Snowflake

Overview

This document outlines the process for configuring the Snowflake to receive findings from AlphaSOC. The integration enables you to store and analyze AlphaSOC's findings within your Snowflake deployment.

To receive findings, set up the following Snowflake resources:

Warehouse that handles data insertion operations.
Database that hosts the table.
Table that will store the findings.
User account through which AlphaSOC performs operations.
RSA key pair that will allow for inserting data into the table.
Role that provides the necessary permissions to put data into the table.

Creating the Table

Create a table for storing AlphaSOC findings by running the following query:

CREATE TABLE {{DATABASE_NAME}}.{{SCHEMA}}.{{TABLE_NAME}} (

    DATA VARIANT NOT NULL

);

Enabling RSA Key Pair Authentication

The user account needs an assigned RSA public key for data insertion. To add the public key to a Snowflake user, run the following query:

ALTER USER example_user SET RSA_PUBLIC_KEY='{{RSA_PUBLIC_KEY}}';

For more information about RSA key pair authentication, refer to the Snowflake's official documentation.

Retrieving Snowflake Account Identifier

To retrieve your Snowflake account identifier, run the following query:

SELECT CURRENT_ACCOUNT();

Integration Requirements

To enable integration, please provide the following configuration details to AlphaSOC:

Warehouse name.
Database name.
Table name.
Schema name.
Snowflake account identifier.
Snowflake username configured for AlphaSOC access.
Private key.
Public key.
Role.

Overview​

Creating the Table​

Enabling RSA Key Pair Authentication​

Retrieving Snowflake Account Identifier​

Integration Requirements​

Overview

Creating the Table

Enabling RSA Key Pair Authentication

Retrieving Snowflake Account Identifier

Integration Requirements