Skip to content

Snowflake Generic Credentials

Service Name: Snowflake

Service Description: Snowflake is a cloud-based data warehousing platform that provides a complete solution for data storage, processing, and analytics. It separates compute from storage to enable users to scale resources independently.

Service Address: https://www.snowflake.com/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants access to Snowflake data warehouse resources including databases, schemas, tables, and stored procedures.

Secret Revokement URL: https://docs.snowflake.com/en/user-guide/security-access-control-overview#managing-passwords

Secret Example: user=jsmith&password=Ab123Cde456&account=xy12345.us-east-1&warehouse=COMPUTE_WH&role=ANALYST

Suspicious Activity Investigation Instructions:

  • Review Snowflake account usage history for unusual query patterns or data access
  • Check login history for unauthorized IP addresses or unusual login times
  • Examine data transfer patterns for unusual volume or destinations
  • Review role and privilege assignments for unauthorized changes
  • Check for newly created users or altered user permissions

Mitigation Instructions:

  • Immediately change the compromised user's password in the Snowflake console
  • Revoke and rotate any session tokens associated with the compromised account
  • Review and restrict the user's role permissions if necessary
  • Enable multi-factor authentication for the account if not already enabled
  • Update IP allowlists to restrict access to trusted networks only
  • Review query history to identify and remediate any potential data exfiltration