Snowflake¶
Cyderes supports the ingestion of login, query, and task history telemetry from Snowflake databases.
Chronicle Data Types¶
- SNOWFLAKE
Snowflake's Password Deprecation¶
Between late 2025 and 2026, Snowflake will be deprecating passwords for service accounts. Going forward Cyderes will only be accepting Programmatic Access Tokens (PATs) and/or Private Keys to authenticate with your Snowflake instance(s).
Please follow Snowflake's documentation on how to configure key-pair authentication.
To generate a PAT follow this Snowflake document.
For the timeline of the deprecation of passwords please see Snowflake's deprecation timeline.
a note on mandatory MFA
Please note, that for API service accounts MFA is not required. Anywhere it is mentioned in Snowflake's documentation can be disregarded for the Cyderes service account you will be creating.
Reader Account Usage Schema¶
By default, Cyderes will ingest from the customer's selected sources using the ACCOUNT_USAGE schema. However, and upon customer request, Cyderes also has the ability to ingest login and query history using the READER_ACCOUNT_USAGE schema.
Caveats / Known Limitations¶
The data sources have the following latencies:
| Source | Latency |
|---|---|
| Login History | 2 Hours |
| Query History | 45 Minutes |
| Task History | 45 Minutes |
You can find more information about this in Snowflake's documentation.
Requirements¶
The provided account should have access to the SNOWFLAKE database and the ACCOUNT_USAGE views. By default, that table is only available to the role: ACCOUNTADMIN. You can grant those privileges to other roles for Cyderes to utilize by following Snowflake's documentation.
If login and query history using the READER_ACCOUNT_USAGE schema is desired, the provided account should also have access to the READER_USAGE_VIEWER role.
A comparison of the data returned by the ACCOUNT_USAGE and READER_ACCOUNT_USAGE schemas can be found in Snowflake's documentation
Gather Information¶
Please include the credential's expiration date if available
Please send the following to Cyderes when setup is completed:
- Account ID
- User ID
- Programmatic Access Token or Private Key
- Private Key Passphrase (only if a private key is provided)
- Region