Snowflake Generic Credentials
Service Name: Snowflake
Service Description: Snowflake is a cloud-based data warehousing platform that provides a complete solution for data storage, processing, and analytics. It separates compute from storage to enable users to scale resources independently.
Service Address: https://www.snowflake.com/
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants access to Snowflake data warehouse resources including databases, schemas, tables, and stored procedures.
Secret Revokement URL: https://docs.snowflake.com/en/user-guide/security-access-control-overview#managing-passwords
Secret Example: user=jsmith&password=Ab123Cde456&account=xy12345.us-east-1&warehouse=COMPUTE_WH&role=ANALYST
Suspicious Activity Investigation Instructions:
- Review Snowflake account usage history for unusual query patterns or data access
- Check login history for unauthorized IP addresses or unusual login times
- Examine data transfer patterns for unusual volume or destinations
- Review role and privilege assignments for unauthorized changes
- Check for newly created users or altered user permissions
Mitigation Instructions:
- Immediately change the compromised user's password in the Snowflake console
- Revoke and rotate any session tokens associated with the compromised account
- Review and restrict the user's role permissions if necessary
- Enable multi-factor authentication for the account if not already enabled
- Update IP allowlists to restrict access to trusted networks only
- Review query history to identify and remediate any potential data exfiltration