Overview
Netskope One DSPM supports scanning AWS RDS Oracle Data Stores. Follow these instructions to set up your AWS RDS Oracle database and configure its connection to Netskope One DSPM.
Authenticate Data Store
There are two methods for authenticating RDS and Aurora data stores: Snapshots or Service Account.
Using Snapshots
Snapshots are quicker and simpler, spinning up a secure copy of the data store for Netskope One DSPM to scan without needing to create a Service Account. This copy exists only within your Netskope One DSPM instance, and Netskope One DSPM does not store any associated data. It's encrypted and then immediately spun down, so there are no lingering data copies. Please note that spinning up the data store copy can cause the scan initiation process can take several hours.
The following features are not supported when authenticating via Snapshot:
- Privilege Analysis
- Data-in-use monitoring
- Database selection
- Sample data collection
Ensure you've enabled data store Snapshots access during AWS Infrastructure onboarding. For already onboarded accounts, you must manually add permission AmazonRDSFullAccess in the AWS Console.
Once connected, data classification in the data store runs via Snapshot, which appears on the Data Store Inventory page as a small layered square note icon to the right of the hyperlinked data store name. You can later edit the data store and turn off Snapshots, at which point a Service Account will be required to authenticate the data store.
Using a Netskope One DSPM Service Account
Authenticating the data store via service account requires additional configuration steps within AWS and may involve additional administrative support, as outlined below. Service account authentication enables access to all supported capabilities within Netskope One DSPM.
Begin by configuring an AWS RDS Oracle service account which will be dedicated to Netskope One DSPM’s use.
The following steps may require the assistance of your local database administrator.
- As an administrator, log into your AWS RDS Oracle database using these AWS instructions.
- Create the Netskope One DSPM-specific RDS Oracle user by executing the following commands in order:
| Command | Outcome | Notes |
|---|---|---|
|
Creates the Netskope One DSPM-specific user. |
Substitute dasera_user and dasera_password with your own preferred values. @'%' creates a user which supports remote connection. As an alternative, substitute it with @'#.#.#.#' to allow a specific IP address. |
|
Grants to the Netskope One DSPM-specific user the required permissions which power capabilities within the Netskope One DSPM platform. | Substitute dasera_user with the value used above. |
Authenticating via a Service Account may take longer to complete the connection and scan, and most capabilities are supported, depending on the specific data store. See the bottom table for specific feature support.
Retrieve Connection Information
In addition to authenticating the data store, Netskope One DSPM will require additional information to communicate with your AWS RDS Oracle database. Please follow the steps below to identify the connection values for later use within Netskope One DSPM.
- Click this link to log into your AWS RDS Console, which will navigate you to the RDS service.
- Under Amazon RDS in the left-hand menu, navigate to Databases.
- For the database you wish Netskope One DSPM to scan, click its link in the DB Identifier column.
- In the Connectivity & Security section, make note of the following values:
| Highlight Color | Corresponding Netskope One DSPM Value | Example |
| Blue (Endpoint) | Data Store Endpoint |  |
| Grey (Port) | Data Store Endpoint |  |
5. In the Configuration section, make note of the following value:
| Highlight Color | Corresponding Netskope One DSPM Value | Example |
| Blue (SID or SERVICE_NAME) | Data Store Endpoint |  |
*By default, the SERVICE_NAME or SID value for an RDS for Oracle instance is ORCL.
Connect Your Data Store
Excerpt: Connect Your Data Store 1
Log into the Netskope One DSPM platform. Navigate to the Data Stores > Data Store Invento
- Log into the Netskope One DSPM platform.
- Navigate to Data Stores → Data Store Inventory.
- Use the Discovered tab, then click the CONNECT button under Actions to connect a discovered data store. You'll immediately see the Credentials tab with some fields automatically populated.
- Alternately, click the CONNECT A DATA STORE button in the upper right to select a data store type and go through the data store connection UI manually.
- The Connect a Data Store modal is displayed, starting with the SELECT DATA STORE tab.
- Click on the icon for the Data Store Type you wish to connect. The modal will auto-navigate you to the next tab.
- On the PROVIDE CREDENTIALS tab, complete the following fields:
| Field | Value |
|---|---|
| Select AWS Account | Select one of the AWS Accounts defined within the Infrastructure Section screen. The field will default if there is just one AWS account configured. |
| Data Store Identifier | Human-friendly name to describe this Data Store. This value displays in other Netskope One DSPM screens such as Policy Management and Classification Management. |
| Data Store Endpoint |
Enter the corresponding values from the Retrieve Connection Information step above, including:
Netskope One DSPM’sThe complete endpoint format is either endpoint:port:SID or endpoint:port/service_name, replacing SID or service_name with their actual values. |
| Database Username (if Service Account) | Enter the corresponding value from the Using a Netskope One DSPM Service Account step above. |
| Password (if Service Account) | Enter the corresponding value from the Using a Netskope One DSPM Service Account step above. |
| Scan Frequency | Controls how often your Data Store is reviewed for changes; Netskope One DSPM’s recommended frequency is defaulted, which you can override as needed. |
| Sidecar Pool |
If you will use sidecars to monitor this data store, select a sidecar pool with network visibility to said data store. This field is displayed when there is at least one defined sidecar pool. To learn more, please visit our Sidecar Administration article. |
Excerpt: Connect Your Data Store 2
Click the NEXT button, which will navigate you to the next tab. On the SELECT CAP
- Click the NEXT button. The SELECT CAPABILITIES tab is displayed.
- Complete the following fields:
- Assign a Data Owner (optional): define one or more Platform Users responsible for this Data Store and its data sets.
- Which databases should Netskope One DSPM scan?: utilize the field’s picklist control to select which databases & schemas should be monitored by the Netskope One DSPM application. By default, all databases & schemas are selected.
- Features: Netskope One DSPM’s recommended feature selections will be defaulted, which you can override if desired. Some features are always-on, some are not applicable (with disabled toggles), while others may request additional configurations.
| Capability | Supported for AWS RDS Oracle via Service Account | Supported for AWS RDS Oracle via Snapshots |
|---|---|---|
| Discovery | Yes (always-on) | Yes |
| Privilege Analysis | Yes | No |
| Shadow Data Analysis | No | No |
| Classification | Yes | Yes |
| Data In Use Monitoring | No | No |
| Automation | Yes (always-on) | Yes |
Excerpt: Connect Your Data Store 3
Click the NEXT button, which will navigate you to the next tab. On the REVIEW tab
- Click the SAVE button, which will navigate you to the next tab.
- On the REVIEW tab, Netskope One DSPM will validate your credentials and capability selections. In the event of any issues, follow the on-screen instructions to remediate the displayed warnings or errors.
- Click the SAVE button to finalize your connection.