Snowflake new client application sessions
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect anomalous client applications interacting in your Snowflake environment.
Strategy
This rule allows you to detect when an anomalous client application establishes a session in Snowflake. Client applications are set up to allow for automation and integrations. An attacker may have set up a session from an outside tool in order to access and exfiltrate data.
Triage and response
- Inspect the logs to identify the client application, operating system, and timestamp.
- Investigate whether that client application is expected in your environment.
- If there are signs of compromise, disable the client application associated with the session and rotate credentials.