Snowflake integration to IDR

Hi.

We have a project which uses Snowflake products.
I can’t find any information on how to digest logs in IDR from Snowflake. Any ideas how to do that?

+1

I think you’re going to have to use something like InsightConnect and create a custom workflow and use the Python extension to pull the Snowflake logs from their API and then push them into InsightIDR using the syslog forwarder extension.

Hi OP,
Here is what Rapid 7 told me a couple of months ago…

It seems Snowflakes docs suggest writing a script against their API https://docs.snowflake.com/en/developer-guide/logging-tracing/logging

And based on the output of the script you would use one of the Raw Data → Custom Log data collection mechanisms, such as tail a file, or s3 bucket.

You could in theory run a script like this on the collector, and write the events out locally to disk and tail that file using a custom log event source, these events would then appear in log search under Raw Log