The Netskope One DSPM SaaS platform collects necessary metadata to ensure you have complete visibility into your full data lifecycle, to automate and optimize security and governance.
Netskope One DSPM receives the following types of metadata:
- Schema
- Classification results
- User roles and access policies
- Query logs*
Samples used for classification remain within your network and are never shared with the Netskope One DSPM application. Application data is encrypted both at rest and in motion. Netskope One DSPM does not store any sensitive customer data in its database. Only metadata required for the application's logical interface is stored (eg. classification results and tags, application configuration, policies, and alerts).
Metadata examples below:
Schema information
{
"tableName": "users",
"path": "dev.public",
"rowCount": 25343
},
{
"tableName": "sales",
"path": "dev.public",
"rowCount": 152343
}
...
Classification results
{
"fieldName": "id",
"path": "dev.public.users",
"sqlType": "integer",
"classification": "Not Sensitive"
},
{
"fieldName": "first_name",
"path": "dev.public.users",
"sqlType": "varchar",
"classification": "Name"
},
{
"fieldName": "addr_1",
"path": "dev.public.users",
"sqlType": "varchar",
"classification": "Address"
}
...
User roles and access policies
{
"username": "lbradshaw",
"roles": ["all_users", "citadel_role"],
"readAccess": ["dev.public", "dev.citadel"],
},
{
"username": "htsang",
"roles": ["eng"],
"readAccess": ["dev.public.eng_table"]
}
{
"username": "amodine",
"roles": ["sys:operator", "sys:dba"],
"readAccess": ["dev.public", "dev.citadel"]
"writeAccess": ["dev.public", "dev.citadel"]
},
...
Query logs
{
"query": "SELECT * FROM users",
"timestamp": "06-28-2023 14:31:50",
"rowsReturned": 25343,
"username": "lbradshaw"
},
{
"query": "SELECT COUNT(*) FROM sales where id = 5",
"timestamp": "06-26-2023 12:31:40",
"rowsReturned": 1,
"username": "amodine"
}
...
* Query logs are collected only if Data-in Use Monitoring is enabled for the data store.