Streaming

The integration of Data Streaming and File Lineage into the DSPM platform provides a comprehensive solution for real-time data monitoring and tracking across both cloud and on-premises data sources. This enhancement enables organizations to dynamically track file origins, data transformations and movements, and end-usage in real time, strengthening security, compliance, and auditability. By introducing these functionalities, businesses can seamlessly monitor data activities and movements across various data sources, providing up-to-date visibility over data estate and offering deeper insights into file history for e-forensics use cases and risk mitigation.

By implementing Streaming, we unlock crucial use cases such as File Lineage tracking, and Data Detection and Response capabilities, enabling real-time visibility into data activities. This also builds the foundation for anomaly detection capabilities, frequently requested by customers. For instance, scenarios like a user resetting their password, accessing confidential data, and downloading it can be quickly identified. By providing almost real-time updates and visibility into the data estate, businesses can seamlessly monitor data activities, mitigating risks and improving security.

PRECONDITION:

During cluster installation, network administrators need to open on firewall exclusion for incoming requests for path:

https://${HOST_DOMAIN}/scan-manager/external/webhooks/notification

where ${HOST_DOMAIN} it's host domain of DSPM platform installation.

Multitenency Setup

For Multitenency Seup, we need to specify ${HOST_DOMAIN} as

{{ .Values.clusterLabels.cluster_name }}.{{.Values.clusterLabels.rancher}}.app.getvisibility.com 

For Data Detection and Response (DDR) to function effectively, the callback endpoint URL must remain open and accessible beyond just the initial setup phase. DDR relies on real-time event notifications and data stream updates, continuously sent to the callback URL. If the callback endpoint is closed or restricted after setup, DDR will fail to receive critical updates, which may result in:

• Delayed or missing alerts on data access, movement, or security threats.

• Incomplete monitoring of file lineage and activities, impacting compliance and forensic investigations.

To ensure uninterrupted functionality, organisations must configure their network to allow incoming requests to the callback URL from all necessary data sources.

Additionally, for on-premise deployments, it is critical that the webhook URL is accessible by external resources to receive notifications. If external services cannot reach the callback URL, DDR will not function correctly, leading to missed event detections and security blind spots. Network administrators must ensure the necessary firewall rules and routing configurations are in place to allow external communication with the webhook.