Snowflake Credentials
Service Name: Snowflake
Service Description: Snowflake is a cloud-based data warehousing platform that provides a solution for data storage, processing, and analytic solutions. It separates compute from storage, allowing users to scale resources independently.
Service Address: https://www.snowflake.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the network policy level in Snowflake to control access to Snowflake accounts.
Secret Access Scope: Grants access to Snowflake data warehouses, databases, schemas, and tables based on the user's role permissions.
Secret Revokement URL: https://docs.snowflake.com/en/user-guide/admin-user-management.html#resetting-a-password-for-another-user
Secret Example: username:password@account.snowflakecomputing.com/database
Suspicious Activity Investigation Instructions:
- Review Snowflake's account usage views to identify unusual query patterns or data access
- Check login history for unusual access times or locations using SNOWFLAKE.ACCOUNT_USAGE.LOGIN_HISTORY
- Monitor for large data exports or unusual warehouse usage patterns
- Review query history for unauthorized data access attempts
- Check for changes to user roles or permissions
Mitigation Instructions:
-
Immediately reset the compromised user's password in the Snowflake console
-
Revoke and rotate any OAuth tokens or keys associated with the account
- Review and adjust the user's role permissions to limit access if needed
- Enable multi-factor authentication for the affected user account
- Update network policies to restrict access to trusted IP addresses
- Review warehouse usage limits to prevent resource abuse
- Consider implementing Snowflake's column-level security for sensitive data
- Enable Snowflake's access history tracking for better auditing capabilities