Versions Compared

Version Old Version 3 New Version 4
Changes made by

Space Sync for Confluence

Space Sync for Confluence

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
stylenone
Info

In this document we will show you how to configure a fresh deployment of Getvisibility DSPM+ product. In particular we will:

  • import role templates to Keycloak

  • enable DSPM roles for gv master user account

  • ensure group membership for gv master user account

  • run automation scripts to populate:

    • list of Departments available in Policy Center

    • list of Data Controls rules available in Controls Orchestration

0. Prerequisites

In Keycloak / GV realm / Realm settings use Partial Import to add permissions.json and rbacSetup.json as shown below. You can ignore any remarks about some entries being skipped.

...

Ensure the user account that will be used to perform all actions below is a member of GV Administrators and GV Users groups.

...

Ensure user account used has the following Realm Roles configured: ADMIN and USER

...

For the same user account you will need to ensure all DSPM Client roles have been properly assigned. Here is completed list of all roles required:

realm-admin

USER

view-users

CONNECTIONS_WRITE

DATA_REGISTER_READ

DEPARTMENTS_FULL_READ

DATA_RISK_WRITE

DEPARTMENTS_FULL_WRITE

ANALYTICS_WRITE

EXPLORE_PAGE_WRITE

PATTERN_MATCHING_WRITE

COMPLIANCE_HUB_WRITE

DATA_REGISTER_WRITE

AGENT_CONFIGURATION_WRITE

REPORTS_WRITE

TAGGING_WRITE

USER_MANAGEMENT_WRITE

COMPLIANCE_HUB_READ

ADMIN

LANGUAGE_SETTINGS_WRITE

DEPARTMENTS_PARTIAL_WRITE

DEPARTMENTS_PARTIAL_READ

Below you can see the two first from the list above - realm-admin and view-users being assigned to master user gv. You need to repeat the whole process to assign all roles listed above:

...

Note

If at this stage you will not see the role you are looking for in Keycloak then it means you made an error when running Partial Import earlier - please revisit and verify.

At the end of this process you should have 24 roles assigned to your user:

...

We are now ready to run our automation scripts.

1. Prepare the environment

Info

If you are using RedHat, CentOS, Suse Linux, then you will need to adapt the first command below to reflect package manager that your distribution is using.

For Ubuntu there is no need for this as it uses apt as default package manager.

Run the below commands one after another:

Code Block
sudo apt install jq
mkdir /tmp/scripts
cd /tmp/scripts
wget https://assets.master.k3s.getvisibility.com/dra-dashboards.tar.gz
tar -xzf dra-dashboards.tar.gz
cd data/scripts/
export GV_HOST="10.1030.4.10.1"

Replace content of GV_HOST above with the IP of the Dashboard.

2. Retrieve authentication token

Log into the Dashboard and as the user we configured previously, open Developer Tools (SHIFT+CTRL+I) and click on the Network tab as per screenshot below. Copy the value of access_token inside quotation marks to your clipboard:

...

Note

You will have roughly 5 minutes to complete below steps. After that the token expires.

...

Update jwt_token.txt file using below command, pasting the token from clipboard:

...

Code Block
bash getUsers.sh
bash setDepartments.sh
bash setDataControls.sh

4.

...

Verification

After completing the above steps, navigate to:

  • Policy CenterCompliance HubDepartments:

    • It should have HR, Finance, Marketing, Sales, InfoSec, and Engineering departments set up.

...

  • Policy CenterControls Orchestration:

    • It should have controls for:

      • New Risky Sensitive Data

      • PII Data at Risk

      • Critical Data At High Risk

      • Publicly exposed critical data to the world

      • Overshared internally critical information

      • Critical information shared with 3rd parties

      • PII Files Older than 3 years

      • Externally Shared Data not updated in 1 year

      • Valuable IP Exposure

      • Trade Secret Exposure

...

Info

Our environment is now ready to use.

5. Troubleshooting

5.1 Departments are not populated

You will need to execute the runbook again. Most likely there is an issue with the auth tokenConfirm that your master user account is a member of GV Administrators and GV Users group.

Confirm that all the required roles have been assigned to your master user account.

Continue from step 2.

5.2 No controls in Controls Orchestration

...

Code Block
bash setDataControls.sh

After that jump to step 4.