Snowflake network policy modified
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.
Goal
Detect a network policy was created, modified, or deleted in your Snowflake environment.
Strategy
This rule allows you to detect when a network policy was altered.
Triage and response
- Inspect the logs to identify the user that ran the query.
- Investigate whether that user is an admin by refernecing the Grants to User table in Snowflake.
- If the user is not an admin or has only recently been assigned admin, investigate for signs of compromise.
- Otherwise, review internal change management to validate this was an expected change.