Overview
Netskope One DSPM supports scanning self-managed MySQL data stores. Follow these instructions to set up your self-managed MySQL database and configure its connection to Netskope One DSPM.
Create a Netskope One DSPM Service Account
Begin by configuring a MySQL service account, which will be dedicated to Netskope One DSPM’s use. The following instructions apply to all of the cloud infrastructure solutions listed above.
The following steps may require the assistance of your local database administrator.
- As an administrator, log into your MySQL database's shell.
- Create the Netskope One DSPM-specific MySQL user by executing the following commands in order:
| Command | Outcome | Notes |
|---|---|---|
|
Creates the Netskope One DSPM-specific user. |
Substitute dasera_user and dasera_password with your own preferred values. @'%' creates a user which supports remote connection. As an alternative, substitute it with @'#.#.#.#' to allow a specific IP address. |
|
Grants to the Netskope One DSPM-specific user the required permissions which power capabilities within the Netskope One DSPM platform. |
Substitute dasera_user with the value used above. *.* means “on all schemas, in all tables in those schemas”, and it applies to future tables and schemas as well. |
Retrieve Connection Information
In addition to configuring a service account, Netskope One DSPM will also require additional information to communicate with your self-managed MySQL database. Please follow the steps below to identify the connection values for later use within Netskope One DSPM.
| Corresponding Netskope One DSPM Value | Details |
|---|---|
| Endpoint | Enter either the IP address or DNS name for your Self-Managed MySQL instance, used to create the service account above. This can be found by running ipconfig.exe from the instance's CLI and parsing its output. |
You can alternatively authenticate this data store using AWS Secrets Manager instead of a username and password.
Connect Your Data Store
Excerpt: Connect Your Data Store 1
Log into the Netskope One DSPM platform. Navigate to the Data Stores > Data Store Invento
- Log into the Netskope One DSPM platform.
- Navigate to Data Stores → Data Store Inventory.
- Use the Discovered tab, then click the CONNECT button under Actions to connect a discovered data store. You'll immediately see the Credentials tab with some fields automatically populated.
- Alternately, click the CONNECT A DATA STORE button in the upper right to select a data store type and go through the data store connection UI manually.
- The Connect a Data Store modal is displayed, starting with the SELECT DATA STORE tab.
- Click on the icon for the Data Store Type you wish to connect. The modal will auto-navigate you to the next tab.
- On the PROVIDE CREDENTIALS tab, complete the following fields:
| Field | Value |
|---|---|
| Data Store Identifier | Friendly name to describe this Data Store. Your value is displayed in other Netskope One DSPM screens such as Policy Management and Classification Management. |
| Data Store Endpoint | IP address or DNS name for the database, as described in Retrieve Connection Information section above. This entry contains a port number if the database is accessible on a non-default port. eg. 10.5.25.5:4576 |
| Authentication Method | Select AWS Secrets Manager or Username / Password authentication. |
| Secret ARN | If using AWS Secrets Manager authentication, enter Secret ARN obtained from AWS Secrets Manager. |
| Username | Enter the corresponding value from the prior section above. |
| Password | Enter the corresponding value from the prior section above. |
| Scan Frequency | Controls how often your Data Store is reviewed for changes, Netskope One DSPM’s recommended frequency is defaulted, which you can override (if desired). |
Excerpt: Connect Your Data Store 2
Click the NEXT button, which will navigate you to the next tab. On the SELECT CAP
- Click the NEXT button. The SELECT CAPABILITIES tab is displayed.
- Complete the following fields:
- Assign a Data Owner (optional): define one or more Platform Users responsible for this Data Store and its data sets.
- Which databases should Netskope One DSPM scan?: utilize the field’s picklist control to select which databases & schemas should be monitored by the Netskope One DSPM application. By default, all databases & schemas are selected.
- Features: Netskope One DSPM’s recommended feature selections will be defaulted, which you can override if desired. Some features are always-on, some are not applicable (with disabled toggles), while others may request additional configurations.
| Capability | Supported for self-managed MySQL Data Stores |
|---|---|
| Discovery | No |
| Configuration Analysis | Yes |
| Privilege Analysis | Yes (MySQL version 8.0 or higher required) |
| Shadow Data Analysis | Yes |
| Classification | Yes |
| Data In Use Monitoring |
Yes Excerpt: MySQL Query Logging Performance ImpactsEnabling query logging on a MySQL database may impact its performance. Once you have completed these configurations, closely monitor your database along with any pipelines / applications that are dependent on it. |
| Automation | Yes (always-on) |
Excerpt: Connect Your Data Store 3
Click the NEXT button, which will navigate you to the next tab. On the REVIEW tab
- Click the SAVE button, which will navigate you to the next tab.
- On the REVIEW tab, Netskope One DSPM will validate your credentials and capability selections. In the event of any issues, follow the on-screen instructions to remediate the displayed warnings or errors.
- Click the SAVE button to finalize your connection.