Snowflake
Last updated
Was this helpful?
Last updated
Was this helpful?
Panther uses to store and search log data.
Integrating Panther with Snowflake enables Panther data to be used in your Business Intelligence tools to make dashboards tailored to you operations. You can also join Panther data (e.g., Panther alerts) to your business data, enabling assessment of your security posture with respect to your organization. For example, you can tally alerts by organizational division (e.g., Human Resources) or by infrastructure (e.g., development, test, or production).
Snowflake instances can be or . Learn how Panther configures managed Snowflake instances (or take away recommendations for how to configure an instance you configure) on . Note that .
Panther uses to copy the data into your Snowflake cluster.
Panther uses a panther_readonly Snowflake user to query data in Snowflake. By default, this user's role panther_readonly_role is only endowed with a minimal set of grants to enable it to access the data in the panther databases. However, if you wish to add your own preexisting datasets to your queries (such as HR data, in-house or vendor-provided allowlists/denylists) you can make that data accessible to the role with statements like the following:
Note that the newly granted database, schema and table will not populate in the Panther sidebar, but you will be able to access it using regular SQL.
Recreating the affected pipe
Recreating the underlying stage
Refreshing the pipe
Panther performs health checks in Snowflake for and . By default, Panther executes these checks every 3 hours (or 180 minutes).
Using the Snowflake , Panther monitors files added to Panther-owned database tables for loading errors. While errors are rare, they are immediately escalated to Panther staff when found. In this case, Panther staff work to fix the issue and manually re-stage the data so it can successfully load to your Snowflake account.
Panther manages all and used in the process of loading data from S3 buckets into Snowflake tables. If the reveals that a Snowpipe has an executionState other than RUNNING, Panther automatically attempts to fix the pipe by performing one or more of the following actions:
In most cases, when a pipe is fixed using the steps above, manually reloading the data is not required. (Panther verifies this by checking the available for Snowflake tables.) Just like with copy failures, all stage and pipe failures are reported to Panther staff, who monitor if a fix is required.