11 months ago

New Snowflake Compliance Plugin and Audit files Summary...

New Snowflake Compliance Plugin and Audit files

Summary

Customers can now measure compliance against the Snowflake Platform with new plugin ID Snowflake Compliance Checks (206112) on Tenable Vulnerability Management and Nessus. This plugin is published as a part of the Audit Cloud Infrastructure compliance template and will use a new credential type of Snowflake API. The plugin will retrieve all target data using the Snowflake SQL API and will evaluate actual values against a given audit policy.

Two audits implementing the CIS benchmark will be released along with the plugin:

These audits contain a total of 39 checks across 2 profiles with 20 checks being fully automated. Some examples include:

Additional Notes

For those that are interested in creating custom audit content for their environment, the audit supports the following structure.

<check_type: "Snowflake">

<custom_item>

type : SQL_POLICY

description : "Ensure yearly rekeying is enabled for a Snowflake account"

sql_request : "SHOW PARAMETERS LIKE 'PERIODIC_DATA_REKEYING' IN ACCOUNT;"

sql_types : REGEX, REGEX, REGEX_OR_NULL, REGEX_OR_NULL, REGEX_OR_NULL, REGEX_OR_NULL

sql_expect : "PERIODIC_DATA_REKEYING", "true", ".*", ".*", ".*", ".*"

</custom_item>

</check_type>

The 'sql_request' tag contains SQL statements executed through the Snowflake REST API endpoint. The 'sql_expect' tag will evaluate the data for a passing or failing result.

Target Release Date

Immediate

CIS

Target

Tenable Research Release Highlights

Forum Discussion

New Snowflake Compliance Plugin and Audit files Summary...

Recent Discussions

Fudo Security API v2 Compatibility

Improved Printer Fingerprinting

Include/Exclude Path and Tenable Utils Unzip added to Log4j Detection

Nutanix Prism v4 API Compatibility

Excluding the SUSE Linux Snapshots directory from Language Library enumeration

Americas

Europe

Asia / Australia