# Snowflake ### Introduction Snowflake is a fully managed, cloud-native data warehouse built to process structured and semi-structured data at massive scale. Its architecture separates storage from compute, enabling organisations to independently scale ingestion, analytics, machine learning, and reporting workloads without impacting performance. Monitoring Snowflake with Cybrhawk extends security visibility beyond traditional infrastructure into cloud-hosted data platforms. By integrating Snowflake audit and usage telemetry into the Cybrhawk SIEM, security teams can detect suspicious behaviour such as anomalous login patterns, repeated authentication failures, privilege escalation, unusual query activity, and sensitive data access. This document outlines how to configure Snowflake to export relevant logs and provide them to Cybrhawk for continuous monitoring and analysis. ### Step 1 – Configure Snowflake Account Access Follow the steps below to obtain the connection parameters required for Cybrhawk SIEM integration. #### 1. Create or Access Your Snowflake Account * Navigate to the Snowflake sign-up page. * Create a new account and select your preferred cloud provider (AWS, Azure, or GCP). * If an account already exists, select Sign in and log in. *** #### 2. Retrieve Account Connection Details 1. Click your profile avatar (top right corner). 2. Navigate to:\ Account → View account details 3. Open the Config File tab. *** #### 3. Select Connection Parameters Within the Config File tab, select: * Warehouse: TARGET\_WAREHOUSE * Database: SNOWFLAKE * Connection Method: Password Record the configuration details displayed. These parameters are required for Cybrhawk to establish secure log collection from your Snowflake environment. ### Step 2 – Provide Configuration Details to Cybrhawk Once the Snowflake connection parameters have been retrieved, provide the configuration details recorded at Step 1 to Cybrhawk to enable SIEM integration: * USER * PASSWORD * ACCOUNT * WAREHOUSE * DATABASE * SCHEMA --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://cybrhawksoc.gitbook.io/cybrhawk-docs/siem-integrations/software-as-a-service/snowflake.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.