Snowflake network policy modified

This rule is part of a beta feature. To learn more, contact Support.
This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Goal

Detect a network policy was created, modified, or deleted in your Snowflake environment.

Strategy

This rule allows you to detect when a network policy was altered.

Triage and response

  1. Inspect the logs to identify the user that ran the query.
  2. Investigate whether that user is an admin by refernecing the Grants to User table in Snowflake.
  3. If the user is not an admin or has only recently been assigned admin, investigate for signs of compromise.
  4. Otherwise, review internal change management to validate this was an expected change.
PREVIEWING: esther/docs-9518-update-example-control-sensitive-log-data