Welcome to the Netskope One DSPM Knowledge Base

You will find your answers here!

    Sorry, we didn't find any relevant articles for you.

    Send us your queries using the form below and we will get back to you with a solution.

    Connecting to EBS Volumes Data Stores

    Table of Contents

    Overview Connect Your Data Store Supported File Types for Unstructured Data Store Scanning

    Overview

    Netskope One DSPM enables you to scan unstructured data in AWS Elastic Block Store (EBS) Volumes within EC2 Instances, supporting Discovery and Classification to detect sensitive information associated with your unstructured data accurately. Follow the instructions below to configure and connect your EBS Volumes data store. Note that you will need to manually add the permission AmazonEC2FullAccess to your AWS IAM Permissions if you haven't already while onboarding AWS.

    Connect Your Data Store

    Excerpt: Connect Your Data Store 1

    Log into the Netskope One DSPM platform. Navigate to the Data Stores > Data Store Invento

    1. Log into the Netskope One DSPM platform.
    2. Navigate to Data Stores → Data Store Inventory.
    3. Use the Discovered tab, then click the CONNECT button under Actions to connect a discovered data store. You'll immediately see the Credentials tab with some fields automatically populated.
    4. Alternately, click the CONNECT A DATA STORE button in the upper right to select a data store type and go through the data store connection UI manually.

    1. The Connect a Data Store modal is displayed, starting with the SELECT DATA STORE tab.
    2. Click on the icon for the Data Store Type you wish to connect. The modal will auto-navigate you to the next tab.
    3. On the PROVIDE CREDENTIALS tab, complete the following fields:
    Field Value
    AWS Account Name Select one of the AWS Accounts defined within the Infrastructure Connections screen. The field will default if there is just one AWS account configured.
    Data Store Identifier Friendly name to describe your data store. Your value is displayed in other Netskope One DSPM screens, such as Policy Management and Classification Management.
    Volume ID Volume ID of EBS Volume to be scanned. Obtain from your AWS S3 console.
    Sidecar Pool A new sidecar is created for each EBS volume scan, and once the scan completes, it is deleted. This sidecar is specific to EBS volumes only and cannot be manually edited or deleted.
    Auto-Scan, Scan Frequency Controls how often your Data Store is reviewed for changes; Netskope One DSPM’s recommended frequency defaults, which you can override if (desired).

    Note that AWS IAM Role is used to authenticate this data store, which was configured during Infrastructure Onboarding.

     
    1. Click the NEXT button. The Capabilities tab is displayed.
    1. Complete the following fields:
      1. Assign a Data Owner (optional): define one or more platform users responsible for this data store and its data sets.
      2. Features: Netskope One DSPM’s recommended feature selections will be defaulted, which you can override if desired. Some features are always-on and some are not applicable (with disabled toggles).
    Feature Supported for AWS EBS Volumes?
    Discovery Yes (always-on)
    Privilege Analysis No
    Shadow Data Analysis No
    Classification Yes
    Data In-Use Monitoring No
    Automation Yes (always-on)
    1. Enabling Classification for EBS volumes triggers scanning and sampling files within the volume at your specified sampling rate, defined as the percentage of files in the bucket that Netskope One DSPM receives per scan. 
      1. 1000 files maximum are retrieved per scan, regardless of sampling rate. Even at a 100% sample rate, 1000 files are sampled per scan, and the remaining unscanned files are covered in subsequent scans.
      2. All non-image file types greater than 1GB will not scan. Image files greater than 10MB will not scan.
      3. Netskope One DSPM will only re-scan files in the EBS volume that have been modified since the last scan.
      4. You can optionally also include a regular expression to indicate sampling only specific file types.
    2. Click the SAVE button, which will navigate you to the next tab.
    3. On the REVIEW tab, Netskope One DSPM will validate your credentials and capability selections. In the event of any issues, follow the on-screen instructions to remediate the displayed warnings or errors.
    4. Click the SAVE button to finalize your connection.

    Supported File Types for Unstructured Data Store Scanning

    Excerpt: Supported File Types for Unstructured Data Store Scanning

    The below file types are currently supported for unstructured data classification:

    Image Files .png, .jpeg, .jpg
    Archive Files .zip, .tar, .tar.gz
    Plain Text Files .txt, .pem, .crt, .cer, .key, .p7b, .p7c
    Other Files

    .avro, .csv, .doc, .docx, .eml, .htm, .html, .js, .json, .jsonl, .parquet, .pdf, .ppt1,  .pptx1, .tsv, .xls, .xlsx, .xml, .yaml, .yml

    1 Text portions only

    If a scanned data store contains files without an identifiable file type, “Unknown” will display within the Classifiable File Types field.

     

    Was this article helpful?

    Still can't find what you are looking for?

    Contact Netskope Technical Support