Welcome to the Netskope One DSPM Knowledge Base

You will find your answers here!

    Sorry, we didn't find any relevant articles for you.

    Send us your queries using the form below and we will get back to you with a solution.

    Connecting to Azure Databricks Data Stores

    Table of Contents

    Overview Create an Azure Databricks Service Account Create and Configure Netskope One DSPM User Generate the Access Token Configure the Azure Databricks Cluster Connect Your Data Store

    Overview

    Netskope One DSPM supports scanning of Azure Databricks Data Stores. Follow these instructions to prepare your Azure Databricks environment and connect it to the Netskope One DSPM platform.

    Create an Azure Databricks Service Account

    Netskope One DSPM requires programmatic access to connect to and scan your Azure Databricks Data Stores, including assigning specific user permissions. Please follow the steps below to create the necessary configurations within the Azure Databricks console.

    More information about creating Azure Databricks users is available here.

    Creating a Netskope One DSPM-specific service account will require a dedicated email account to use during configuration. Please work with your organization to have this made available before continuing.

     

    Create and Configure Netskope One DSPM User

    Begin by accessing your Azure Databricks workspace from your Azure portal, then clicking on the Azure Databricks icon. 

    1. Click on the name of the Azure Databricks Service on the left hand side. 
    2. Click the Launch Workspace button to launch your Azure Databricks console.

    Take the following steps within your Azure Databricks console to create and configure a Netskope One DSPM-specific service account. Ensure you are logged in as an admin user.

    1. From the upper right dropdown next to your email, navigate to Admin Settings
    2. You'll see a list of usernames and their permissions on the Users tab.
    3. Click the Add user button. 
    4. The Add User modal is displayed.
    5. Complete the Email field, using the value that corresponds to the Netskope One DSPM-specific user.  
    6. Click the OK button.
    7. When the invitation arrives at the specified email address, click the link to accept the invitation.
    8. Navigate back to Admin Settings.
    9. On the Users tab, for the user you just added, grant the following permissions:
      1. Workspace access
      2. Databricks SQL access 

    1. Navigate to the Workspace Settings tab.
    1. Under the Access Control section > Personal Access Tokens section
      1. Ensure that the section is enabled.
      2. Click on the Permission Settings button.
    2. The Permission Settings modal is displayed.
    3. Add the above Netskope One DSPM-specific username to the list and grant the “Can Use” permission by clicking the + Add button.
    4. Click the Save button. 

    Generate the Access Token

    Next, you will use the Netskope One DSPM-specific service account to generate the access token that Netskope One DSPM requires for connecting to your Azure Databricks instance.

    1. Log back into your Azure Databricks instance using the first steps in the Create and Configure Netskope One DSPM User section above.
      1. Log in as the Netskope One DSPM-specific service account which was created above.
    2. From the upper right dropdown next to your email, click User Settings
    3. The Access tokens tab of the User Settings screen is displayed.
    4. Click the Generate new token button.
    5. The Generate New Token modal is displayed
    6. Complete the following fields:
      1. Comment: any value, although it is recommended you note it is used by Netskope One DSPM
      2. Lifetime (days): any value, including blank (indefinite)
    7. Make note of the generated token, which will later be used within Netskope One DSPM for connecting your Azure Databricks Data Stores
    8. Click the Done button.

    Configure the Azure Databricks Cluster

    1. Within your Azure Databricks instance, hover over the D icon in the upper left and click Compute.
    2. Click on the name of the cluster being used by Netskope One DSPM to view its details.
    3. On the top-right, click the More... button, then select Permissions.
    4. The Permission Settings modal is displayed.
    5. Add the above Netskope One DSPM-dedicated username to the list & grant the “Can Manage” permission.
    6. Click the Save button.                                                    
    7. On the Configuration tab, click the arrow to the right of Advanced Options to expand its contents.
    8. Within the expanded contents, click the JDBC/ODBC tab.
    9. Make note of the following highlighted portions, which will later be used within Netskope One DSPM for connecting your Azure Databricks Data Stores:
    Highlight Color Corresponding Netskope One DSPM Value Example
    Blue Server
    Grey HTTP Path

    Connect Your Data Store

    Excerpt: Connect Your Data Store 1

    Log into the Netskope One DSPM platform. Navigate to the Data Stores > Data Store Invento

    1. Log into the Netskope One DSPM platform.
    2. Navigate to Data Stores → Data Store Inventory.
    3. Use the Discovered tab, then click the CONNECT button under Actions to connect a discovered data store. You'll immediately see the Credentials tab with some fields automatically populated.
    4. Alternately, click the CONNECT A DATA STORE button in the upper right to select a data store type and go through the data store connection UI manually.

    1. The Connect a Data Store modal is displayed, starting with the SELECT DATA STORE tab.
    2. Click on the icon for the Data Store Type you wish to connect. The modal will auto-navigate you to the next tab.
    3. On the PROVIDE CREDENTIALS tab, complete the following fields:
    Field Value
    Data Store Identifier Friendly name to describe this Data Store. Your value is displayed in other Netskope One DSPM screens such as Policy Management and Classification Management.
    Server Enter the Server Path value from the Configure the Azure Databricks Cluster step above.
     
    HTTP Path Enter the corresponding value from the  Configure the Databricks Cluster step above.
     
    Username (Email) / Service Principal Application ID Enter the email address for the Netskope One DSPM-dedicated user created in the Create and Configure Netskope One DSPM User sub-step above.  Alternatively, enter any existing Service Principal Application ID.
    Token

    Enter the corresponding value from the  Generate Access Token sub-step above, or the token associated with the Service Principal Application ID provided.
     

    If your token is configured to eventually expire, in the future you will need to generate a fresh token then update these configurations within Netskope One DSPM in order for the platform to continue scanning your Databricks Data Stores.
    Scan Frequency Controlling how often your Data Store is reviewed for changes, Netskope One DSPM’s recommended frequency is defaulted, which you can override if (desired).
    Sidecar Pool

    Excerpt: Connect Your Data Store: Credentials: Sidecar Pool

    If you will use sidecars to monitor this data store, select a sidecar pool with network visibility to said data store. This field is displayed when there is at least one defined sidecar pool.

    To learn more, please visit our Sidecar Administration article.

    Excerpt: Connect Your Data Store 2

    Click the NEXT button, which will navigate you to the next tab. On the SELECT CAP

    1. Click the NEXT button. The SELECT CAPABILITIES tab is displayed.
    2. Complete the following fields:
    • Assign a Data Owner (optional): define one or more Platform Users responsible for this Data Store and its data sets.
    • Which databases should Netskope One DSPM scan?: utilize the field’s picklist control to select which databases & schemas should be monitored by the Netskope One DSPM application. By default, all databases & schemas are selected.
    • Features: Netskope One DSPM’s recommended feature selections will be defaulted, which you can override if desired. Some features are always-on, some are not applicable (with disabled toggles), while others may request additional configurations.
    Feature Supported for Azure Databricks?
    Discovery Yes (always-on)
    Privilege Analysis No
    Shadow Data Analysis No
    Classification Yes
    Data In Use Monitoring Yes (custom query logs only)
    Automation Yes (always-on)

    Excerpt: Connect Your Data Store 3

    Click the NEXT button, which will navigate you to the next tab. On the REVIEW tab

    1. Click the SAVE button, which will navigate you to the next tab.
    2. On the REVIEW tab, Netskope One DSPM will validate your credentials and capability selections. In the event of any issues, follow the on-screen instructions to remediate the displayed warnings or errors.
    3. Click the SAVE button to finalize your connection.

    Was this article helpful?

    Still can't find what you are looking for?

    Contact Netskope Technical Support