1. Home
2. Templates
3. Snowflake Security Checkup

Snowflake Security Checkup

• Snowflake Database Anomaly Detection and Security Monitoring
• Key Benefits
• Important Notes
• Guide: Creating a Snowflake Account with Specific Rights

Use the Snowflake Security Checkup template to detect anomalies and suspicious activity in query and login logs. These tables are carefully crafted to identify potential security threats and unusual behavior within your systems.

Snowflake Database Anomaly Detection and Security Monitoring

This template provides a comprehensive solution for detecting anomalies, monitoring user activity, and enhancing security within your Snowflake database. It includes a set of predefined queries that allow you to gain insights into potential security threats, track unusual behavior, and monitor errors across your Snowflake environment.

Here’s what this template offers:

1. Anomaly Detection in Database Access
This query detects anomalies in database access patterns by analyzing user interactions with the database. It identifies outliers by calculating the average and standard deviation of daily new resource accesses, helping you spot unusual activity that could indicate a security threat or operational issue.

2. Daily Error Statistics by User
Monitor and analyze the frequency of errors generated by users in your Snowflake environment. This query provides daily error statistics, highlighting users with a high error rate, which could indicate potential misuse or areas that require further attention.

3. Attack Tools Detection
Identify sessions using known attack tools or suspicious environments. This query scans for sessions initiated by specific applications or operating systems that may be indicative of unauthorized access attempts or malicious activity.

4. Grant Admin Privileges Monitoring
Keep track of administrative privilege grants within your Snowflake account. This query detects and logs any GRANT statements that assign critical roles like ACCOUNTADMIN, SECURITYADMIN, or SYSADMIN, ensuring you have visibility into changes in user privileges.

5. URL Exfiltration via Remote Locations
Detect potential data exfiltration by identifying queries that use COPY INTO commands to export data to external storage locations like S3, GCS, or Azure. This query extracts and logs the URLs involved, helping you monitor and secure data transfers.

6. Additional Monitoring and Security Queries
The template also includes various other queries designed to enhance security monitoring and provide deeper insights into the activities within your Snowflake environment.

Key Benefits

The key benefits that the Snowflake Security Checkup template offers are:

• Enhanced Security: Quickly identify and respond to potential security threats.
• Operational Insights: Gain visibility into unusual activity and operational errors.
• Compliance Monitoring: Ensure that sensitive operations, such as granting admin privileges, are tracked and audited.

This template is ideal for security teams, database administrators, and anyone responsible for maintaining the integrity and security of a Snowflake environment. Deploy this template to stay ahead of potential risks and maintain a secure and well-monitored database.

Important Notes

While using this template, please keep the following in mind:

• No Multitenancy Support: This template is designed for single-tenant use only and does not support multitenant projects or workspaces.
• Requires an Existing Snowflake Database: You must provide your own Snowflake database, as the template does not support Snowflake databases created by Keboola.
• Automated Daily Flow: The template is pre-configured for daily execution, making it easy to integrate into your routine security monitoring practices.

Guide: Creating a Snowflake Account with Specific Rights

Follow these steps to create a Snowflake user account with a specific role, and grant the necessary privileges:

CREATE OR REPLACE ROLE TEST_SNFLK_TEMPLATE;  
CREATE OR REPLACE USER TEST_SNFLK_TEMPLATE     
      PASSWORD='xxxxxxxx'    
      DEFAULT_ROLE='TEST_SNFLK_TEMPLATE';
GRANT ROLE TEST_SNFLK_TEMPLATE TO USER TEST_SNFLK_TEMPLATE;
GRANT IMPORTED PRIVILEGES ON DATABASE SNOWFLAKE TO ROLE TEST_SNFLK_TEMPLATE;
GRANT USAGE ON WAREHOUSE DEV TO ROLE TEST_SNFLK_TEMPLATE;