Knowledge BaseCommunityRelease NotesTry Panther
Search…
⌃K
Links

Snowflake Integration

Overview

Panther is configured to write processed log data to an AWS-based Snowflake database cluster.
Integrating Panther with Snowflake enables Panther data to be used with your Business Intelligence tools to make dashboards tailored to your operations. In addition, you can join Panther alerts to your business data, allowing you to assess your security posture.
Panther uses Snowpipe to copy the data into your Snowflake cluster.

Snowflake integration options

  • Panther-managed
    • For SaaS customers, a Snowflake instance is automatically provisioned, set up, and maintained by Panther.
  • Customer-configured
    • If you are an existing Snowflake customer, Panther can be configured to use one of your own Snowflake accounts.
  • Legacy customer-configured
    • In this configuration, Panther has no access and requires a Database Administrator to run commands on our behalf. This option is no longer offered to new customers.

Snowflake Configuration Overview

Panther-managed Snowflake

For Panther SaaS customers, a Snowflake instance is automatically provisioned and we take care of setup and maintenance for you. You're all set!
For SaaS customers who wish to share data between the Panther SaaS Snowflake account and their own internal Snowflake account, please contact your Panther support team.
For SaaS customers who wish to access their SaaS configuration to use the data in BI reporting, but do not have their own corporate Snowflake account, our support team can provision special access roles for your use.

Customer-configured Snowflake

If you are an existing Snowflake customer, Panther can be configured to use one of your own Snowflake accounts. This is formerly known as Bring Your Own Snowflake (BYOSF).
  1. 1.
    Create a new dedicated Snowflake account for Panther using the example template below.
    • To minimize latency, your Panther deployment and Snowflake instance should reside in the same AWS region.
      USE ROLE ORGADMIN;
      CREATE ACCOUNT <YOUR_PANTHER_ACCOUNT_NAME> # the account_name is up to your discretion but we recommend your Panther account name
      ADMIN_NAME = <YOUR_ADMIN_NAME>
      ADMIN_PASSWORD = '<YOUR ADMIN PASSWORD>' # we recommend at least 32 characters
      EMAIL = '<your sfnowflake DBA email>'
      MUST_CHANGE_PASSWORD = FALSE
      EDITION = ENTERPRISE # BUSINESS_CRITICAL edition required for certain features
      REGION = <your region, i.e. aws_us_west_2>
      COMMENT = 'Panther Snowflake BYOSF Production Environment';
  2. 2.
    In the new account, create a Panther Account Administrator user and grant it administrative privileges using the following commands:
    USE ROLE SECURITYADMIN;
    CREATE USER IF NOT EXISTS pantheraccountadmin password='<panther_credential>';
    GRANT ROLE SYSADMIN
    TO USER pantheraccountadmin;
    GRANT ROLE SECURITYADMIN
    TO USER pantheraccountadmin;
    GRANT ROLE ACCOUNTADMIN
    TO USER pantheraccountadmin;
    ALTER USER pantheraccountadmin SET DEFAULT_ROLE = SYSADMIN;
The Panther support team will provide you with a unique one-time credential over a secure channel to use for this account. Panther will regularly rotate this credential in the future, so you are advised to maintain a separate administrative user for your own administrative needs.
And you're done! Panther will automatically configure and maintain the account for you using our automated tooling. We will manage integrations, databases, warehouses, and users and roles in the new account.

Using the Snowflake UI or SnowSQL with your Panther Snowflake Account

If you would like to access your Panther-managed Snowflake account outside of the Panther Console, such as through the Snowflake UI or SnowSQL, please contact your Panther representative and request a BI user for read-only access to your Snowflake account.
Alternatively, if you would like to create and maintain several users with read-only access to the Panther data lake tables, you can use the PANTHERACCOUNTADMIN user or another SECURITYADMIN enabled user on your Snowflake account to run the following commands:
USE ROLE SECURITYADMIN;
# If needed, create a new user
CREATE USER IF NOT EXISTS my_readonly_user
PASSWORD = '<INITIAL PASSWORD>'
MUST_CHANGE_PASSWORD = TRUE;
# Grant the PANTHER_READONLY_ROLE to the newly created user
GRANT ROLE PANTHER_READONLY_ROLE TO USER my_readonly_user;

Disabling and Reenabling the Panther Account Admin User (Optional)

Panther maintains the PANTHERACCOUNTADMIN user credentials in a secure location, and will rotate them at a regular cadence in addition to using the credentials to rotate RSA keys used for read-only and database management access.
You can choose to disable this user from within the account, however, we do not recommend doing this as it will prevent Panther from performing credential rotation:
USE ROLE SECURITYADMIN;
ALTER USER PANTHERACCOUNTADMIN SET DISABLED = TRUE
If a Panther upgrade requires privileged access, the user can then be temporarily re-enabled:
USE ROLE SECURITYADMIN;
ALTER USER PANTHERACCOUNTADMIN SET DISABLED = FALSE

Legacy Customer-configured Snowflake Integration

For information on the legacy customer-configured Snowflake integration, see Legacy Customer-configured Snowflake.
Previous
System Health Notifications
Next
Legacy Customer-configured Snowflake Integration
Last modified 2mo ago