Skip to content

Snowflake ODBC

Service Name: Snowflake

Service Description: Snowflake is a cloud-based data warehousing platform that provides a complete solution for data storage, processing, and analytics. It separates compute from storage to enable customers to scale resources independently.

Service Address: https://www.snowflake.com/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants access to Snowflake data warehouse resources through ODBC connections.

Secret Revokement URL: https://docs.snowflake.com/en/user-guide/admin-user-management

Secret Example: Driver={SnowflakeDSIIDriver};Server=xy12345.snowflakecomputing.com;UID=username;PWD=password123;Warehouse=COMPUTE_WH;Role=ACCOUNTADMIN;

Suspicious Activity Investigation Instructions:

  • Review Snowflake account history for unusual login attempts or query patterns
  • Check for unauthorized warehouse usage or unexpected resource consumption
  • Monitor for unusual data access patterns or large data exports
  • Examine query history for suspicious operations like mass data deletion or schema changes
  • Verify IP addresses of recent connections against expected access locations

Mitigation Instructions:

  • Immediately reset the user password associated with the ODBC connection
  • Revoke and rotate all access tokens for the affected user
  • Update connection strings in all applications using the compromised credentials
  • Review and restrict user permissions to minimum required access
  • Enable network policies to restrict access to trusted IP addresses
  • Enable multi-factor authentication if available
  • Monitor account for any continued suspicious activity