Welcome to the Netskope One DSPM Knowledge Base

You will find your answers here!

    Sorry, we didn't find any relevant articles for you.

    Send us your queries using the form below and we will get back to you with a solution.

    Connecting to Self-Managed PostgreSQL Data Stores

    Table of Contents

    Overview Create a Netskope One DSPM Service Account Excerpt: PostgreSQL: Create Service Account: Manual Retrieve Connection Information Connect Your Data Store Excerpt: Connect Your Data Store: Credentials: Sidecar Pool

    Overview

    Netskope One DSPM supports scanning self-managed PostgreSQL data stores. Follow these instructions to set up your self-managed PostgreSQL database and configure its connection to Netskope One DSPM.

    Create a Netskope One DSPM Service Account

    Excerpt: PostgreSQL: Create Service Account: Manual

    Begin by configuring a PostgreSQL service account, which will be dedicated to Netskope One DSPM’s use.  There are two approaches you can use for configuring this service account:

    User Type Benefits Drawbacks
    Super User (Netskope One DSPM-recommended) Can automatically access new schemas and databases as they are created. Some customers are not comfortable with granting super user access.
    Non-Super User Useful for customers who wish to grant Netskope One DSPM access to only the data within scanning scope. Must be explicitly granted access to new schemas and databases.

    Super User (Netskope One DSPM-recommended)

    1. As an administrator, log into your PostgreSQL database's shell using these AWS instructions.
    2. Create the Netskope One DSPM-specific PostgreSQL user by executing the following commands in order, depending on the user type you wish to create:
    Command Outcome Notes 
    CREATE USER dasera_user WITH PASSWORD 'dasera_password' LOGIN;
    		 Creates the Netskope One DSPM-specific user. Substitute dasera_user and dasera_password with your own preferred values. 
    GRANT rds_superuser TO dasera_user;
    		Grants to the Netskope One DSPM-specific user the required permissions which power capabilities within the Netskope One DSPM platform. Substitute dasera_user with your own preferred values.
     
     

    Non-Super User

    1. As an administrator, log into your PostgreSQL database's shell using these AWS instructions.
    2. Create the Netskope One DSPM-specific PostgreSQL user by executing the following commands in order, depending on the user type you wish to create:
    Command Outcome Notes 
    CREATE USER dasera_user WITH PASSWORD 'dasera_password' LOGIN;
    		Creates the Netskope One DSPM-specific user. Substitute dasera_user and dasera_password with your own preferred values. 
    GRANT SELECT ON ALL TABLES IN SCHEMA public TO dasera_user;
    		Grants to the Netskope One DSPM-specific user the required permissions which power capabilities within the Netskope One DSPM platform.

    Substitute dasera_user with your own preferred values.

    This command must be run for each schema or database you wish Netskope One DSPM to scan.

    		 
    ALTER DEFAULT PRIVILEGES GRANT SELECT ON TABLES TO dasera_user;
    		Lets the Netskope One DSPM-specific user access any new tables added in the future, for schemas and databases they can access. Substitute dasera_user with your own preferred values. 

    This command must be run for each schema or database you wish Netskope One DSPM to scan. 
     
     
     

    Retrieve Connection Information

    In addition to configuring a service account, Netskope One DSPM will require additional information to communicate with your self-managed PostgreSQL database. Please follow the steps below to identify the connection values for later use within Netskope One DSPM.

    Corresponding Netskope One DSPM Value Details
    Endpoint Enter either the IP address or DNS name for your PostgreSQL instance, used to create the service account above.

    Connect Your Data Store

    Excerpt: Connect Your Data Store 1

    Log into the Netskope One DSPM platform. Navigate to the Data Stores > Data Store Invento

    1. Log into the Netskope One DSPM platform.
    2. Navigate to Data Stores → Data Store Inventory.
    3. Use the Discovered tab, then click the CONNECT button under Actions to connect a discovered data store. You'll immediately see the Credentials tab with some fields automatically populated.
    4. Alternately, click the CONNECT A DATA STORE button in the upper right to select a data store type and go through the data store connection UI manually.

    1. The Connect a Data Store modal is displayed, starting with the SELECT DATA STORE tab.
    2. Click on the icon for the Data Store Type you wish to connect. The modal will auto-navigate you to the next tab.
    3. On the PROVIDE CREDENTIALS tab, complete the following fields:
    Field Value
    Data Store Identifier Provide a friendly name to describe this Data Store. Your value is displayed in other Netskope One DSPM screens such as Policy Management and Classification Management.
    Data Store Endpoint

    Enter the corresponding value from the Retrieve Connection Information step above, plus the port number and database name. For example, for a Public IP address like 1.2.3.4 and database named "example_db", you would enter 1.2.3.4:5432/example_db.

    5432 is the default PostgreSQL port number. If you are using a custom port number, be sure to substitute it here.

     
    Database Username Enter the corresponding value from the Create a Netskope One DSPM Service Account step above.
    Password Enter the corresponding value from the Create a Netskope One DSPM Service Account step above.
    Scan Frequency Controls how often your Data Store is reviewed for changes. Netskope One DSPM’s recommended frequency is defaulted, which you can override if (desired).
    Sidecar Pool

    Excerpt: Connect Your Data Store: Credentials: Sidecar Pool

    If you will use sidecars to monitor this data store, select a sidecar pool with network visibility to said data store. This field is displayed when there is at least one defined sidecar pool.

    To learn more, please visit our Sidecar Administration article.

    Excerpt: Connect Your Data Store 2

    Click the NEXT button, which will navigate you to the next tab. On the SELECT CAP

    1. Click the NEXT button. The SELECT CAPABILITIES tab is displayed.
    2. Complete the following fields:
    • Assign a Data Owner (optional): define one or more Platform Users responsible for this Data Store and its data sets.
    • Which databases should Netskope One DSPM scan?: utilize the field’s picklist control to select which databases & schemas should be monitored by the Netskope One DSPM application. By default, all databases & schemas are selected.
    • Features: Netskope One DSPM’s recommended feature selections will be defaulted, which you can override if desired. Some features are always-on, some are not applicable (with disabled toggles), while others may request additional configurations.
    Capability Supported for self-managed PostgreSQL Data Stores
    Discovery N/A
    Configuration Analysis N/A
    Privilege Analysis Yes (database user & role retrieval only)
    Shadow Data Analysis Yes
    Classification Yes
    Data-In-Use Monitoring Yes (Custom Query Logs only)
    Automation Yes (always-on)

    Excerpt: Connect Your Data Store 3

    Click the NEXT button, which will navigate you to the next tab. On the REVIEW tab

    1. Click the SAVE button, which will navigate you to the next tab.
    2. On the REVIEW tab, Netskope One DSPM will validate your credentials and capability selections. In the event of any issues, follow the on-screen instructions to remediate the displayed warnings or errors.
    3. Click the SAVE button to finalize your connection.

    Was this article helpful?

    Still can't find what you are looking for?

    Contact Netskope Technical Support