Snowflake network policy modified

This rule is part of a beta feature. To learn more, contact Support.
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Goal

Detect a network policy was created, modified, or deleted in your Snowflake environment.

Strategy

This rule allows you to detect when a network policy was altered.

Triage and response

  1. Inspect the logs to identify the user that ran the query.
  2. Investigate whether that user is an admin by refernecing the Grants to User table in Snowflake.
  3. If the user is not an admin or has only recently been assigned admin, investigate for signs of compromise.
  4. Otherwise, review internal change management to validate this was an expected change.
PREVIEWING: esther/docs-9518-update-example-control-sensitive-log-data