Detect with Discover: Onboarding Guide
Requirement:
Snowflake Enterprise Edition or higher
Native SDD and classification frameworks enabled in Immuta. If you do not know if they are enabled, collaborate with your Immuta representative to turn on native SDD and classification frameworks in your Immuta tenant.
Prerequisites
Users and Data Sources have been registered in Immuta:
Snowflake tables registered as Immuta data sources
Snowflake users registered in Immuta
Sensitivity shown for Snowflake only
Currently, Detect only supports filtering by tag and showing sensitivity of audit records for Snowflake.
Overview
This onboarding process is recommended for organizations that have not tagged any sensitive data yet. Immuta will identify, classify, and tag your data. After you are fully onboarded, you will see Detect dashboards with information on your organization's data use and data sensitivity, and the Discover data inventory dashboard will show details about the data that was scanned.
Configuration steps
Enable sensitive data discovery (SDD): SDD will sample and tag your data based on the sensitive data detected. These tags are necessary for the classification framework tags in step 2 to be applied.
Activate Immuta's built-in frameworks: Once you activate the Data Security Framework and the Risk Assessment Framework, they will tag your data with classification tags. Specific classification tags contain the metadata required to assign your data sensitivity levels.
Adjust or accept entity and classification tags: After SDD and classification frameworks have been enabled and run, it may be necessary to adjust the output tags based on your organization's data, security, and compliance needs.
Grant permissions: Grant the appropriate users the
AUDIT
permission to view Immuta Detect dashboards.View Immuta Detect: Once all tags are correctly applied, the Detect dashboards will reflect accurate audit information. Navigate through Immuta Detect and explore the dashboards that visualize the sensitive data in your data environment.
Next steps
After you are happy with the Detect dashboards on the select data sources you enabled, you can integrate Detect with more of your data environment.
Enable SDD for all data sources: If you already had SDD enabled before starting Detect onboarding, skip this step. Once you are satisfied with the SDD tags and classification tags applied to your selected data sources, and the classification tags look correct, you should enable SDD for all data sources. This will add entity and classification tags to the rest of the data sources within your environment. You can choose to run SDD on all data sources, or run another payload with just a select few to gradually onboard the rest of your tables.