Articles in this section

See more

Add the Snowflake Cloud Connector to Exabeam Cloud Connector Platform - Early Access

Avatar
Loay Khateeb
  • Updated
Follow

If you're having trouble at any stage please contact us at .

Preface

The goal of this guide is to add a new CC Snowflake Cloud App Connector to your CC Platform, for augmentation of Snowflake with Exabeam AA capabilities or for use as a data source for internal snowflake activity. 

If you're using Exabeam Snowflake Cloud Connector for Augmentation and planning to pull logs and events from multiple datasets, it's highly recommended to create a separate warehouse for this purpose so you can easily understand the costs which are attached to the integration. Usually, the smallest warehouse would be sufficient to start with (X-Small).

Note: The Snowflake Augmentation use-case is in Early Access stage. Please contact Exabeam Support for details.

Prerequisites

Authentication:
The snowflake connector uses the JDBC driver to connect to the snowflake database server. Exabeam cloud connector supports 2 (two) authentication methods for Snowflake: Basic Authentication and JWT authentication.


The following information is needed for both authentication methods:

  1. Full account name: Specifies the full name of your account (provided by Snowflake). Note that your full account name might include additional segments that identify the region and cloud platform where your account is hosted. You can figure the account name from your Snowflake URL on your browser. For example if your URL is
    https://xy12345.us-east-1.snowflakecomputing.com then your account name for configuring the connector will be xy12345.us-east-1.

  2. Username: Specifies the login name of a user created in the above snowflake account. It is highly recommended to create a unique user for Exabeam integration purposes. 
    This user needs to have read permissions to all the datasets which are required to be pulled.

For Basic Authentication

  • Password: Specifies the password for the specified user.

For JWT Authentication

  • JWT token: Please follow this guide to create a JWT token.
    Once you have the JWT token, you can use it to configure the connector.

Datasets format:
The internal Snowflake audit tables have a predefined format and will be pulled by default.

If you're using the cloud connector to augment your Snowflake with AA, and would like to pull additional datasets , these datasets must adhere to the following format:

  1. Each table/view must have only 2 columns.
  2. Each table/view must have a timestamp column. The timestamp column can be of the following datatypes - TIMESTAMP_LTZ , TIMESTAMP_NTZ , TIMESTAMP_TZ.
  3. Each table/view must have a VARIANT/VARCHAR column which includes the event in its original raw form (JSON or string).

This means that for every dataset which you wish to send to be analyzed by Exabeam Advanced Analytics, you need to create a view with the interface above.

The connector will automatically scan the snowflake account for all the datasets it has access to and creates an endpoint for every dataset that matches the required format. Any other datasets will be ignored.

 

On-boarding steps

  1. Login to your SkyFormation Platform
  2. Navigate via left navigation panel to "Settings" section
  3. Navigate via New Settings left navigation panel to "Accounts" section

  4. Click the "Add Account" bottom

  5. At the "SELECT SERVICE TO ADD" choose "Snowflake" 
  6. Based on your preferred authentication method, fill in the information in the prerequisites step above.
    mceclip0.png
        • Tenant (relevant only for the multi-tenant CC edition)
          Choose the tenant the new connector will be attached to.     
        • Account Name
          Give the custom connector a meaningful name for you.
          This will become your application connector name displayed in the CC platform and added to entire events sent to your SIEM system from this connector as an identifier. 
        • Description
          Add any text that describes the specific application and meaning for the business.
        • Full account name
          The full snowflake account name in the prerequisites steps above.
        • Username
          Username in the prerequisites steps above.
        • Password/JWT token
          password/JWT token in the prerequisites steps above.
        • Warehouse
          Choose the warehouse you would like the connector to use as the default when sending queries.

  7. Test the correctness of the settings 

        Press the "TEST CONNECTION" button

         test_connection_success.png 

        If you see a green OK sign appears as above you have completed the onboarding successfully.

  8. Click the "SAVE" button.

  9. Start the new connector

    When a new cloud connector is added its default state is STOPPED.
    To start it press its START button.  

  10. After a few seconds, click on the "STATUS" button. You will see a list of all the datasets which the connector discovered. You can decide which of these datasets to activate (the connector will periodically pull the data from), and which ones will be disabled.
NOTE: As snowflake charges for every query, there is a cost/performance tradeoff 
between how real time the solution would be vs. how much it would cost.
By default, Exabeam Cloud Connector for Snowflake would issue a query once every 5 minutes. 
If you would like to change the sync frequency for a specific dataset/endpoint, please 
follow this guide. 
For more information about Snowflake pricing please see here.

 

DONE ! 

Related articles

Comments

0 comments

Please sign in to leave a comment.