in order to communicate with your MongoDB cluster. Please follow the steps below to identify the connection values for later use within Netskope One DSPM.
- Log into MongoDB Atlas.
- Navigate to the DEPLOYMENT > Databases screen.
- For the cluster you plan on connecting to Netskope One DSPM, click its Connect button.
- The Connect to Cluster modal is displayed, starting with the Setup Connection Security tab.
- Click the Connect your Application button. The modal will auto-navigate you to the next tab.
- On the Choose a connection method tab, complete the following fields:
- Driver: Java
- Version: 3.4 or later
- Make note of the following highlighted portion of the connection string, which will later be used within Netskope One DSPM for connecting your MongoDB Data Stores:
| Highlight Color | Corresponding Netskope One DSPM Value | Example |
|---|---|---|
| Blue | Data Store Endpoint |  |
Connect Your Data Store
Excerpt: Connect Your Data Store 1
Log into the Netskope One DSPM platform. Navigate to the Data Stores > Data Store Invento
- Log into the Netskope One DSPM platform.
- Navigate to Data Stores → Data Store Inventory.
- Use the Discovered tab, then click the CONNECT button under Actions to connect a discovered data store. You'll immediately see the Credentials tab with some fields automatically populated.
- Alternately, click the CONNECT A DATA STORE button in the upper right to select a data store type and go through the data store connection UI manually.
- The Connect a Data Store modal is displayed, starting with the SELECT DATA STORE tab.
- Click on the icon for the Data Store Type you wish to connect. The modal will auto-navigate you to the next tab.
- On the PROVIDE CREDENTIALS tab, complete the following fields:
| Field | Value |
|---|---|
| Data Store Identifier | Friendly name to describe this Data Store. Your value is displayed in other Netskope One DSPM screens such as Policy Management and Classification Management. |
| Data Store Endpoint | Enter the corresponding value from the Retrieve Cluster Connection Information step above. |
| Database Username | Enter the corresponding value from the Create a MongoDB Service Account step above. |
| Password | Enter the corresponding value from the Create a MongoDB Service Account step above. |
| Scan Frequency | Controlling how often your Data Store is reviewed for changes, Netskope One DSPM’s recommended frequency is defaulted, which you can override if (desired). |
| Sidecar Pool | Excerpt: Connect Your Data Store: Credentials: Sidecar PoolIf you will use sidecars to monitor this data store, select a sidecar pool with network visibility to said data store. This field is displayed when there is at least one defined sidecar pool. To learn more, please visit our Sidecar Administration article. |
Excerpt: Connect Your Data Store 2
Click the NEXT button, which will navigate you to the next tab. On the SELECT CAP
- Click the NEXT button. The SELECT CAPABILITIES tab is displayed.
- Complete the following fields:
- Assign a Data Owner (optional): define one or more Platform Users responsible for this Data Store and its data sets.
- Which databases should Netskope One DSPM scan?: utilize the field’s picklist control to select which databases & schemas should be monitored by the Netskope One DSPM application. By default, all databases & schemas are selected.
- Features: Netskope One DSPM’s recommended feature selections will be defaulted, which you can override if desired. Some features are always-on, some are not applicable (with disabled toggles), while others may request additional configurations.
| Feature | Supported for MongoDB? |
|---|---|
| Discovery | Yes (always-on) |
| Privilege Analysis | No |
| Classification | Yes |
| Data In Use Monitoring | No |
| Automation | Yes (always-on) |
Excerpt: Connect Your Data Store 3
Click the NEXT button, which will navigate you to the next tab. On the REVIEW tab
- Click the SAVE button, which will navigate you to the next tab.
- On the REVIEW tab, Netskope One DSPM will validate your credentials and capability selections. In the event of any issues, follow the on-screen instructions to remediate the displayed warnings or errors.
- Click the SAVE button to finalize your connection.