Snowflake network policy modified
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect a network policy was created, modified, or deleted in your Snowflake environment.
Strategy
This rule allows you to detect when a network policy was altered.
Triage and response
- Inspect the logs to identify the user that ran the query.
- Investigate whether that user is an admin by refernecing the Grants to User table in Snowflake.
- If the user is not an admin or has only recently been assigned admin, investigate for signs of compromise.
- Otherwise, review internal change management to validate this was an expected change.